Samsung TVs, Blu-ray vulnerable to eternal boot loop

Powered by SC Magazine
 

Not your typical remote control.

Samsung televisions and Blu-Ray players can be spun into continuous restart loops by deviants taking advantage of a remote control feature.

The devices could be made to restart every five seconds by setting fields such as MAC addresses to long strings.

This would trigger the crashing loop, which occurred too rapidly for hapless victims to intervene using their remote controllers.

This is not a simple temporary denial of service,” security researcher Luigi Auriemma wrote on a public disclosure. “The TV is just impossible to be used and reset.”

It was unclear if the attack, tested over a local network, was possible via the internet but Auriemma notes that more than 40 TCP ports were opened on the Samsung D6000 TV.

He told SC Magazine that realistic scenario would consist of an attacker accessing poorly protected WiFi networks where "from that moment you can reach the TV directly".

Users wishing to return to normal viewing would need to manually intervene with the failing units and activate a service function, a feat possible within the five second boot loop.

Attackers would need only hope that victims would accept a prompt to allow a newly detected remote device.

The vulnerable remote controller feature worked by default on enabled Samsung entertainment devices.

It allowed the units to be controlled by iPads and Android devices using the Samsung Remote application available on iTunes and Google's Play stores.

Auriemma tested the attack on a fully patched Samsung D6000 TV but he said other units supported by the Samsung app may be vulnerable.

He suspected a buffer-overflow vulnerability was present in the devices but he was not prepared to debug the devices and risk “killing [his] poor TV”.

The proof of concept code for the attack was available on his website.

It was not the first attack on internet-enabled TVs. Researchers from security firm Mocana published a report (pdf) claiming it was possible to push fake credit card forms to TVs, redirect internet traffic to phish users and steal manufacturer keys, and tap backend services.

Earlier this month, a simple denial of service attack was found in a Sony Bravia TV. Gabriel Menezes Nune, a security expert with the Brazilian Navy, attacked her own TV -- a Latin American model -- using the Hping tool. That crashed the unit, preventing access to all functions until it turned off.

Copyright © SC Magazine, Australia


Samsung TVs, Blu-ray vulnerable to eternal boot loop
 
 
 
Top Stories
Meet FABACUS, Westpac's first computer
GE225 operators celebrate gold anniversary.
 
NSW Govt gets ready to throw out the floppy disks
[Opinion] Dominic Perrottet says its time for government to catch up.
 
iiNet facing new copyright battle with Hollywood
Fighting to protect customer details.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  26%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  21%
 
End user computing (desktops, mobiles, apps)
  15%
 
Software development
  26%
TOTAL VOTES: 337

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  57%
 
No
  43%
TOTAL VOTES: 141

Vote