Samsung TVs, Blu-ray vulnerable to eternal boot loop

Powered by SC Magazine
 

Not your typical remote control.

Samsung televisions and Blu-Ray players can be spun into continuous restart loops by deviants taking advantage of a remote control feature.

The devices could be made to restart every five seconds by setting fields such as MAC addresses to long strings.

This would trigger the crashing loop, which occurred too rapidly for hapless victims to intervene using their remote controllers.

This is not a simple temporary denial of service,” security researcher Luigi Auriemma wrote on a public disclosure. “The TV is just impossible to be used and reset.”

It was unclear if the attack, tested over a local network, was possible via the internet but Auriemma notes that more than 40 TCP ports were opened on the Samsung D6000 TV.

He told SC Magazine that realistic scenario would consist of an attacker accessing poorly protected WiFi networks where "from that moment you can reach the TV directly".

Users wishing to return to normal viewing would need to manually intervene with the failing units and activate a service function, a feat possible within the five second boot loop.

Attackers would need only hope that victims would accept a prompt to allow a newly detected remote device.

The vulnerable remote controller feature worked by default on enabled Samsung entertainment devices.

It allowed the units to be controlled by iPads and Android devices using the Samsung Remote application available on iTunes and Google's Play stores.

Auriemma tested the attack on a fully patched Samsung D6000 TV but he said other units supported by the Samsung app may be vulnerable.

He suspected a buffer-overflow vulnerability was present in the devices but he was not prepared to debug the devices and risk “killing [his] poor TV”.

The proof of concept code for the attack was available on his website.

It was not the first attack on internet-enabled TVs. Researchers from security firm Mocana published a report (pdf) claiming it was possible to push fake credit card forms to TVs, redirect internet traffic to phish users and steal manufacturer keys, and tap backend services.

Earlier this month, a simple denial of service attack was found in a Sony Bravia TV. Gabriel Menezes Nune, a security expert with the Brazilian Navy, attacked her own TV -- a Latin American model -- using the Hping tool. That crashed the unit, preventing access to all functions until it turned off.

Copyright © SC Magazine, Australia


Samsung TVs, Blu-ray vulnerable to eternal boot loop
 
 
 
Top Stories
Beyond ACORN: Cracking the infosec skills nut
[Blog post] Could the Government's cybercrime focus be a catalyst for change?
 
The iTnews Benchmark Awards
Meet the best of the best.
 
Telstra hands over copper, HFC in new $11bn NBN deal
Value of 2011 deal remains intact.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  7%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  6%
TOTAL VOTES: 1791

Vote
Do you support the abolition of the Office of the Information Commissioner?