Samsung televisions and Blu-Ray players can be spun into continuous restart loops by deviants taking advantage of a remote control feature.
The devices could be made to restart every five seconds by setting fields such as MAC addresses to long strings.
This would trigger the crashing loop, which occurred too rapidly for hapless victims to intervene using their remote controllers.
“This is not a simple temporary denial of service,” security researcher Luigi Auriemma wrote on a public disclosure. “The TV is just impossible to be used and reset.”
It was unclear if the attack, tested over a local network, was possible via the internet but Auriemma notes that more than 40 TCP ports were opened on the Samsung D6000 TV.
He told SC Magazine that realistic scenario would consist of an attacker accessing poorly protected WiFi networks where "from that moment you can reach the TV directly".
Users wishing to return to normal viewing would need to manually intervene with the failing units and activate a service function, a feat possible within the five second boot loop.
Attackers would need only hope that victims would accept a prompt to allow a newly detected remote device.
The vulnerable remote controller feature worked by default on enabled Samsung entertainment devices.
Auriemma tested the attack on a fully patched Samsung D6000 TV but he said other units supported by the Samsung app may be vulnerable.
He suspected a buffer-overflow vulnerability was present in the devices but he was not prepared to debug the devices and risk “killing [his] poor TV”.
It was not the first attack on internet-enabled TVs. Researchers from security firm Mocana published a report (pdf) claiming it was possible to push fake credit card forms to TVs, redirect internet traffic to phish users and steal manufacturer keys, and tap backend services.
Earlier this month, a simple denial of service attack was found in a Sony Bravia TV. Gabriel Menezes Nune, a security expert with the Brazilian Navy, attacked her own TV -- a Latin American model -- using the Hping tool. That crashed the unit, preventing access to all functions until it turned off.