Today’s high-end televisions are almost all equipped with “smart” PC-like features, including Internet connectivity, apps, microphones and cameras. But a recently discovered security hole in some Samsung Smart TVs shows that many of those bells and whistles aren’t ready for prime time.
The flaws in Samsung Smart TVs, which have now been patched, enabled hackers to remotely turn on the TVs’ built-in cameras without leaving any trace of it on the screen. While you’re watching TV, a hacker anywhere around the world could have been watching you. Hackers also could have easily rerouted an unsuspecting user to a malicious website to steal bank account information.
Samsung quickly fixed the problem after security researchers at iSEC Partners informed the company about the bugs. Samsung sent a software update to all affected TVs.
But the glitches speak to a larger problem of gadgets that connect to the Internet but have virtually no security to speak of.
Security cameras, lights, heating control systems and even door locks and windows are now increasingly coming with features that allow users to control them remotely. Without proper security controls, there’s little to stop hackers from invading users’ privacy, stealing personal information or spying on people.
In the case of Samsung Smart TVs, iSEC researchers found that they could tap into the TV’s Web browser with ease, according to iSEC security analyst Josh Yavor. That gave hackers access to all the functions controlled by the browser, including the TV’s built-in camera.
“If there’s a vulnerability in any application, there’s a vulnerability in the entire TV,” said Aaron Grattafiori, also an analyst at iSEC.
The Tap Blog is a collective of like-minded researchers and writers who’ve joined forces to distribute information and voice opinions avoided by the world’s media.