Whoa There Partner...There's More to Consider

by ajtrek - 12/21/12 11:21 AM

In Reply to: Seems we do. In the news, Samsung. by R. Proffitt Moderator

Thanks for posting. I read the article and it appears the hack occured by accessing the TV over WiFi....here's the excert:

"To exploit Auriemma's vulnerabilities requires only that the devices are connected to a wi-fi network. As background, Auriemma explains that when the device receives a controller packet it displays message informing users that a new 'remote' has been detected, and prompts the user to 'allow' or 'deny' access. Included with this remote packet is a string field used for the name of device. Auriemma found that if he altered the name string to contain line feed and other invalid characters, the device would enter an endless loop."

The above excert tells me that in order to access the TV via WiFi one of three (3) things must occur:

1. The WiFi network is unprotected (very bad and the end-user should know better) sad
2. The attacker knows the SSID password
3. The attacker is using specific scanning gear to detect the network and generate random passwords to enter

The key here is that attacker must get on the network and hope (or know) that a smart TV is on it! After that the end- user must accept the malious Packet String to allow the attacker to infect the set. The article continues with...

"...users can avoid the situation altogether by hitting 'exit' when prompted to 'allow' or 'deny' the new remote device."

My point here is that although this incident may have occured it's not as simple as jusy saying..."my Smart TV got infected". Specific actions had to be intiated by the attacker and the end-user had to comply with a specific request. The action by the end-user goes back to Computing 101...you don't open emails and/or their attachments that are from someone you don't know or click on mysterious links....and in this case...you don't allow access to your Smart TV by consenting to access by or installation of a remote that's not in your hand!

So, let's not push the panic button just yet. As most in the forum will probably agree that the incident described was a direct result of "code being sent" which had to be accepted by the end-user versus a virus that typically infects an OS as a result of a "passive" action by the end-user (i.e. clicking on a link or opening and infected document).

To be clear 99.9% of TV apps (which when opened could also be viewed as a passive action) are most likely clean as they come directly from a legitinate source and are installed via upgrades to the firmware via USB download or OTA install from the set manufacturers support website.