The Outer Limits: Hacking the Samsung Smart TV

Presented at Black Hat USA 2013, Aug. 1, 2013, 11:45 a.m. (60 minutes)

There is nothing wrong with your television set. Do not attempt to adjust the picture. We are controlling the transmission.

"Smart" TVs are becoming more and more common. Samsung and other vendors such as Sony and LG have sold more than a hundred million Smart TVs in the last few years. During this talk, Aaron Grattafiori and Josh Yavor will discuss the Samsung SmartTV design, attack surfaces and overall insecurity of the platform. A short discussion of the current application stack, TV operating system and other details will be provided to help set the stage for details of significant flaws found within the Samsung SmartTV application architecture, APIs and current applications.

A number of vulnerabilities will be explored and demonstrated which allow malicious developers or remotely hijacked applications (such as the web browser or social media applications) to take complete control of the TV, steal accounts stored within it and install a userland rootkit. Exploitation of these vulnerabilities also provides the ability for an attacker to use the front-facing video camera or built-in microphone for spying and surveillance as well as facilitate access to local network for continued exploitation. This talk will also discuss methods to bypass what (meager) security protections exist and put forth several worst case scenarios (TV worm anyone?).

Concluding this talk, Aaron and Josh will discuss what has been fixed by Samsung and discuss what overall weaknesses should be avoided by future "Smart" platforms. Video demos of exploits and userland rootkits will be provided.

Presenters:

• Josh Yavor - iSEC Partners
  Josh Yavor is a Security Engineer at iSEC Partners, an information security firm specializing in application, network, and mobile security. At iSEC, Josh specializes in web application security and network penetration testing. Josh holds a MS in Computer, Information and Network Security from DePaul University. At DePaul, he focused on network security while also developing an interest in incident response and SCADA/ICS systems. Prior to working at iSEC, Josh operated an independent IT consulting and manged services business for eight years. In this capacity, he assisted small businesses, non-profits and educational organizations with a wide array of IT needs with a special focus on security related projects.
• Aaron Grattafiori / dyn - iSEC Partners   as Aaron Grattafiori
  Aaron Grattafiori is a Senior Security Engineer and Research Lead with iSEC Partners, an information security firm specializing in application, network, and mobile security. At iSEC, Aaron is a jack-of-all-security, leading key projects from complex system analysis, mobile and web application security to network, protocol and other hybrid penetration testing. With over eight years of security experience, Aaron utilizes a wide array of technology skills, historical research and security knowledge to consistently discover critical vulnerabilities. Prior to working at iSEC Partners, Aaron was a Security Consultant at Security Innovation. Aaron discussed major vulnerabilities in Apple's Enterprise Server Security and network protocols at SecureWorld, SOURCE:Seattle and ToorCon Seattle in 2011. Aaron's areas of interest include vulnerability research and analysis, protocols, privacy, fuzzing systems, emerging technologies and reverse engineering.

Links:

• https://www.blackhat.com/us-13/archives.html#Grattafiori
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2013/video/Black Hat 2013 - The Outer Limits - Hacking The Samsung Smart TV.mp4
• https://www.youtube.com/watch?v=ZzGeD1LHoWc

Similar Presentations:

• DeepSec 2015 „DeepSec No. 9“ / Not so Smart: On Smart TV Apps
• Black Hat USA 2013 / Hacking, Surveilling, and Deceiving victims on Smart TV
• ToorCon San Diego 15 (2013) / The Outer Limits: Hacking a Smart TV