The Outer Limits: Hacking a Smart TV

Presented at ToorCon San Diego 15 (2013), Oct. 19, 2013, 3 p.m. (50 minutes).

There is nothing wrong with your television set. Do not attempt to adjust the picture. We are controlling the transmission.

"Smart" TVs are becoming more and more common. Samsung and other vendors such as Sony and LG have sold more than a hundred million Smart TVs in the last few years. During this talk, Aaron Grattafiori will discuss the Samsung SmartTV design, attack surfaces and overall insecurity of the platform. A short discussion of the current application stack, TV operating system and other details will be provided to help set the stage for details of significant flaws found within the Samsung SmartTV application architecture, APIs and current applications.

A number of vulnerabilities will be explored and demonstrated which allow malicious developers or remotely hijacked applications (such as the web browser or social media applications) to take complete control of the TV, steal accounts stored within it and install a userland rootkit. Exploitation of these vulnerabilities also provides the ability for an attacker to use the front-facing video camera or built-in microphone for spying and surveillance as well as facilitate access to local network for continued exploitation. This talk will also discuss methods to bypass what weak application security protections exist and put forth several worst case scenarios.

Concluding this talk, Aaron will discuss what has been fixed by Samsung and discuss what overall weaknesses should be avoided by future "Smart" platforms. Video demos of exploits and userland rootkits will be provided during the talk.


Presenters:

  • Aaron Grattafiori / dyn as Aaron Grattafiori
    Aaron Grattafiori is a Principal Security Engineer and Research Lead with iSEC Partners. A jack-of-all-security, Aaron leads projects dealing with complex system analysis, mobile and web application security to network, protocol and other hybrid penetration testing, red teams and other hacking shenanigans. With over eight years of security experience, Aaron utilizes a wide array of technology skills, historical research and security knowledge to consistently discover critical vulnerabilities. Aaron has spoke at security conferences such as Blackhat 2013, DefCon Kids, Toorcon:Seattle, Source and SecureWorld in addition to being a guest speaker at Stanford University.

Links:

Similar Presentations: