Posted by Virus Bulletin on Dec 15, 2014
Jeongwook Oh demonstrates how to hack a Samsung smart TV.
Over the next few months, we will be sharing VB2014 conference papers as well as video recordings of the presentations. Today, we have added 'Smart home appliance security and malware', by HP researcher Jeongwook Oh.
The (in)security of the Internet of Things (IoT) is a major concern among security professionals, and one is right to wonder whether it is a good idea for refrigerators, thermostats and light bulbs to be connected to the Internet.
But with TVs things are different. Services such as YouTube, Netflix and BBC iPlayer have blurred the distinction between TVs and computers, and it seems natural for many modern TVs (called smart TVs) to be connected to a LAN and thus to the Internet. However, as HP researcher Jeongwook Oh showed in his VB2014 paper, the security of these devices is not as strong as it should be.
In particular, Jeongwook looked at the security of the 55UF6350, a TV from Samsung's F-Series range that he had recently purchased. As is the case for many IoT devices, the TV runs a Linux operating system and Jeongwook had little trouble obtaining root on the TV, installing backdoors and uploading binaries, all of which could be used for further attacks.
In order to illustrate just how easy this was, he performed a live demonstration at the conference, bringing his own TV on stage.
You can read the paper here in HTML-format, or download it here as a PDF (no registration or subscription required). You can download the presentation slides here. We have also uploaded the presentation to our YouTube channel.