jm + samsung   5

Smart TV hack embeds attack code into broadcast signal—no access required | Ars Technica
Awesome.
The proof-of-concept exploit uses a low-cost transmitter to embed malicious commands into a rogue [DVB-T] signal. That signal is then broadcast to nearby devices. It worked against two fully updated TV models made by Samsung. By exploiting two known security flaws in the Web browsers running in the background, the attack was able to gain highly privileged root access to the TVs. By revising the attack to target similar browser bugs found in other sets, the technique would likely work on a much wider range of TVs.
dvb-t  tv  security  exploits  samsung  smart-tvs  broadcast 
20 days ago by jm
Using Samsung's Internet-Enabled Refrigerator for Man-in-the-Middle Attacks
Whilst the fridge implements SSL, it FAILS to validate SSL certificates, thereby enabling man-in-the-middle attacks against most connections. This includes those made to Google's servers to download Gmail calendar information for the on-screen display. So, MITM the victim's fridge from next door, or on the road outside and you can potentially steal their Google credentials.


The Internet of Insecure Things strikes again.
iot  security  fridges  samsung  fail  mitm  ssl  tls  google  papers  defcon 
september 2015 by jm
Samsung's smart TVs are inserting unwanted ads into users' own movies
Amazingly shitty. Never buying a Samsung TV if this is what they think is acceptable
advertising  tv  samsung  smart-tvs  iot  horrible  ads 
february 2015 by jm
spoofing the samsung smart tv internet check
If this kind of bullshit -- a HTTP GET of an XML file from www.samsung.com -- is how the Samsung Smart TV firmware decides if the internet is working or not, I dread to think how crappy the rest of the code is. (At least in Netnote we performed a bunch of bigco-domain DNS lookups before giving up...)
smart-tv  samsung  fail  xml  http  internet  embedded-software  firmware  crap-code 
april 2014 by jm

Copy this bookmark:



description:


tags: