JNN 16 Dec 2012 Tokyo : Viewers, beware: while you’re watching TV, your TV might be watching you back. A security firm discovered that Samsung’s Smart TV can give hackers access to the device’s built-in camera and microphones, allowing them to watch everything you do.
The Malta-based firm ReVuln posted a video showing its team of researchers hacking into one of the Samsung TVs and accessing its settings, channel lists, widgets, USB drives, and remote control configurations. The security flaw allows hackers to access any and all personal data stored on the TV.
“We can install malicious software to gain complete root access to the TV,” the video writes.
With this access, hackers can use the Smart TVs built-in camera and microphones to see and hear everything in front of it. Instead of just watching TV, viewers could themselves be watched without knowing it.
But this flaw isn’t present in just one specific model. The vulnerability affects all 11 Samsung televisions of the latest generation. The Smart TVs have many of the same features as a computer, but lack the same kind of protection. The devices do not have security features such as firewalls and antivirus software.
Fortunately for concerned viewers, the problem has a silver lining: hackers must first breach the network that the television is connected to, as well as know the IP address of the device. As a result, security breaches would likely only occur as a targeted attack against an individual, rather than randomly. Unlike an Internet virus, a hacker would have to exploit the network manually.
Luigi Auriemma, co-founder of ReVuln, told NBC News that the main concern with this possibility is that hackers could target specific companies or individuals whose businesses they have an interest in.
“In our opinion, it’s more interesting and realistic to think about attacks [against] specific targets reached via open/weak/hacked Wi-Fi or compromised computers of a network, instead of mass-exploiting via the Internet,”Auriemma wrote in a statement for NBC. “That’s interesting due to the effects of the vulnerability (retrieving information and the possibility of monitoring) which are perfect for targeted attacks, from a specific person with a TV at home to a company with TVs in its offices.”
A hacker must be connected to the local network in order to access the Smart TV – so keeping wifi passwords secure is very important. Those with stalkers or valuable data on their device may want to be particularly cautious.
“Consider that little kid next door that’s good with computers,” said Travis Carelock, content director and research technologist at Black Hat.
“We’re moving into a whole different world,” said Trey Ford, general manager of the group. “Growing up, you and I didn’t have a wirelessly connected camera pointing at the couch.”
Viewers who have any of the plasma 8000 series, the 7500 LED LCD series, the 8000 LED LCD series or the 9000 LED LCD series might want to make sure to keep personal data off their TVs and be careful about what they say or do in the device’s presence.
Even though chances might be slim that the average viewer will have his or her Smart TV hacked into, the capability of technology to watch its viewers is a chilling glimpse into a more high-tech future.
“That’s what will make this a whole lot more fun in the future,” Ford said.
Samsung said it is launching an investigation to look into the security flaw.