Jeongwook Oh demonstrates how to hack a Samsung smart TV.
Over the next few months, we will be sharing VB2014 conference papers as well as video recordings of the presentations. Today, we have added ‘Smart home appliance security and malware’, by HP researcher Jeongwook Oh.
The (in)security of the Internet of Things (IoT) is a major concern among security professionals, and one is right to wonder whether it is a good idea for
refrigerators
, thermostats and light bulbs to be connected to the Internet.
But with TVs things are different. Services such as
YouTube
,
Netflix
and
BBC iPlayer
have blurred the distinction between TVs and computers, and it seems natural for many modern TVs (called smart TVs) to be connected to a LAN and thus to the Internet. However, as
HP
researcher Jeongwook Oh showed in his VB2014 paper, the security of these devices is not as strong as it should be.
In particular, Jeongwook looked at the security of the
55UF6350
, a TV from
Samsung
‘s
F-Series
range that he had recently purchased. As is the case for many IoT devices, the TV runs a
Linux
operating system and Jeongwook had little trouble obtaining root on the TV, installing backdoors and uploading binaries, all of which could be used for further attacks.
In order to illustrate just how easy this was, he performed a live demonstration at the conference, bringing his own TV on stage.
You can read the paper
here
in HTML-format, or download it
here
as a PDF (no registration or subscription required). You can download the presentation slides
here
. We have also uploaded the presentation to our
YouTube
channel.
Posted on 15 December 2014 by
Martijn Grooten
Leave a Reply