In 21st century America, Samsung TV watches YOU!
The classic “Russian reversal” joke about Soviet spying, popularized by comedian Yakov Smirnov in the 1980s, goes something like this:
“In Soviet Russia, television watches you!”
Now, thanks to a flaw discovered in some televisions, that cheesy gag has become an uncomfortable reality.
During last week’s Black Hat computer security conference in Las Vegas, researchers from iSEC Partners demonstrated a vulnerability in 2012 models of Samsung’s line of Smart TVs, particularly the ones with that come with cameras designed for teleconferencing.
According to CNNMoney, the flaw would allow a hacker to access various part of a connected TV, including that built-in camera:
The flaws in Samsung Smart TVs, which have now been patched, enabled hackers to remotely turn on the TVs’ built-in cameras without leaving any trace of it on the screen. While you’re watching TV, a hacker anywhere around the world could have been watching you. Hackers also could have easily rerouted an unsuspecting user to a malicious website to steal bank account information.
Indeed, Samsung has dispatched a fix for the 2012 models identified by iSEC. But as one of the researchers who presented details of the flaw pointed out: “We know that the way we were able to do this has been fixed; it doesn’t mean that there aren’t other ways that could be discovered in the future.”
Indeed, the problem with the Samsung TVs highlights a much larger issue: The number of devices connected to the Internet is growing exponentially, and many of them have little or no security in place. In other cases, flaws may be found in almost any application on an Internet-connected platform that, if exploited, could allow access to the entire device, and then the user’s full network.
Many of these unsecured devices can be found with a simple search. In fact, there’s a search engine devoted just to scouring the so-called “Internet of things” called Shadon. Playing around with it is an eye-opener.
For example, in late July a writer for Forbes discovered an entire home automation product line with Internet-connected features that could be set up without a default password, and were visible to search engines. This would enable a hacker to search and find these systems on the Net, then access them at will.
To prove her point, Kashmir Hill breached the home automation systems of random strangers, called them on the phone and demonstrated the vulnerability by turning their lights on and off.
“I can see all of the devices in your home and I think I can control them,” I said to Thomas Hatley, a complete stranger in Oregon who I had rudely awoken with an early phone call on a Thursday morning.
He and his wife were still in bed. Expressing surprise, he asked me to try to turn the master bedroom lights on and off. Sitting in my living room in San Francisco, I flipped the light switch with a click, and resisted the Poltergeist-like temptation to turn the television on as well.
“They just came on and now they’re off,” he said. “I’ll be darned.”
The company, Insteon, no longer sells the particular line of home automation systems with this kind of setup. But those customers who have them in place remain vulnerable.
Then there’s the case of the connected, hackable toilet. Trustwave Holdings, another security firm, issued an advisory about high-tech toilets made by Satis which can be controlled by an Android app via a smartphone. It talks to the toilet using Bluetooth, with the default PIN of 0000. This makes it easy to access and control. And what exactly could a hacker do?
Attackers could cause the unit to unexpectedly open/close the lid, activate bidet or air-dry functions, causing discomfort or distress to user.
In an Internet-connected world, toilet flushes YOU!
0 comments :