concluded that this is not a security threat
Maybe someone should get all the Samsung Security Muppets TVs to randomly turn on and play some Rick Astly videos; Or maybe endless loops of Crazy Frog
or is that *TOO* evil?
A security researcher is complaining that Samsung isn't making a serious response to a vulnerability in its Smart TVs. The bug, discovered by pen-test outfit Neseso, concerns the televisions' implementation of Wi-Fi Direct authentication. An attacker only needs to sniff out the MAC address of a trusted device to connect to the …
Keep piling on the pressure. Given enough, Samsung will say they've updated their TVs with enhanced trusted device recognition instead of fixing a bug.
Just like their S8s with red tinted screens, that will receive enhanced colour balance controls with a software update. No, it's a bugfix.
Or the pentester that said he found 40 vulnerabilities in Tizen in their Smart TVs a couple of weeks ago. I presume he gave up because he was spoilt for choice and it was like shooting fish in a barrel.
Samsung are everything that's wrong with software development.
"disconnect the Wi-Fi antenna"
Depending on where the wifi is, that may just shorten the range, albeit considerably.
I once got sent to a job where the fault description was, "can't connect to WiFi". Got there, opened laptop, noticed aerial connectors not connected, connected them, all fine now. User (in an IT department), had upgraded to wifi themselves and only ever used it at his desk. One office rearrangement later and he was no longer sitting directly under the WAP so could no longer connect.
No, I've no idea why he needed a laptop that was only ever used at the desk either. Or why it needed wifi if it never moved off the desk. Probably he was a "ranker" who "deserves the best".
I can't speak for security - I'm not a pen tester, but my new LG WebOS 3.0 TV works well.
The interface is smooth and crisp, as is app performance.
I was able to disable the WiFi in it entirely, and instead it is connected via ethernet - so you already need to be on my network to talk to it.
@ Baldrickk "I was able to disable the WiFi in it entirely, and instead it is connected via ethernet - so you already need to be on my network to talk to it."
That should probably read: "I selected the option to disable WiFi in the TV settings. The TV told me WiFi was disabled and I believed it."
These days you have to colour me cynical on these options that claim stuff is disabled.</cynical>
* Vintage Samsung response. But look how these chaebols operate... They're afraid of absolutely nothing with no consequences!
* Stopped buying their TV's after the panel lottery scandal broke. Plus, at least LG and others still offer basic TV's....
* This is IoT hell 101. Who wants to be a willing mark for big-tech / hackers / cybercrims / scammers / CIA-MI5 & Ukrainian war propagandists etc...
"Sarcasm aside, using the mac address as security is like trying to defend your home from tigers with a butter knife."
Not at all. If you practice, train and are lucky, you might be able to stab the tiger through the eye and into the brain, thus killing it. No matter how hard you practice and train with your MAC address, it will never become a security defence weapon.
Smart TV is an insane concept. Hopefully, your television will last 10 years, but your computer needs to be changed every 2 or 3 years. Why joint both in a single equipment?
A standard TV with an external single board computer, android dongle... It cost a fraction of the price of a smart TV, and is way smarter.
Agree, as i pointed out in another post about how wonderful Android TV's are, I bout a NowTV box for £10 and never bothered with the subscription.
Looking back a Fire TV may of been better, but at the end of the day it's got iPlayer and that does 90% of what I need.
It's almost like the manufacturers have a vested interest in you connecting your TV to the internet, so they can access reams of usage and customer data... The provision of a service useful to customers is just an afterthought, or a disguise.
I would rather just have a decent, but dumb, display panel with LOTS more inputs.
I've already got a 'smart' dishwasher (resolutely not connected online), and I can't think of any practical advantage to being able to switch it on remotely from my phone. Not until it's smart enough to load and empty itself anyway. I can only assume that Bosch want telemetry data about it's usage - at my expense and at my security risk. F**k them.
I have a eavily modified Beelink R68 android box, (native nfs/ip6 configured/512Gb ssd and usbstick) 5.1 surround sound amp, speakers, 1080p projector producing 95" "screen", air mouse remote control/keyboard, and all for probably a lot less than a top end smart tv.
After watching a bit of TV, I'm now sitting back on my sofa, staring at my wall, typing this message. It's nice having a comfy sofa as ones office!
Join me, my comrades! This intolerable situation must be ended! We must act now to save the word "Smart" from brainless marketers! Death to Tech Newspeak!
This isn't as goofy as it might sound. Through the stupidity of marketers a word meaning "intelligent" has been co-opted to mean "dumbest idea ever." Although to be honest, I'm pretty sure we'll just have to give up the original usage of "smart" and use other words instead. Damn marketers anyway, can't they just make up fancy-sounding nonsense words like they used to?
Really - stop calling Samsung 'Sammy' as if we are all big friends. Samsung wants to dominate the market and cuts corners to do so. They are yet again caught out with sloppy practices and bringing substandard products to market. Samsung make things that look good in a shop, but dig deeper and it does not stack up. Security breaches (and anything software) are not as obvious and exciting as hardware catching on fire as in Note 7 and washing machines.
People accuse Apple of making bling and only being interested in how something looks with UI. But that is not true. Apple digs deeper, did not take the lazy path of adopting Linux (less security) and makes sure that underneath things are as secure as possible. However, with software, even with the best development practices, things go wrong and issues that weren't considered arise. Yet Register always disparages Apple as 'that fruity company', while being loving towards 'Sammy', whatever they do.
As Dan 55 noted before "Samsung are everything that's wrong with software development."
Biting the hand that feeds IT © 1998–2021