A security company known as ReVuln has created a video demonstrating that it can hack and root Samsung’s Smart TV range including the Samsung TV LED 3D. The video shows how a zero-day vulnerability in the TV’s firmware can be used to retrieve sensitive information and monitor the device remotely. However ReVuln aren’t disclosing this information to Samsung, instead the company prefers to sell its secrets to governments and “other paying customers.”
A zero-day vulnerability is a bug in the firmware which, when exploited, allows hackers to root and remotely control the device. It is known as a “zero-day” as this is the number of days that the manufacturer knew about the vulnerability before it was exposed. In other words this is a previously unknown vulnerability.
The exploit allows an attacker to install malicious software and switch on the integrated webcam and microphone for surveillance purposes. The attacker can also access any attached USB drives. ReVuln plan to invest more time and effort in hacking smart home devices and chose Samsung for their first attack because it’s the current market leader. However, for ReVuln, televisions are just the beginning.
ReVuln doesn’t release its hacking secrets, even if Samsung contacted them directly. Instead the company sees the vulnerability information as part of a security portfolio for its paying customers. In this context paying customers includes government agencies. According to its website, “the vulnerabilities included in our Zero-day feed remain undisclosed by ReVuln unless either the vulnerability is discovered and reported by a third party or the vendor publicly or privately patches the issue.”
What do you think? Are you worried about someone hacking into your smart TV? Do you think ReVuln should at least tell Samsung how it did it?