According to the duo, many of the Samsung apps that they examined during their research were rife with common web vulnerabilities like cross-site scripting flaws that allowed for remote and arbitrary execution of code on the television. Many of the existing apps could also be manipulated for the force of evil. For example, a download API could be made to also upload content, giving an attacker the opportunity to upload any document on the TV, from online credentials to stored content like photos or other sensitive material.
Grattafiori believes that TV manufacturers have got to up their game with some kind of cross-platform security and to train their developers to securely code. In the meantime, consumers should be wary.
"Consider where you have the TV aimed - maybe your bed is not the best option”, he says. "Browse carefully and think about investing in sticky notes to stick over the camera."
Samsung Smart TV cameras easy to hack
Posted on Friday, Aug 02 2013 @ 13:36 CEST by Thomas De Maesschalck