TrailerTrash
04-25-2012, 08:39 PM
Consumer electronics are increasingly getting more sophisticated and are capable of communicating with computers and other devices over a network. While it may sound far-fetched, devices such as TVs, digital picture frames, and e-readers, are perfectly capable of causing problems on your network.
If nothing else, 2011 and 2012 should have taught us that malware writers are willing to explore unlikely and bizarre methods to achieve their goals.
Don't make the mistake of thinking electronics can't get infected. Smartphones are not invulnerable and Macs can get malware. Don't make your TVs accessible from the Internet and always scan USB gadgets when connecting to the computer, no matter how benign they may seem.
Attacking the TV
Luigi Auriemma, a researcher based in Italy, inadvertently uncovered a vulnerability in a Samsung D6000 high-definition TV that caused it to get stuck in an endless loop of restarts, according to a bug report posted on his site on Apr. 19. Unplugging the TV and disconnecting the network did not fix the problem, according to the report.
Since the TV connected to the home network via an Ethernet cable, Auriemma tried sending a message from a computer to display on the TV. Instead, the TV stopped responding to commands entered by the remote control or through the panel and began restarting itself repeatedly.
"This is not a simple temporary Denial of Service, the TV is just impossible to be used and reset," Auriemma wrote.
He speculated that the bug may be related to a buffer overflow, but didn't have enough information. All current Samsung TV and BD systems can be controlled remotely by default via any device over TCP port 55000, according to Auriemma. The TV opens over 40 TCP ports, making it open to hack, he said.
"I'm not interested in killing my poor TV just for finding other bugs and understanding them," he said.
Auriemma's report followed another denial-of-service vulnerability in Sony Bravia TVs uncovered by Gabriel Menezes Nunes.
"You cannot change the volume, channels or access any function," Nunes wrote in his description of the attack. "After 35 seconds the TV stop(s) working and back. This happens 3 times. At fourth time, the TV shuts down. In less than 3 minutes, the TV is off remotely. It is necessary to turn on the TV physically."
Digital Picture Frames, e-Readers?
Hijacking TVs may never be a widespread threat, but it is quite possible that gadgets and gizmos that have a USB port can be used to spread malware. While "not a common problem, the truth is that anything that you plug into your computer and use to transfer files onto your computer, whether it's a digital picture frame, a USB drive, or even your own smartphone, can contain viruses," Eve Blakemore, a marketing manager at Microsoft, wrote on the Security Tips & Talk blog Apr. 20.
I chatted with Beth Jones, a security analyst SophosLabs, a while back about the possibility of malicious eBooks infecting eReaders such as the Kindle and the Nook. She said it was certainly possible that malware could launch when the reader is synced with the computer. "It would be similar to when a USB is infected with an autorun worm," Jones said.
Malware authors are always looking for new avenues to spread their wares, so eReaders as an attack vector is certainly not out of the question, Jones said.
Anyone can maliciously load malware onto a device which is then connected to someone else's computer. It can also be by accident, if someone uses an infected computer to transfer some family photos onto a frame, and then gives it to someone else as a gift. Blakemore recommended running an antivirus and still being careful about opening files stored on USB devices.
__________________
If nothing else, 2011 and 2012 should have taught us that malware writers are willing to explore unlikely and bizarre methods to achieve their goals.
Don't make the mistake of thinking electronics can't get infected. Smartphones are not invulnerable and Macs can get malware. Don't make your TVs accessible from the Internet and always scan USB gadgets when connecting to the computer, no matter how benign they may seem.
Attacking the TV
Luigi Auriemma, a researcher based in Italy, inadvertently uncovered a vulnerability in a Samsung D6000 high-definition TV that caused it to get stuck in an endless loop of restarts, according to a bug report posted on his site on Apr. 19. Unplugging the TV and disconnecting the network did not fix the problem, according to the report.
Since the TV connected to the home network via an Ethernet cable, Auriemma tried sending a message from a computer to display on the TV. Instead, the TV stopped responding to commands entered by the remote control or through the panel and began restarting itself repeatedly.
"This is not a simple temporary Denial of Service, the TV is just impossible to be used and reset," Auriemma wrote.
He speculated that the bug may be related to a buffer overflow, but didn't have enough information. All current Samsung TV and BD systems can be controlled remotely by default via any device over TCP port 55000, according to Auriemma. The TV opens over 40 TCP ports, making it open to hack, he said.
"I'm not interested in killing my poor TV just for finding other bugs and understanding them," he said.
Auriemma's report followed another denial-of-service vulnerability in Sony Bravia TVs uncovered by Gabriel Menezes Nunes.
"You cannot change the volume, channels or access any function," Nunes wrote in his description of the attack. "After 35 seconds the TV stop(s) working and back. This happens 3 times. At fourth time, the TV shuts down. In less than 3 minutes, the TV is off remotely. It is necessary to turn on the TV physically."
Digital Picture Frames, e-Readers?
Hijacking TVs may never be a widespread threat, but it is quite possible that gadgets and gizmos that have a USB port can be used to spread malware. While "not a common problem, the truth is that anything that you plug into your computer and use to transfer files onto your computer, whether it's a digital picture frame, a USB drive, or even your own smartphone, can contain viruses," Eve Blakemore, a marketing manager at Microsoft, wrote on the Security Tips & Talk blog Apr. 20.
I chatted with Beth Jones, a security analyst SophosLabs, a while back about the possibility of malicious eBooks infecting eReaders such as the Kindle and the Nook. She said it was certainly possible that malware could launch when the reader is synced with the computer. "It would be similar to when a USB is infected with an autorun worm," Jones said.
Malware authors are always looking for new avenues to spread their wares, so eReaders as an attack vector is certainly not out of the question, Jones said.
Anyone can maliciously load malware onto a device which is then connected to someone else's computer. It can also be by accident, if someone uses an infected computer to transfer some family photos onto a frame, and then gives it to someone else as a gift. Blakemore recommended running an antivirus and still being careful about opening files stored on USB devices.
__________________