The Samsung LExxB650 Series
Mulliner and Michéle’s research focuses on the Samsung LExxB650 series (Figure 5-1) of
Smart TVs, even though the concept of the TOCTTOU attack vector can be applied to other
consumer electronic devices that may be similarly vulnerable.
FIGURE 5-1. Samsung’s LExxB650 series Smart TV
In the case of Smart TVs and other electronics, the USB port is often used to read and
write files that can comprise media content, applications, and software updates. A storage
device, such as a USB memory stick, can be plugged into the TV to watch content stored on
the memory stick, as well as to install Smart TV apps and upgrade firmware.
Apps specifically written for the Samsung LExxB650 series of TVs can be of two types:
Adobe Flash and native binaries. Mulliner and Michéle’s research targets the native binary
approach. These binaries end with the .so extension, which means that the binaries are able to
share code with other binaries and are loaded at runtime. The advantage of this is that other
modules can use code and applications written using this approach, which reduces the size of
executables and also allows developers to change shared code in one file and not have to
recompile other dependencies. The Samsung TVs use Linux, so this approach makes sense.
In the world of Microsoft Windows, these files are known as dynamic link libraries (DLLs).
124 CHAPTER 5: THE IDIOT BOX—ATTACKING “SMART” TELEVISIONS