Remotely Exploiting a Samsung Smart TV
Imagine if an intruder could remotely exploit a Smart TV in your home that has a video cam-
era attached to it. Your family’s privacy would immediately be at risk. In addition, the private
data and credentials stored within various apps running on your Smart TV can be compro-
mised. Researchers Aaron Grattafiori and Josh Yavor demonstrated attacks like this at the
Black Hat 2013 security conference in Las Vegas. We will go through their research in this sec-
tion.
Samsung provides a free software development kit (SDK) that lets developers write cus-
tom apps. These apps can be tested on a simulator and then submitted to the Samsung store
for approval. On its website (Figure 5-5), Samsung promises that “Samsung Smart TV has
security modules to prevent to malicious TV Apps running.” We’ve already seen how weakly
encryption has been implemented by Samsung, and that encryption keys have been compro-
mised. In addition to this, we will see an exploit in the next few paragraphs that makes the
rest of Samsung’s security promise fall apart as well.
FIGURE 5-5. Samsung’s website promises security to developers
Samsung calls the apps widgets. Every widget has the following files in its directory, exam-
ples of which can easily be seen in the included examples in the SDK:
config.xml
A simple XML file that defines and describes the various properties of the application.
index.html
The main access point of the application. This file usually includes JavaScript files that
contain most of the code for the application.
JavaScript files (.js)
These files contain the code for the application.
142 CHAPTER 5: THE IDIOT BOX—ATTACKING “SMART” TELEVISIONS