Samsung’s smart TVs are once again in the news for security vulnerabilities: A Swiss hacker was able to hijack a TV made by the company by adding malicious code to a broadcast signal, raising the possibility of a mass take-over of affected TVs.
Rafael Scheel, a security consultant employed by Swiss cyber-security outlet Oneconsult, was able to successfully demonstrate the exploit during a meeting of the European Broadcasters Union, according to an Ars Technica report.
During the demonstration, Scheel sent out a manipulated over-the-air broadcast signal that triggered the TV’s web browser. Using a known browser vulnerability, he was then able to take over the device and remotely control it over the internet.
The particular hack in question made use of DVB-T, a digital broadcast standard widely used in Europe but not in North America. However, Scheel argued during his demonstration that attackers could also use other transmission paths, and for example add malicious code to transmissions of IPTV services.
This could, in theory, lead to a scenario during which hackers could attack an internet TV service to add malicious code to a live transmission, and then take over tens of thousands of TV sets at once.
Samsung’s smart TV sets already made headlines when Wikileaks documented efforts by the CIA to use them as remote bugging devices last month. But while the particular attack attempted by the CIA was limited to a few older TV sets by the company, this new exploit is likely going to affect a much wider range of devices. Scheer estimated during his demonstration that about 90 percent of all smart TVs sold in recent years could fall victim to similar attacks.
Samsung didn’t respond to a request for comment.