In association with heise online

25 April 2012, 09:24

TVs and Blu-ray players vulnerable to DoS attacks

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Zoom The Samsung D6000 TV with the latest firmware is vulnerable
Security researcher Luigi Auriemma has discovered a vulnerability in the latest firmware of some of Samsung's network-connected TVs and Blu-ray players that allows attackers to cripple a device. The devices listen on port 55000, where they receive control packets from iOS and Android smartphones.

Auriemma said that, if these controller packets contain unexpected characters such as a line feed, the device will not accept any further commands after five seconds – neither from a smartphone nor infrared remote or on the device itself. Apparently, the device begins to restart repeatedly after another five seconds. The researcher says that to exit this loop, a technician must intervene and reset the device in service mode.

Auriemma has released a proof-of-concept exploit with which the problem can be recreated. Sony's Bravia KDL-32CX525 TV can also reportedly be crippled remotely. However, the danger presented by these vulnerabilities is small: the affected port is usually only accessible in a local network, unless users change their router settings. A malicious attacker must, therefore, be on the same network.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit