TVs and Blu-ray players vulnerable to DoS attacks
Security researcher Luigi Auriemma has discovered a vulnerability in the latest firmware of some of Samsung's network-connected TVs and Blu-ray players that allows attackers to cripple a device. The devices listen on port 55000, where they receive control packets from iOS and Android smartphones.
Auriemma said that, if these controller packets contain unexpected characters such as a line feed, the device will not accept any further commands after five seconds – neither from a smartphone nor infrared remote or on the device itself. Apparently, the device begins to restart repeatedly after another five seconds. The researcher says that to exit this loop, a technician must intervene and reset the device in service mode.
Auriemma has released a proof-of-concept exploit with which the problem can be recreated. Sony's Bravia KDL-32CX525 TV can also reportedly be crippled remotely. However, the danger presented by these vulnerabilities is small: the affected port is usually only accessible in a local network, unless users change their router settings. A malicious attacker must, therefore, be on the same network.
(crve)