TVs and Blu-ray players vulnerable to DoS attacks
The Samsung D6000 TV with the latest firmware is vulnerable
Security researcher Luigi Auriemma has discovered a vulnerability in the latest firmware of some of Samsung's network-connected TVs and Blu-ray players that allows attackers to cripple a device. The devices listen on port 55000, where they receive control packets from iOS and Android smartphones.
Auriemma said that, if these controller packets contain unexpected characters such as a line feed, the device will not accept any further commands after five seconds – neither from a smartphone nor infrared remote or on the device itself. Apparently, the device begins to restart repeatedly after another five seconds. The researcher says that to exit this loop, a technician must intervene and reset the device in service mode.
Auriemma has released a proof-of-concept exploit with which the problem can be recreated. Sony's Bravia KDL-32CX525 TV can also reportedly be crippled remotely. However, the danger presented by these vulnerabilities is small: the affected port is usually only accessible in a local network, unless users change their router settings. A malicious attacker must, therefore, be on the same network.
(crve)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
