Samsung Smart TV a spy in the living room as webcam hack comes to light

Samsung fixed a

smart tv

bug that allowed hackers to remotely activate the built-in webcam and spy on viewers in their living room, as well as redirect the built-in browser to a compromised webpage. The security flaw, spotted by researchers at iSEC Partners, has been patched with a firmware update pushed to the affected sets, Samsung said.

CNN Money

, but renews questions about the inherent security of home appliances and the so-called “Internet of Things” as ubiquitous connectivity becomes commonplace.

The affected models were from Samsung's 2012 line of smart TVs, the researchers said during a presentation at the

this week. They found several methods to potentially hijack the TVs' browser or social media app, which, once compromised, would allow hackers "to take complete control of the TV, steal the accounts stored on it, and install a user rootkit".

With that done, it would be simple to redirect any web request to another page, suggest Aaron Grattafiori and Josh Yavor of iSEC Partners. With a little neat design, it could lead users to inadvertently hand over banking, banking, credit card or other personal details, believing they are on legitimate sites.

It's the potential for the TV to be turned on in a literal spy in the living room that's most disturbing, though. “If there's a vulnerability in one app, there's a vulnerability in the whole TV,” Grattafiori said of the exploit; Breaking into the browser, the pair were able to take control of the webcam that Samsung builds into some smart TV models, activating it with no visible indication on the TV itself that they're being watched.

Samsung fixed the defect before the presentation, having been notified of the problem in advance. As for those who are still concerned, Samsung points out that there are certain physical methods by which privacy can be maintained. "The camera can be turned into the frame of the TV so the lens is covered, or disabled by pushing the camera inside the frame," the company says. "The TV owner can also disconnect the TV from the home network when Smart TV features are not in use."

Still, iSEC researchers aren't convinced that another way to hack TVs - or similar products - won't be discovered. The problem is likely to become increasingly prevalent, security experts like Marc Rogers, principal researcher at Lookout Mobile Security, told SlashGear recently.

.

. Part of Rogers' current focus is how manufacturers of what until now have been home appliances will take care of the responsibility of managing updates and patches in a timely manner when connectivity The Internet will become ubiquitous.

"Thinking about it, if you change the purpose of these things [like smart thermostats and smart TVs], how do you rate that?"

Rogers asked

. “Look at all the new bits of data from this thing and make sure that you have appropriate levels of security in place on board. Is there a patch management process? You can no longer say, well, these things are just updated as firmware; you need an evolutionary process. These are all things we need to think about, and I don't see a lot of people doing that. »