Hello,
today I found this news: Samsung's smart TVs 'wide open' to exploits
And the Video: The TV is watching you
Maybe it is useful?
ReVuln Exploit for E Series
Re: ReVuln Exploit for E Series
Nice, but not quite as revolutionary as it claims.
You probably need to get physical access first. But then if you can also manipulate the Skype camera and activate it, it would be a slightly different story...
But this is not what we do here. We just wanna improve our TV sets and remove crappy bloat-ware to install things that is actually useful!
You probably need to get physical access first. But then if you can also manipulate the Skype camera and activate it, it would be a slightly different story...
But this is not what we do here. We just wanna improve our TV sets and remove crappy bloat-ware to install things that is actually useful!
HW: UE40ES5700SXXH
FW: T-MST10PDEUC-1029.0 Onboot: 1003
FW: T-MST10PDEUC-1029.0 Onboot: 1003
-
- Official SamyGO Developer
- Posts: 1700
- Joined: Fri Oct 02, 2009 8:52 am
- Location: Austria/Vienna (no Kangaroos here)
- Contact:
Re: ReVuln Exploit for E Series
they discovered develop account? in the video it's the smarthub from d-series...MacaroniToni wrote:Hello,
today I found this news: Samsung's smart TVs 'wide open' to exploits
And the Video: The TV is watching you
Maybe it is useful?
- erdem_ua
- SamyGO Admin
- Posts: 3125
- Joined: Thu Oct 01, 2009 6:02 am
- Location: Istanbul, Turkey
- Contact:
Re: ReVuln Exploit for E Series
It's clearly, fake.
A hacker doesn't develop a `windows program` named "exploit" and use it for multiple hacks, without flag.
Also IP address is 10.0.0.2. Let make some guess.
10.0.0.1 -> router and if 10.0.0.2 -> TV, where is the god damn IP of the windows computer? 10.0.0.3?
Indeed router gives first available IP to computer since they registers their IPs before TVs and default lease time doesn't allow another device to have first available IP even if you don't open your computer for weeks. And If you are hacker, you have to open your computer every day
So ReVuln is not work it's lesson
They not ranked even as a LaMeR for me
A hacker doesn't develop a `windows program` named "exploit" and use it for multiple hacks, without flag.
Also IP address is 10.0.0.2. Let make some guess.
10.0.0.1 -> router and if 10.0.0.2 -> TV, where is the god damn IP of the windows computer? 10.0.0.3?
Indeed router gives first available IP to computer since they registers their IPs before TVs and default lease time doesn't allow another device to have first available IP even if you don't open your computer for weeks. And If you are hacker, you have to open your computer every day
So ReVuln is not work it's lesson
They not ranked even as a LaMeR for me
Re: ReVuln Exploit for E Series
This demo may be possible if they've found a way to read any file from firmware via network. The second demo shows how they get USB flash image, while the first one may get files /dev/mmcblk* (/mtd_rwarea, mtd_rwcommon, etc)erdem_ua wrote:It's clearly, fake.
But yes, they are using the same tool "exploit.exe" without command line switches. So 2 thoughts immediately happen: this video is completely a fake, or it reads some config file that is modified in parallel and not shown here.
Anyway this exploit is really possible in theory - samsung FW is full of security holes, it opens several HTTP servers, has remote X server listening to a network, has a TV remote control interface. Noone have looked deeply in this direction.
They could even be using a SamyGO "rooted" TV - everything displayed is possible with it (getting files via FTP, etc)
Re: ReVuln Exploit for E Series
Not always true. You may have a PC sharing its internet via WiFi. In this case it can have 10.0.0.1 IP, act as a gateway, and WiFi client would have the first available IP address (10.0.0.2 in this case). And even more: as all internet traffic passes via your PC - you can easily modify it as you wish, for example give fake applets (or EMPs) to TV during its autoupdate that starts every time you launch SmartTV.erdem_ua wrote:Also IP address is 10.0.0.2. Let make some guess.
10.0.0.1 -> router and if 10.0.0.2 -> TV, where is the god damn IP of the windows computer? 10.0.0.3?
Indeed router gives first available IP to computer since they registers their IPs before TVs and default lease time doesn't allow another device to have first available IP even if you don't open your computer for weeks.
And do not forget that on most modern routers you can make DHCP reservations, so your TV and PC would get arbitrary IP addresses every time.
The morale of this demo is simple: do not make your TV reachable directly from the internet, and protect your home WiFi so noone could connect to it and reach your TV without your notice.
Re: ReVuln Exploit for E Series
the hack is not a fake but its not original either.
This hack works only on D series (perhaps some previous models too).
It's not a remote hack and can only work from the same LAN.
Unless the idiot didn't map it's tv on his router as a DMZ host ... eheheheh
The dude that bragged about this hack is italian as I am but he is famed for releasing unuseful hacks (for example one that bricks a samsung tv).
This hack works only on D series (perhaps some previous models too).
It's not a remote hack and can only work from the same LAN.
Unless the idiot didn't map it's tv on his router as a DMZ host ... eheheheh
The dude that bragged about this hack is italian as I am but he is famed for releasing unuseful hacks (for example one that bricks a samsung tv).
- erdem_ua
- SamyGO Admin
- Posts: 3125
- Joined: Thu Oct 01, 2009 6:02 am
- Location: Istanbul, Turkey
- Contact:
Re: ReVuln Exploit for E Series
I mean, there is "no evidence or sign of rooting TV via exploit" at the video.
Yes, everything is possible in theory, even this movie.
But for me, this video looks like an illusion, not the truth.
Yes, everything is possible in theory, even this movie.
But for me, this video looks like an illusion, not the truth.