Who's watching whom? Camera-equipped TV can be hacked, says researcher

Security researchers have identified a vulnerability in Samsung’s Linux-based Smart TV software that could give a hacker near-complete access to the television. This includes any file on the television, any connected USB drive and, yes, the built-in camera and microphones found on the latest top-of-the-line LCD and plasma sets. In effect, this would allow a hacker to hear and see you as you're watching the TV. 

ReVuln, a Malta-based firm that specializes in "vulnerability research for offensive and defensive security," showed how it could hack the TVs remotely from anywhere on the network where the TV itself is installed.

Screenshot from security researchers' video showing exploit of TV controls

On Dec. 8, ReVuln posted a video showing the team accessing TV settings, channel lists, widgets, USB drives attached to the TV (and any personal files they contain) and remote control configurations. As the video chillingly puts it, "We can install malicious software to gain complete root access to the TV."

ReVuln announced the hack in email correspondence with the online journal Security Ledger, which published the video.

If this all sounds familiar, it's because HD Guru identified the potential vulnerability back in March following the launch of Samsung’s 2012 line-up. (At that time, NBC News ran this story by HD Guru's Gary Merson.)

When asked about the exploit, Samsung released this statement to NBC News:

Samsung takes the security of our products very seriously. We are currently investigating the matter and will take appropriate actions, to the extent necessary.

There are four Samsung Smart TV series, 11 models total, that have built-in mics and HD cameras: The plasma 8000 series with three models, a 7500 LED LCD series with three models, an 8000 LED LCD series with four models and the flagship 9000 LED LCD, which currently has one model.

For independent verification of the claims, NBC News turned to Black Hat, which hosts global conferences to address highly technical security matters. "These researchers are a known entity," Trey Ford, general manager of the group, told NBC News. "I respect and believe what they present in the video. It is a credible threat."

What's the worst that could happen?
When NBC News reached out to ReVuln, Luigi Auriemma, the firm's co-founder, explained the significance of his firm's discovery. 

"The vulnerability is exploitable remotely via network so the attacker needs to reach the TV IP address," he wrote to NBC News in an email from Malta. This distinction means that it's different than a worm or virus, that could spread to the TV via the Internet.

"In our opinion it's more interesting and realistic to think about attacks [against] specific targets reached via open/weak/hacked Wi-Fi or compromised computers of a network, instead of mass-exploiting via the Internet," wrote Auriemma. "That's interesting due to the effects of the vulnerability (retrieving information and the possibility of monitoring) which are perfect for targeted attacks, from a specific person with a TV at home to a company with TVs in its offices."

As disturbing as the concept of a "targeted attack" sounds, this means that there are limitations to who can get at you via a smart TV. 

"Where do you have to be to attack? Over the Internet from China? Or on my local network?" asks Ford of the Black Hat organization. "I don't believe this is exploitable from anywhere but the local network. Judging from the video, they have to be on the local network on Wi-Fi or plugged in (via Ethernet)."

The reason is that a router, like the one you have in your home, is the only part of your network visible to the Internet at large. Every computer, phone, game console or, yes, smart TV, attached to that router gets a local address, one that is unknown — and therefore unexploitable — from the outside. There are situations where devices connected to the router can be seen — for instance, when a PC is hosting a Web page — but aren't typical household configurations.

Samsung Smart TV
There are ways to keep devices on your network, including this Samsung Smart TV, safe from hackers.

Keep out of my TV
If you just bought a smart TV, don't panic. Instead, make sure your home set-up is properly secured by following these steps recommended by the security experts.

For starters, remember: "Your network is your personal responsibility," says Travis Carelock, Black Hat's content director and research technologist. Black Hat recommends you ensure that your router's wireless network is secured with WPA encryption (not WEP, which can be cracked), and that you keep track of what devices have access to your network.

"Consider that little kid next door that's good with computers," says Ford. Even if someone doesn't have malicious intent, they may be accessing your network.

Next, "update, update, update," says Carelock. Just as you update your home computer and Web browsers to prevent security breaches, so must you now update your TVs and other connected electronics. It's what Black Hat calls "safe computing hygiene."

Another thing you can do is put some tape over the camera when it's not in use. "A physical layer of defense is always the best defense," says Carelock.

The future is an open network
Even if you can keep your household secure, "we're moving into a whole different world," says Ford. "Growing up, you and I didn't have a wirelessly connected camera pointing at the couch."

And while the safeguards against this sort of threat may be clear to security experts now, the next wave of Internet interactivity, known as IPv6, will bring a new set of concerns. Currently, devices connected to a router are typically invisible to devices on the open Internet. But when every device that connects to the Internet gets its own IP address, the rules will change. 

"That's what will make this a whole lot more fun in the future," says Ford.

UPDATE - Friday 10:45 a.m. ET: Samsung provided a new statement that addresses the issue overall, but does not discuss the 2012 TVs with integrated cameras:

We have discovered that only in extremely unusual circumstances a connectivity issue arises between Samsung Smart TVs released in 2011 and other connected devices. We assure our customers that our Smart TVs are safe to use. We will release a previously scheduled software patch in January 2013 to further strengthen Smart TV security. We recommend our customers to use encrypted wireless access points, when using connected devices.

Wilson Rothman is the Technology & Science editor at NBC News Digital. Catch up with him on Twitter at @wjrothman, and join our conversation on Facebook. Gary Merson is the founder of HD Guru and a reknowned TV expert. You can email him here.

More from HD Guru: