A remote exploit in some models of the Samsung Smart TV has been uncovered by researchers at security researchers-for-hire ReVuln. If unlatched, the security flaw could allow theft of social media credentials loaded into the television, remote copying of drives attached to the television, and also allow remote access of compatible video cameras and microphones attached to the television.
The newly discovered issue affects Samsung Smart TV models running the latest version of Samsung's Linux-based firmware. The televisions provide no native precautions to help mitigate the flaw, such as a firewall, or user authentication.
Researchers ReVuln have a business model consisting of discovering security flaws, and requiring payment from companies wishing to use the collected data in order to release a patch for the affected product. The company declined to provide any details about the nature of the vulnerability, or how it was discovered.
The televisions in question have no non-Samsung software update capability. Unless Samsung issues a patch resolving the issue, the flaw can't be resolved without "voiding the device’s warranty and using other exploits" said ReVuln.
