Hackers can make your “Smart TV” watch you

by 1389 on August 4, 2013

in 1389 (blog admin), cellular, malware, privacy, security

CBS News has the story:

[…]
Grattafiori said that they tested their exploit on Samsung Smart TVs because they offer the most features, which create more of an opportunity to find security flaws. He added that they have yet to try out other smart TVs.

One of the immediate questions that arises is whether the TV can turn its camera on its owner and open a gateway for home surveillance. The researchers say that a hacker could potentially take control of the TV’s camera and remain undetected.

“They could actually either see live, streaming video into your home or office or to take still camera shots of you,” Grattafiori said about potential hackers. “There’s no physical indicator, nor visual indicator, that you’d be able to know your camera was on or taking pictures of you.”
[…]
A spokesperson for Samsung told CBSNews.com that the company is aware of the security issues regarding the Smart TV and has released a software update to resolve the issue. The company says it is taking measures to vigorously enhance security and protect its customers’ privacy.

iSEC Partners initially presented their findings at the Black Hat conference this week, along with an exploit to Verizon’s femtocell that lets hackers take control of mini cell phone towers. Other researchers showed how cyber-criminals could hack into “smart home” control systems. They also exposed vulnerabilities in iPhone chargers, driverless cars and other high-tech devices.

Complete story, video, and much more here.

Now this is hilarious!

BBC: Luxury toilet users warned of hardware flaw

A luxury toilet controlled by a smartphone app is vulnerable to attack, according to security experts.

Retailing for up to $5,686 (£3,821), the Satis toilet includes automatic flushing, bidet spray, music and fragrance release.

The toilet, manufactured by Japanese firm Lixil, is controlled via an Android app called My Satis.

But a hardware flaw means any phone with the app could activate any of the toilets, researchers say.

The toilet uses bluetooth to receive instructions via the app, but the Pin code for every model is hardwired to be four zeros (0000), meaning that it cannot be reset and can be activated by any phone with the My Satis app, a report by Trustwave’s Spiderlabs information security experts reveals.

“An attacker could simply download the My Satis application and use it to cause the toilet to repeatedly flush, raising the water usage and therefore utility cost to its owner,” it says in its report.

“Attackers could [also] cause the unit to unexpectedly open/close the lid, activate bidet or air-dry functions, causing discomfort or distress to [the] user.”

Continue reading…

But then, I take a dim view of cell phones near toilets to begin with.

{ 0 comments… add one now }

Leave a Comment

Previous post:

Next post: