July 23, 2013

Network Enabled Samsung TVs vulnerable to Denial of Service Attack

Network Enabled Samsung TVs vulnerable to Denial of Service Attack

Network Enabled Samsung TVs vulnerable to Denial of Service Attack

Download Exploit

A vulnerability in the latest firmware of the network-enabled Samsung TV models allows potential attackers to crash the vulnerable devices using Denial of Service (DoS) Attack, according to security researcher Malik Mesellem.

According to Malik, The web server (DMCRUIS/0.1) installed on Smart TVs on port TCP/5600 can be crashed to reboot the device, if attacker will send a long HTTP GET request on TV's ip address.

Malik successfully tested the exploit on his Samsung PS50C7700 plasma TV, as shown in the video demonstration below:


In the Demo, The TV is connected by ethernet cable to a home network, and after running the exploit against TV's ip address - A few seconds later, the TV would restart and repeat the process.

This means that a potential attacker only needs to obtain access to the LAN that the TV has joined, in order to attack it. This can be done either by breaking into a wireless access point or by infecting a computer on the same network with malware.

Malik discovered the flaw on July 21st, 2013, published a proof-of-concept exploit on his website and vulnerability dubbed CVE-2013-4890. I think, now we need firewall or antivirus protection for our television set too.

Samsung did not immediately return a request for comment sent via email.