Samsung Bricks Smart TVs

Earlier this Fall, a Samsung warehouse in South Africa was robbed and the thieves got away with a quantity of smart televisions. Samsung proceeded to implement a little-known feature called “TV Block” which is installed on all of their TV products. The serial numbers of the stolen TV sets are flagged in their servers, and if one of these sets tries to connect the internet in the future, it will recognize that it is stolen and proceed to brick itself, disabling all television functionality.

So while this real-life scenario makes sense, it is a bit alarming to realize the implication of such a feature — the manufacturer can reach into your TV and disable it from afar. One can assume that Samsung won’t abuse this capability, because acting otherwise would harm their reputation. In a press release, Samsung announced that any consumers whose sets were incorrectly bricked can have their sets un-bricked after demonstrating proper ownership.

Despite such good intentions, the mere existence of such a feature is worrisome. What someone hacks the system and begins bricking TVs all over the world willy-nilly? If you are concerned about this possibility, one option of course is to never connect your TV set to the internet. But in that case, it might be better to just buy a “dumb” television set instead.

Anti-theft immobilizers are not new — one system was patented over 100 years ago to thwart car thieves. Car stereo systems have also long featured technology that renders them unusable when stolen. Although this robbery brought Samsung’s “TV Block” to consumers’ attention, we wonder if other manufacturers have similar anti-theft systems which aren’t well publicized. If you know of any, please share in the comments below.

Vizio In Hot Water Over Smart TV GPL Violations

As most anyone in this community knows, there’s an excellent chance that any consumer product on the market that’s advertised as “smart” these days probably has some form of Linux running under the hood. We’re also keenly aware that getting companies to hold up their end of the bargain when it comes to using Linux and other GPL licensed software in their products, namely releasing their modified source, isn’t always as cut and dried as it should be.

Occasionally these non-compliant companies will get somebody so aggravated that they actually try to do something about it, which is where smart TV manufacturer Vizio currently finds itself. The Software Freedom Conservancy (SFC) recently announced they’re taking the Irvine, California based company to court over their repeated failures to meet the requirements of the GPL while developing their Linux-powered SmartCast TV firmware. In addition to the Linux kernel, the SFC also claims Vizio is using modified versions of various other GPL and LGPL protected works, such as U-Boot, bash, gawk, tar, glibc, and ffmpeg.

According to the SFC press release, the group isn’t looking for any monetary damages. They simply want Vizio to do what’s required of them as per the GPL and release the SmartCast source code, which they hope will allow for the development of an OpenWrt-like replacement firmware for older Vizio smart TVs. This is particularly important as older models will often stop receiving updates, and in many cases, will no longer be able to access all of the services they were advertised as being able to support. Clearly the SFC wants this case to be looked at as part of the larger Right to Repair debate, and given the terrible firmware we’ve seen some of these smart TVs ship with, we’re inclined to agree.

Now of course, we’ve seen cases like this pop up in the past. But what makes this one unique is that the SFC isn’t representing one of the developers who’s software has been found to be part of Vizio’s SmartCast, they’re actually the plaintiff. By taking the position of a consumer who has purchased a Vizio product that included GPL software, the SFC is considered a third-party beneficiary, and they are merely asking the court to be given what’s due to them under the terms of the license.

As firm believers in the open source movement, we have zero tolerance for license violators. Vizio isn’t some wide-eyed teen, randomly copying code they found from GitHub without understanding the implications. This is a multi-billion dollar company that absolutely should know better, and we’ll be happy to see them twist in the wind a bit before they’re ultimately forced to play by the rules.

magicBlueSmoke-piStick-featured

How Do You Make A Raspberry Pi On A Stick?

We agree with [magic-blue-smoke] that one of the only things more fun than a standard Raspberry Pi 4 is the Compute Module form factor. If they are not destined to be embedded in a system, these need a breakout board to be useful. Each can be customized with a myriad board shapes and ports, and that’s where the real fun starts. We’ve already seen projects that include custom carrier boards in everything from a 3D Printer to a NAS and one that shows we can build a single-sided board at home complete with high-speed ports.

[magic blue smoke] used this ability to customize the breakout board as an opportunity to create a hackable media player “stick” with the Raspberry Pi built-in. We love that this Raspberry Pi CM4 TV Stick eliminates all the adapters and cables usually required to connect a Pi’s fiddly micro HDMI ports to a display and has heat sinks and an IR receiver to boot. Like a consumer media player HDMI stick, all you need to add is power. Continue reading “How Do You Make A Raspberry Pi On A Stick?”

Roku TV Hacked To Run Philips Ambilight Setup

Roku TVs are interesting beasts, which use automatic content recognition on whatever you happen to be watching in order to market online streaming services direct to your loungeroom. [Ammar Askar] realised that this technology could instead be used to feed data to a computer to run a Philips Ambilight setup natively from whatever the TV displays. 

The core of the hack came about because [Ammar’s] TV doesn’t work natively with Philips Ambilight technology. Most off-the-shelf solutions involve feeding sources, like Chromecasts or game consoles, to a HDMI splitter and then to a PC running the Ambilight software, but it gets messy real quick. Instead, [Ammar] realised that the Roku-enabled TV should be more than capable of working with the Ambilight system, given the capability of its inbuilt hardware.

The hack consists of a custom app running on the Roku hardware, which uses the in-built Roku libraries to capture frames of whatever is being displayed on the TV. It then breaks up the screen into sections and averages the color in each area. This data is then passed to a laptop, which displays the relevant colors on its own screen, where the standard Philips Hue Sync app handles the Ambilight duties.

It’s a great hack and [Ammar] doesn’t skimp on the granular fine details of what it took to get this custom code running on the Roku TV. We’d love to see more hacks of this calibre done on smart TVs; after all, there’s plenty of horsepower under the hood in many cases. Alternatively, you could always follow the CIA’s example and turn your Samsung TV into a covert listening device. Video after the break.

Continue reading “Roku TV Hacked To Run Philips Ambilight Setup”

Save Your Thumbs With This Netflix Password Sender

Chances are anyone who has an entry-level to mid-range smart TV knows that setting them up with your streaming account credentials is a royal pain. Akin to the days of texting on a flip phone, using the number pad or arrow keys to compose your user name and password seems to take forever.  So why not avoid the issue with this automated Netflix logger-inner?

As if the initial setup wasn’t bad enough, when [krucho5]’s LG smart TV started asking for his Netflix credentials every few days, he knew something needed to be done. An Arduino to send “keystrokes” was the obvious solution, but when initial attempts to spoof the HID on the set proved fruitless, [krucho5] turned to the IR remote interface. He used an IR receiver module to capture the codes sent while entering user name and password, and an IR LED plays it back anytime the TV ask for it. The video below shows how much easier it is now, and the method should work just fine for any other online service accounts.

We like [krucho5]’s build, but the fit and finish are a little rough. Perhaps slipping them into a pair of Netflix-enabled socks would be a nice touch?

Continue reading “Save Your Thumbs With This Netflix Password Sender”

Hack Your Own Samsung TV With The CIA’s Weeping Angel Exploit

[Wikileaks] has just published the CIA’s engineering notes for Weeping Angel Samsung TV Exploit. This dump includes information for field agents on how to exploit the Samsung’s F-series TVs, turning them into remotely controlled spy microphones that can send audio back to their HQ.

An attacker needs physical access to exploit the Smart TV, because they need to insert a USB drive and press keys on the remote to update the firmware, so this isn’t something that you’re likely to suffer personally. The exploit works by pretending to turn off the TV when the user puts the TV into standby. In reality, it’s sitting there recording all the audio it can, and then sending it back to the attacker once it comes out of “fake off mode”.

It is still unclear if this type of vulnerability could be fully patched without a product recall, although firmware version 1118+ eliminates the USB installation method.

The hack comes along with a few bugs that most people probably wouldn’t notice, but we are willing to bet that your average Hackaday reader would. For instance, a blue LED stays on during “fake off mode” and the Samsung and SmartHub logos don’t appear when you turn the TV back on. The leaked document is from 2014, though, so maybe they’ve “fixed” them by now.

Do you own a Samsung F-series TV? If you do, we wouldn’t worry too much about it unless you are tailed by spies on a regular basis. Don’t trust the TV repairman!

Remotely Get Root On Most Smart TVs With Radio Signals

[Rafael Scheel] a security consultant has found that hacking smart TVs takes nothing much more than an inexpensive DVB-T transmitter, The transmitter has to be in range of the target TV and some malicious signals. The hack works by exploiting hybrid broadcast broadband TV signals and widely known about bugs in web browsers commonly run on smart TVs, which seem run in the background almost all the time.

Scheel was commissioned by Cyber security company Oneconsult, to create the exploit which once deployed, gave full root privileges enabling the attacker to setup and SSH into the TV taking complete control of the device from anywhere in the world. Once exploited the rogue code is even unaffected by device reboots and factory resets.

Once a hacker has control over the TV of an end user, he can harm the user in a variety of ways, Among many others, the TV could be used to attack further devices in the home network or to spy on the user with the TV’s camera and microphone. – Rafael Scheel

Smart TV’s seem to be suffering from  IoT security problems. Turning your TV into an all-seeing, all-hearing surveillance device reporting back to it’s master is straight out of 1984.

A video of a talk about the exploit along with all the details is embedded below.
Continue reading “Remotely Get Root On Most Smart TVs With Radio Signals”