Here, Let Me Put Some Java In Your Television



  • https://securityledger.com/2013/08/samsung-smart-tv-like-a-web-app-riddled-with-vulnerabilities/  

    Vulnerabilities in the underlying operating system and applications on Samsung SmartTVs could be used to steal sensitive information on the device owner, or even spy on the television’s surroundings using an integrated webcam. The Samsung SmartTV is essentially, a Linux device configured with a Webkit-based browser to run web pages and applications.

    In their presentation, the two showed how vulnerabilities in SmartHub, the Java-based application that is responsible for many of the SmartTV’s interactive features, could be exploited by a local or remote attacker to  surreptitiously activate and control an embedded webcam on the SmartTV. The researchers were able to conduct DNS poisoning and drive-by download attacks and show how vulnerabilities could be combined to steal local user credentials and those of connected devices, browser history, cache and cookies as well as credentials for the local wireless network,

    Why is is that anything with "Smart" in the name always turns out to be horrendously stupid.



  • @El_Heffe said:

    Why is is that anything with "Smart" in the name always turns out to be horrendously stupid.

    That's a little harsh.

    @securityledger.com said:

    SmartTVs do support remote OTA (over the air) firmware and application updates, and can even force updates for key features like the web browser, while the vulnerabilities in the Skype application were fixed almost immediately

    So they can fix these little fuckups in the field, and as long as their firmware never achieves the kind of market dominance in TV that Microsoft's OS achieved on the desktop they should remain no more atttractive an attack target than any of their competitors.


  • Trolleybus Mechanic

    @flabdablet said:

    @El_Heffe said:
    Why is is that anything with "Smart" in the name always turns out to be horrendously stupid.

    That's a little harsh.

     

    Please name one that isn't. (Smart Car doesn't count).

    @flabdablet said:

    So they can fix these little fuckups in the field

    It's a television! It shouldn't be so complex as to ever even HAVE fuck ups like this.

     

     



  • @Lorne Kates said:

    @flabdablet said:

    @El_Heffe said:
    Why is is that anything with "Smart" in the name always turns out to be horrendously stupid.

    That's a little harsh.

     

    Please name one that isn't. (Smart Car doesn't count).

    Smartphone?



  • @Lorne Kates said:

    Smart Car doesn't count

    ...because?

    @Lorne Kates said:

    It's a television! It shouldn't be so complex as to ever even HAVE fuck ups like this.

    It's a (television|telephone|printer|cash register|electricity meter|car|weapon|refigerator|book|other)! It shouldn't be so complex as to ever even HAVE fuck ups like this.

    And you kids get off my lawn.



  • It's not a television, it's a computer without a keyboard.



  • ...I don't get the constant blakeyrat / signatureguy thing...? I am impressed, however, at his ability to screw with his avatar panel...



  • @skotl said:

    ...I don't get the constant blakeyrat / signatureguy thing...? I am impressed, however, at his ability to screw with his avatar panel...

    It's not blakey doing that, it's immibis's signature; Community Server amusingly fails to enforce tag balance in sig blocks.



  • @flabdablet said:

    And you kids get off my lawn.
    When I was young, TV would turn on in less than 5 seconds, and switching channels was instant. Now my TV needs about 10 seconds (part of that time showing me the manufacturer logo), switching channels is slow (doesn't matter whether it's the digital cable, or the IPTV set-top-box), and sometimes sound doesn't work (which is solved by unplugging and replugging the CI card for cable channels, and the STB for IPTV channels). But hey, at least now I have 200 channels I don't ever watch - such is the price of progress.



  • At the risk of sounding anti-technology, I just don't trust this "smart" stuff either.

    I mean, even the major, well-tested and (supposedly) well-reviewed standards and systems turn out to have important security problems (DNS, WEP, WPS, email). Am I supposed to expect that a product made entirely by a company like Samsung*, with no outside supervision at all, will be completely secure? Not to mention the usability of TV software tends to be generally bad.

    ---
    *Not that I'm saying Samsung always makes bad products, just that it's one of those companies that would rather sell 1000 different cheap products than focus their efforts on making 100 good products.


  • Trolleybus Mechanic

    @flabdablet said:

    @Lorne Kates said:
    Smart Car doesn't count

    ...because?

     

    Because it's a brand name, not an adjective.

     

     



  • @skotl said:

    ...I don't get the constant blakeyrat / signatureguy thing...? I am impressed, however, at his ability to screw with his avatar panel...

    Hey don't blame me for someone else fucking with the forum and just using my image.



  • @Lorne Kates said:

    Because it's a brand name, not an adjective.

    And yet, it costs more, gets the same mileage, and is less safe than a substantially larger Toyota Echo. So it's still fucking stupid.


  • Trolleybus Mechanic

    @blakeyrat said:

    @Lorne Kates said:
    Because it's a brand name, not an adjective.

    And yet, it costs more, gets the same mileage, and is less safe than a substantially larger Toyota Echo. So it's still fucking stupid.

     

    Yes. Just not for the reasons Smart [whatever... dog kibble?]  are.

    (I was going to post a link showing that the Smart Car's crash rating is surprisingly not as bad as you'd think, but instead of finding the link I wanted, I found an equal amount of articles saying so, and an equal amount saying no-- so fuck it, I don't care enough to do the research).



  • @anonymous234 said:

    At the risk of sounding anti-technology, I just don't trust this "smart" stuff either.
    It's not about being "anti-technology" or being an old fart who wants you damn kids to get off my lawn. It's about more and more companies cramming more and more stuff of questionable value  into their products -- and doing a really shitty job of it.

    I'm surrounded by all sorts of technology that didn't exist when I graduated from highschool.  And it's great.  I would hate to back to the old days when I couldn't sit down at a computer and instantly find any information I want, or call someone a cunt.

    The problem is that there is now this push to turn everything into a computer, regardless of whether or not it actually makes sense.  This is made even worse because we haven't yet reached the point where we can reliably create computer software that isn't shitty, buggy, and filled with security holes, and yet we're already moving on, putting the same shitty code into your phone, television, refrigerator, purple dildo and any other device that anyone can think of.



  • @immibis said:

    It's not a television, it's a computer without a keyboard.
     

    That.

    Mate in .AU owns a Sony TV and found it runs a Linux OS.

    When his kids are all gathered watching cartoons, he's been known to SSH into it and issue a command that rotates the screen through 90 degrees just to watch child heads tilt en-masse.



  • @ender said:

    @flabdablet said:
    And you kids get off my lawn.
    When I was young, TV would turn on in less than 5 seconds, and switching channels was instant. Now my TV needs about 10 seconds (part of that time showing me the manufacturer logo), switching channels is slow (doesn't matter whether it's the digital cable, or the IPTV set-top-box), and sometimes sound doesn't work (which is solved by unplugging and replugging the CI card for cable channels, and the STB for IPTV channels). But hey, at least now I have 200 channels I don't ever watch - such is the price of progress.
     

    Mine still switches channels instantly. Then again, it uses the same CPU I play games with. And the mouse-keyboard combination for UI is nice. The UI overall feels crisp. Granted, bootup and shutdown times are still a bit lengthy, and if I shut it down improperly, it needs even more time on next boot-up to check the disk. And it shows the damn old Windows logo on boot-up too.

    But it's stable and reliable, so I can't complain. Well, I do have to get updates manually, but at least I can get them when they're hot. And I can even choose the software I watch on.

     

    In all seriousness, why would someone who owns a perfectly good computer even bother with a digital television? A computer + a good screen + tuner card combo isn't that much more than a good TV. ...I guess. I've never owned a TV, so I wouldn't be the best person to say for sure. But when you do reply to this, take a moment first to consider the "good" part in "a good TV".



  • @flabdablet said:

    @skotl said:
    ...I don't get the constant blakeyrat / signatureguy thing...? I am impressed, however, at his ability to screw with his avatar panel...

    It's not blakey doing that, it's immibis's signature; Community Server amusingly fails to enforce tag balance in sig blocks.

    Yeah, I fooled around with the Signature Guy html a bit.  It's fun but not very practical. It's not so bad for somebody like immibis who posts rarely, but if someone who posts a lot put that in their signature it would get annoying really fast.  That's why I have signatures turned off in my profile settings.  Even non-Signature Guy stuff gets annoying pretty quickly.

     




  • I forgot to mention that most of us already got a good computer around. And a good screen. Although for sheer size TVs usually easily trump it. Then again, most TVs have HDMI-inputs now. And very few have an internal antenna. Wink, wink...

     



  • @El_Heffe said:

    The problem is that there is now this push to turn everything into a computer, regardless of whether or not it actually makes sense.  This is made even worse because we haven't yet reached the point where we can reliably create computer software that isn't shitty, buggy, and filled with security holes, and yet we're already moving on, putting the same shitty code into your phone, television, refrigerator, purple dildo and any other device that anyone can think of.

     

    For a TV, reusing video playback software stacks from the PC world technically makes sense.

     But then you have to put in a lot of processing power to get that Linux distro to run smoothly, since developing proprietary software costs money.

    And since the processing power is there, it makes business sense to put in other, value-added features that make use of it, at the cost of 10% increase in flash cost. Which might not be a factor, if you had space left over in the cheapest flash chip that fit your software anyway; flash chips come in certain size increments only.

    Unfortunately, a browser is now seen as a value-added feature in a TV. It'll eventually fail and get dropped though, as no-one wants to browse the net on the living room TV if there are others in the same household. Would you want to open your email on a 3-foot screen in the middle of your living room?

     



  • @ender said:

    @flabdablet said:
    And you kids get off my lawn.
    When I was young, TV would turn on in less than 5 seconds, and switching channels was instant. Now my TV needs about 10 seconds (part of that time showing me the manufacturer logo), switching channels is slow (doesn't matter whether it's the digital cable, or the IPTV set-top-box), and sometimes sound doesn't work (which is solved by unplugging and replugging the CI card for cable channels, and the STB for IPTV channels). But hey, at least now I have 200 channels I don't ever watch - such is the price of progress.

    What? I remember my childhood TV taking a good minute to "warm up". And to change channels one has to get up and physically turn the mechanical knob. And then UHF TV come in and we had to tune in via the VCR until 1992 we got a new TV with a remote and built in UHF tuner.



  • @Zemm said:

    What? I remember my childhood TV taking a good minute to "warm up".
    The oldest TV (older than me) I remember was an ITT with 8 touch buttons for channels (which would sometimes switch if a fly walked over them), but as far as I remember, it was still fairly fast to warm up (you did have to get up to switch the channel though). IIRC, we got a TV with remote at the same time we moved to a new apartment, which would be in 1987. Both of these TVs were later in use at our weekend, and they still worked when we got rid of them a few years ago.



  • @Lorne Kates said:

    @flabdablet said:

    @Lorne Kates said:
    Smart Car doesn't count

    ...because?

    Because it's a brand name, not an adjective.

    SmartTV isn't a brand name?



  • @El_Heffe said:

    The problem is that there is now this push to turn everything into a computer, regardless of whether or not it actually makes sense.  This is made even worse because we haven't yet reached the point where we can reliably create computer software that isn't shitty, buggy, and filled with security holes, and yet we're already moving on, putting the same shitty code into your phone, television, refrigerator, purple dildo and any other device that anyone can think of.

    That's the Invisible Hand maintaining its firm grip on the Invisible Penis.



  • Try telnet root:root (!) You did see this, right? These people scanned the e-verse with a botnet:


  • FoxDev

    @Cassidy said:

    @immibis said:

    It's not a television, it's a computer without a keyboard.
     

    That.

    Mate in .AU owns a Sony TV and found it runs a Linux OS.

    When his kids are all gathered watching cartoons, he's been known to SSH into it and issue a command that rotates the screen through 90 degrees just to watch child heads tilt en-masse.

     

    I want that TV :)

     


  • Discourse touched me in a no-no place

    @flabdablet said:

    So they can fix these little fuckups in the field, and as long as their firmware never achieves the kind of market dominance in TV that Microsoft's OS achieved on the desktop they should remain no more atttractive an attack target than any of their competitors.

    Yes, because nobody's gonna want to buy the TVs of a nonentity like Samsung.


  • Discourse touched me in a no-no place

    @Lorne Kates said:

    @flabdablet said:

    @El_Heffe said:
    Why is is that anything with "Smart" in the name always turns out to be horrendously stupid.

    That's a little harsh.

     

    Please name one that isn't. (Smart Car doesn't count).

    Have you SEEN the Smarte ForTwo? Seems like a neat idea until you realize that for the same price you can get a car with a second row of seats, and a regular-sized engine.


  • Discourse touched me in a no-no place

    @El_Heffe said:

    @anonymous234 said:

    At the risk of sounding anti-technology, I just don't trust this "smart" stuff either.
    It's not about being "anti-technology" or being an old fart who wants you damn kids to get off my lawn. It's about more and more companies cramming more and more stuff of questionable value  into their products -- and doing a really shitty job of it.

    I'm surrounded by all sorts of technology that didn't exist when I graduated from highschool.  And it's great.  I would hate to back to the old days when I couldn't sit down at a computer and instantly find any information I want, or call someone a cunt.

    The problem is that there is now this push to turn everything into a computer, regardless of whether or not it actually makes sense.  This is made even worse because we haven't yet reached the point where we can reliably create computer software that isn't shitty, buggy, and filled with security holes, and yet we're already moving on, putting the same shitty code into your phone, television, refrigerator, purple dildo and any other device that anyone can think of.

    If Battlestar Galactica taught us nothing else, this should have been it!


  • Discourse touched me in a no-no place

    I just read something this morning, speaking of vulnerabilities, about a Japanese company that makes a bluetooth-enabled toilet, with a fun vuln: it has bluetooth, and a hardcoded pairing key of 00000. Anyone can get the app and cause your toilet to flush continuously (for example), driving up your water bill.



  • @FrostCat said:

    I just read something this morning, speaking of vulnerabilities, about a Japanese company that makes a bluetooth-enabled toilet, with a fun vuln: it has bluetooth, and a hardcoded pairing key of 00000. Anyone can get the app and cause your toilet to flush continuously (for example), driving up your water bill.
    uh . . . yeah



  • @FrostCat said:

    If Battlestar Galactica taught us nothing else, this should have been it!
     

     

    Okay, Adama apparently commands such respect that I can't find any lolpics/gifs of him as reactiongif.

    But we know how poor my googling skills are.



  • @dhromed said:

    @FrostCat said:
    If Battlestar Galactica taught us nothing else, this should have been it!
     

     

    Okay, Adama apparently commands such respect that I can't find any lolpics/gifs of him as reactiongif.

    But we know how poor my googling skills are.

    From what I remember, he only had one expression.

     



  • @El_Heffe said:

    From what I remember, he only had one expression.
     

    He had three.

     

    Glasses on.

    Glasses off.

    Barely contained rage.


  • Discourse touched me in a no-no place

    @El_Heffe said:

    we haven't yet reached the point where we can reliably create computer software that isn't shitty, buggy, and filled with security holes
    Wrong, but nobody wants to pay for that in anything other than the most critical applications (and sometimes not even then, alas).



  • @FrostCat said:

    @Lorne Kates said:

    @flabdablet said:

    @El_Heffe said:
    Why is is that anything with "Smart" in the name always turns out to be horrendously stupid.

    That's a little harsh.

     

    Please name one that isn't. (Smart Car doesn't count).

    Have you SEEN the Smarte ForTwo? Seems like a neat idea until you realize that for the same price you can get a car with a second row of seats, and a regular-sized engine.

     

    You misunderstand. It's a smart deal for the manufacturer; same price, less material costs. No-one ever said that the "smart" part meant the buyer.

     


  • Discourse touched me in a no-no place

    @El_Heffe said:

    @FrostCat said:

    I just read something this morning, speaking of vulnerabilities, about a Japanese company that makes a bluetooth-enabled toilet, with a fun vuln: it has bluetooth, and a hardcoded pairing key of 00000. Anyone can get the app and cause your toilet to flush continuously (for example), driving up your water bill.
    uh . . . yeah

    Hey, yeah, that was it!



  • @OldCrow said:

    No-one ever said that the "smart" part meant the buyer
    It never does.



  • @Lorne Kates said:

    Please name one that isn't. (Smart Car doesn't count).

    Yeah it does.



  • @dhromed said:

    @El_Heffe said:

    From what I remember, he only had one expression.
     

    He had three.

     

    Glasses on.

    Glasses off.

    Barely contained rage.

    four, you forgot occasional moments of tired sadness/sad tiredness (yes, usually in the glasses off moments, but still, it's not the same expression)



  • DULL SURPRISE!

    Except in his case, it was more like, "MILD ANNOYANCE!"


  • Trolleybus Mechanic

    @OldCrow said:

    You misunderstand. It's a smart deal for the manufacturer; same price, less material costs. No-one ever said that the "smart" part meant the buyer.
     

    You have shaken and altered my worldview. 


  • BINNED

    @El_Heffe said:

    Why is is that anything with "Smart" in the name always turns out to be horrendously stupid.

    Similarly, whenever you see an article entitled "The Truth About...", you can be sure the author is either lying through his teeth or hopelessly misguided.


  • Trolleybus Mechanic

    @PedanticCurmudgeon said:

    @El_Heffe said:

    Why is is that anything with "Smart" in the name always turns out to be horrendously stupid.

    Similarly, whenever you see an article entitled "The Truth About...", you can be sure the author is either lying through his teeth or hopelessly misguided.
     

    "The Truth About 'The Truth About...'..."

     


  • Considered Harmful

    @Lorne Kates said:

    @PedanticCurmudgeon said:

    @El_Heffe said:

    Why is is that anything with "Smart" in the name always turns out to be horrendously stupid.

    Similarly, whenever you see an article entitled "The Truth About...", you can be sure the author is either lying through his teeth or hopelessly misguided.
     

    "The Truth About 'The Truth About...'..."

     


    Quiet, before Ben L. hears you making a recursion joke.



  • @joe.edwards said:

    @Lorne Kates said:

    @PedanticCurmudgeon said:

    @El_Heffe said:

    Why is is that anything with "Smart" in the name always turns out to be horrendously stupid.

    Similarly, whenever you see an article entitled "The Truth About...", you can be sure the author is either lying through his teeth or hopelessly misguided.
     

    "The Truth About 'The Truth About...'..."

     

    Quiet, before Ben L. hears you making a recursion joke.
     

    ...What if we are already in Ben L.'s recursion joke?

    D:

     



  • @blakeyrat said:

    @Lorne Kates said:
    Because it's a brand name, not an adjective.
    And yet, it costs more, gets the same mileage, and is less safe than a substantially larger Toyota Echo. So it's still fucking stupid.

    Have you ever driven one? We have a bunch of the 2009 models in our poolcar fleet, and their transmissions are horrible, taking just under a second to actually shift. The result is akin to a bucking bronco, and regular terror as your car seems to stall while making a left turn in incoming traffic. The triptronic mode (or whatever MB calls it in that car) is only marginally better. You only control when it shifts; the actual shift takes just as long.

    We also have an electric smart 4-2 in our fleet. As it doesn't have a transmission, it's a bit better in that regard. However, it's woefully underpowered. I'm a bit on the large side at 215 lb, and it struggled to hit 60 kph at wide-open, uh, resistor? up a 7% incline.

    Their only redeeming feature is that you can park them practically everywhere.

    Oh, and Smart Car tipping was a fad briefly up here in Canada in our version of the fly-over states..

     


  • Trolleybus Mechanic

    @Nexzus said:

    Oh, and Smart Car tipping was a fad briefly up here in Canada in our version of the fly-over states..

    That wasn't a car tipping. A 90lb yoga instructor wandered out of the studio without looking both ways, and t-boned the passing car.

    No one was hurt, but she was initially charged with hit-and-run and leaving the scene of an accident. She was later acquitted when she testified that she had blinked and didn't even know the collision had happened.

     


  • Considered Harmful

    Maybe very slightly funny but I can't help but imagine my horror and outrage if I had found that several people collaborated to flip my (mid-size sedan) car over.

    Not cool, bro.


  • Trolleybus Mechanic

    @joe.edwards said:

    I can't help but imagine my horror and outrage if I had found that several people collaborated to flip my (mid-size sedan) car over.
     

    How will you feel when you learn it wasn't several people?


Log in to reply