Here, Let Me Put Some Java In Your Television



  • https://securityledger.com/2013/08/samsung-smart-tv-like-a-web-app-riddled-with-vulnerabilities/  

    Vulnerabilities in the underlying operating system and applications on
    Samsung SmartTVs could be used to steal sensitive information on the
    device owner, or even spy on the television’s surroundings using an
    integrated webcam. The Samsung SmartTV is essentially, a Linux device configured with a Webkit-based browser to run web pages and applications.

    In their presentation, the two showed how vulnerabilities in SmartHub,
    the Java-based application that is responsible for many of the SmartTV’s
    interactive features, could be exploited by a local or remote attacker
    to  surreptitiously activate and control an embedded webcam on the
    SmartTV. The researchers were able to conduct DNS poisoning and drive-by
    download attacks and show how vulnerabilities could be combined to
    steal local user credentials and those of connected devices, browser
    history, cache and cookies as well as credentials for the local wireless
    network,

    Why is is that anything with "Smart" in the name always turns out to be horrendously stupid.



  • @El_Heffe said:

    Why is is that anything with "Smart" in the name always turns out to be horrendously stupid.

    That's a little harsh.

    @securityledger.com said:

    SmartTVs do support remote OTA (over the air) firmware and application updates, and can even force updates for key features like the web browser, while the vulnerabilities in the Skype application were fixed almost immediately

    So they can fix these little fuckups in the field, and as long as their firmware never achieves the kind of market dominance in TV that Microsoft's OS achieved on the desktop they should remain no more atttractive an attack target than any of their competitors.



  • @flabdablet said:

    @El_Heffe said:
    Why is is that anything with "Smart" in the name always turns out to be horrendously stupid.

    That's a little harsh.

     

    Please name one that isn't. (Smart Car doesn't count).

    @flabdablet said:

    So they can fix these little fuckups in the field

    It's a television! It shouldn't be so complex as to ever even HAVE fuck ups like this.

     

     



  • @Lorne Kates said:

    @flabdablet said:

    @El_Heffe said:
    Why is is that anything with "Smart" in the name always turns out to be horrendously stupid.

    That's a little harsh.

     

    Please name one that isn't. (Smart Car doesn't count).

    Smartphone?



  • @Lorne Kates said:

    Smart Car doesn't count

    ...because?

    @Lorne Kates said:

    It's a television! It shouldn't be so complex as to ever even HAVE fuck ups like this.

    It's a (television|telephone|printer|cash register|electricity meter|car|weapon|refigerator|book|other)! It shouldn't be so complex as to ever even HAVE fuck ups like this.

    And you kids get off my lawn.



  • It's not a television, it's a computer without a keyboard.



  • ...I don't get the constant blakeyrat / signatureguy thing...? I am impressed, however, at his ability to screw with his avatar panel...



  • @skotl said:

    ...I don't get the constant blakeyrat / signatureguy thing...? I am impressed, however, at his ability to screw with his avatar panel...

    It's not blakey doing that, it's immibis's signature; Community Server amusingly fails to enforce tag balance in sig blocks.



  • @flabdablet said:

    And you kids get off my lawn.
    When I was young, TV would turn on in less than 5 seconds, and switching channels was instant. Now my TV needs about 10 seconds (part of that time showing me the manufacturer logo), switching channels is slow (doesn't matter whether it's the digital cable, or the IPTV set-top-box), and sometimes sound doesn't work (which is solved by unplugging and replugging the CI card for cable channels, and the STB for IPTV channels). But hey, at least now I have 200 channels I don't ever watch - such is the price of progress.



  • At the risk of sounding anti-technology, I just don't trust this "smart" stuff either.

    I mean, even the major, well-tested and (supposedly) well-reviewed standards and systems turn out to have important security problems (DNS, WEP, WPS, email). Am I supposed to expect that a product made entirely by a company like Samsung*, with no outside supervision at all, will be completely secure? Not to mention the usability of TV software tends to be generally bad.

    ---
    *Not that I'm saying Samsung always makes bad products, just that it's one of those companies that would rather sell 1000 different cheap products than focus their efforts on making 100 good products.



  • @flabdablet said:

    @Lorne Kates said:
    Smart Car doesn't count

    ...because?

     

    Because it's a brand name, not an adjective.

     

     



  • @skotl said:

    ...I don't get the constant blakeyrat / signatureguy thing...? I am impressed, however, at his ability to screw with his avatar panel...

    Hey don't blame me for someone else fucking with the forum and just using my image.



  • @Lorne Kates said:

    Because it's a brand name, not an adjective.

    And yet, it costs more, gets the same mileage, and is less safe than a substantially larger Toyota Echo. So it's still fucking stupid.



  • @blakeyrat said:

    @Lorne Kates said:
    Because it's a brand name, not an adjective.

    And yet, it costs more, gets the same mileage, and is less safe than a substantially larger Toyota Echo. So it's still fucking stupid.

     

    Yes. Just not for the reasons Smart [whatever... dog kibble?]  are.

    (I was going to post a link showing that the Smart Car's crash rating is surprisingly not as bad as you'd think, but instead of finding the link I wanted, I found an equal amount of articles saying so, and an equal amount saying no-- so fuck it, I don't care enough to do the research).



  • @anonymous234 said:

    At the risk of sounding anti-technology, I just don't trust this "smart" stuff either.
    It's not about being "anti-technology" or being an old fart who wants you damn kids to get off my lawn. It's about more and more companies cramming more and more stuff of questionable value  into their products -- and doing a really shitty job of it.

    I'm surrounded by all sorts of technology that didn't exist when I graduated from highschool.  And it's great.  I would hate to back to the old days when I couldn't sit down at a computer and instantly find any information I want, or call someone a cunt.

    The problem is that there is now this push to turn everything into a computer, regardless of whether or not it actually makes sense.  This is made even worse because we haven't yet reached the point where we can reliably create computer software that isn't shitty, buggy, and filled with security holes, and yet we're already moving on, putting the same shitty code into your phone, television, refrigerator, purple dildo and any other device that anyone can think of.



  • @immibis said:

    It's not a television, it's a computer without a keyboard.
     

    That.

    Mate in .AU owns a Sony TV and found it runs a Linux OS.

    When his kids are all gathered watching cartoons, he's been known to SSH into it and issue a command that rotates the screen through 90 degrees just to watch child heads tilt en-masse.



  • @ender said:

    @flabdablet said:
    And you kids get off my lawn.
    When I was young, TV would turn on in less than 5 seconds, and switching channels was instant. Now my TV needs about 10 seconds (part of that time showing me the manufacturer logo), switching channels is slow (doesn't matter whether it's the digital cable, or the IPTV set-top-box), and sometimes sound doesn't work (which is solved by unplugging and replugging the CI card for cable channels, and the STB for IPTV channels). But hey, at least now I have 200 channels I don't ever watch - such is the price of progress.
     

    Mine still switches channels instantly. Then again, it uses the same CPU I play games with. And the mouse-keyboard combination for UI is nice. The UI overall feels crisp. Granted, bootup and shutdown times are still a bit lengthy, and if I shut it down improperly, it needs even more time on next boot-up to check the disk. And it shows the damn old Windows logo on boot-up too.

    But it's stable and reliable, so I can't complain. Well, I do have to get updates manually, but at least I can get them when they're hot. And I can even choose the software I watch on.

     

    In all seriousness, why would someone who owns a perfectly good computer even bother with a digital television? A computer + a good screen + tuner card combo isn't that much more than a good TV. ...I guess. I've never owned a TV, so I wouldn't be the best person to say for sure. But when you do reply to this, take a moment first to consider the "good" part in "a good TV".



  • @flabdablet said:

    @skotl said:
    ...I don't get the constant blakeyrat / signatureguy thing...? I am impressed, however, at his ability to screw with his avatar panel...

    It's not blakey doing that, it's immibis's signature; Community Server amusingly fails to enforce tag balance in sig blocks.

    Yeah, I fooled around with the Signature Guy html a bit.  It's fun but not very practical. It's not so bad for somebody like immibis who posts rarely, but if someone who posts a lot put that in their signature it would get annoying really fast.  That's why I have signatures turned off in my profile settings.  Even non-Signature Guy stuff gets annoying pretty quickly.

     




  • I forgot to mention that most of us already got a good computer around. And a good screen. Although for sheer size TVs usually easily trump it. Then again, most TVs have HDMI-inputs now. And very few have an internal antenna. Wink, wink...

     



  • @El_Heffe said:

    The problem is that there is now this push to turn everything into a computer, regardless of whether or not it actually makes sense.  This is made even worse because we haven't yet reached the point where we can reliably create computer software that isn't shitty, buggy, and filled with security holes, and yet we're already moving on, putting the same shitty code into your phone, television, refrigerator, purple dildo and any other device that anyone can think of.

     

    For a TV, reusing video playback software stacks from the PC world technically makes sense.

     But then you have to put in a lot of processing power to get that Linux distro to run smoothly, since developing proprietary software costs money.

    And since the processing power is there, it makes business sense to put in other, value-added features that make use of it, at the cost of 10% increase in flash cost. Which might not be a factor, if you had space left over in the cheapest flash chip that fit your software anyway; flash chips come in certain size increments only.

    Unfortunately, a browser is now seen as a value-added feature in a TV. It'll eventually fail and get dropped though, as no-one wants to browse the net on the living room TV if there are others in the same household. Would you want to open your email on a 3-foot screen in the middle of your living room?

     


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.