updated 02:25 pm EDT, Tue April 24, 2012
Vulnerabilities discovered in prank gone awry
An Italian security researcher has discovered two vulnerabilities in all current versions of Samsung's TVs and Blu-ray players that potentially open up those systems to attackers. The security flaws hinge on a vulnerability in the protocol the systems use to handle remote controllers.
Attempting to play a practical joke on his brother, Luigi Auriemma altered the name string of a remote he was connecting to his brother's TV. When connected to the TV, the remote caused the TV to enter an infinite loop, denying the user remote or manual control, and restarting the set every five seconds. The problem persisted even after unplugging the TV.
Auriemma was also able to crash devices by setting the MAC (Media Access Control) address on a remote to a very long string. He believes the crashes indicate a buffer overflow vulnerability in Samsung's firmware. In order to exploit these vulnerabilities, a device needs only to be connected to a Wi-Fi network. Auriemma claims there is no fix for the bugs and that he was unable to report the bugs to Samsung. [via Threat Post]