At the Black Hat IT security conference, a duo of hackers have revealed that Samsung's Smart TVs have a number of security vulnerabilities, mainly in its apps. For example, the pre-loaded Skype app can allow a hacker to read the user's Skype name and password, and also go as far as use the microphone and camera that Skype is using to monitor the unsuspecting consumers.
The browser on these TVs can also be compromised, by executing the necessary JavaScript code when a user clicks on some link, allowing a hacker to override the DNS server setting and open up a fake website instead, as Samsung's customized WebKit engine does not seem to verify TLS certificates and hence doesn't warn a user when the server certificate of a phishing site doesn't match the called URL.
Samsung has apparently closed some of the vulnerabilities in an update for some products, and let's hope the company can stay on top of such security flaws without needing someone to demonstrate these exploits.
