Home
Home
Pricing

Published Pricing: Our Standard Rate Card Pricing Impact: Automated, Manual, or Both? Summary: How much does a penetration test cost?

General Pentest Info

What: What is a Penetration Test?

Why: Why Penetration Test? Why High Bit?

Types: Penetration Test Types Penetration Testing as a Service (PTaaS)

Methods and Samples

Methodologies: Safety and Stability Network Penetration Testing Web App Penetration Testing Wireless Penetration Testing Compliance

Report Samples: Report Samples Explained Full Private Report Sample Finding Report Sample Remediation Checklist Sample Public Facing Report Sample

FAQ

Questions that often are asked: FAQ - Frequently asked questions

Questions you may want to ask: Questions to ask about Cost Quality Questions - Automation Quality Questions - Web Applications

About
About High Bit Security

High Bit Security Reviews

Contact
Contact Us
Real News.
Real Companies.
Is Yours Next?
Simple contact: 3 fields, one form, that's it. Inquire Here:
Cost effective, proactive testing to keep you out of the news - use the form below.

Email (Company domain please):


no gmail, yandex, yahoo, etc.
captcha
Enter code:
Yes, I am a human.

Security News

At Risk: Mortgage Companies
Cyber Espionage Presentation with Congressman Rogers and FBI
At Risk: Staffing Firms
At Risk: Medical Facilities
High Bit 2012 Report: 95.83% Businesses Vulnerable
Hospice Fined For Data Breach
High Bit 2013 Predictions
Cybersitter China Hack
Hospitals 94% Breached
Samsung TV Vulnerability
Medical Ransomware

Samsung Smart TV security hole allows hackers to watch you, change channels or plug in malware

by Lisa Vaas on December 12, 2012 www.nakedsecurity.sophos.com

Did your Samsung Smart TV just switch channel? Don't blame the dog for stepping on the remote control - there's a remote possibility it could be hackers who've hijacked your smart TV. Researchers with Malta-based security consultancy and bug seller ReVuln have found a vulnerability in an unspecified model of a Samsung LED 3D TV that they exploited to get root access to the TV and any attached USB drives. In a video titled "The TV is Watching You", ReVuln shows a Samsung TV screen with which the researchers systematically fiddle.

Here's what the researchers found they could access: TV settings and channel lists, SecureStorage accounts, Widgets and their configurations, History of USB movies, ID, Firmware, Whole partitions, USB drives attached to the TV. By exploiting the vulnerability, ReVuln also found that they could retrieve the drive image, mount it locally, and check for sensitive documents or material that should remain private, such as usernames, passwords, financial documents, or any other type of material typically kept on USB drives. If the victim uses a remote controller, ReVuln also found that they could get its configuration and thereby control the TV remotely. ReVuln also found they could install malware remotely to gain complete root access to the TV, co-founder Luigi Auriemma told IDG News Service:

"If the attacker has full control of the TV...then he can do everything like stealing accounts to the worst scenario of using the integrated webcam and microphone to 'watch' the victim." The vulnerability extends beyond one specific model tested in the firm's lab, he said: "The vulnerability affects multiple models and generations of the devices produced by this vendor, so not just a specific model as tested in our lab at ReVuln." ReVuln is a recent entrant into the market for buying and selling bug and vulnerability information and mostly focuses on vulnerabilities in SCADA and ICS software that run utilities, industrial systems and the like. Auriemma has played around with TVs before. In April, he stumbled on a vulnerability in all current versions of Samsung TVs and Blu-Ray systems that would allow an attacker to gain remote access.

At the time, he said that the vulnerabilities could be found in all Samsung devices with support for remote controllers. One hopes that the researchers have acted responsibly and informed Samsung of the vulnerabilities in their consumer devices, and that an over-the-internet firmware update to plug the security holes will be forthcoming.