Samsung Smart-TV without TLS-Certificate-Check?

The German security news page “heiseSecurity” reports from Black Hat that Samsungs Smart-TV is vulnerable to attacks from the internet (drive by and attacks via status messages of Skype contacts, since they do not install an official build of the Skype client, but something self-implemented) – that’s bad enough, but they did it even worse: the webkit browser that has been built by Samsung seem to not check SSL-/TLS-certificates. So that after an attack via the Skype-vulnerability that is able to change the DNS settings, you can simply redirect any SSL web traffic to your own site, without any warning for the user.

So another company that has been asked “How dumb can you be?” – And answered: “Challenge accepted!”


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Sylvio's Infobox

Aktuelle Themen rund um SQL Server, BI, Windows, ...

Meredith Lewis

Professional Digital Portfolio

Vittorio Bertocci

Just another weblog

ScottGu's Blog

Just another weblog

AJ's blog

Thoughts and informations I think worthwhile to share...

Outlawtrail - .NET Development

Architecture & Design

SDX eXperts Flurfunk

Just another weblog

%d bloggers like this: