Can your "smart TV" watch you?
LAS VEGAS Closing the curtains in your living room may not close the doors on potential hackers. At a demonstration Friday in Las Vegas, researchers showed an audience of children at Defcon Kids how a Samsung Smart TV can be hacked.
So-called smart TVs have an operating system installed that is similar to a smartphone, which hosts third-party apps. People can browse the Internet, launch apps and take photos using their remote controls.
Presented by security engineers Aaron Grattafiori and Josh Yavor of iSEC Partners, the exploit works by inserting malicious JavaScript code into text boxes in apps, like a Skype chat window or Facebook comments.
The researchers told CBSNews.com that the more dynamic a website is, the more opportunities there are for inserting code. They point out that the problem is not with the apps but with the way they were designed for Samsung's Smart TV.
Grattafiori said that they tested their exploit on Samsung Smart TVs because they offer the most features, which create more of an opportunity to find security flaws. He added that they have yet to try out other smart TVs.
One of the immediate questions that arises is whether the TV can turn its camera on its owner and open a gateway for home surveillance. The researchers say that a hacker could potentially take control of the TV's camera and remain undetected.
"They could actually either see live, streaming video into your home or office or to take still camera shots of you," Grattafiori said about potential hackers. "There's no physical indicator, nor visual indicator, that you'd be able to know your camera was on or taking pictures of you."
Grattafiori said that they've reached out to Samsung about their findings, and the company has been responsive to their research. It's unclear if the security flaw can be found in TVs made by other manufacturers.
A spokesperson for Samsung told CBSNews.com that the company is aware of the security issues regarding the Smart TV and has released a software update to resolve the issue. The company says it is taking measures to vigorously enhance security and protect its customers' privacy.
iSEC Partners initially presented their findings at the Black Hat conference this week, along with an exploit to Verizon's femtocell that lets hackers take control of mini cell phone towers. Other researchers showed how cyber-criminals could hack into "smart home" control systems. They also exposed vulnerabilities in iPhone chargers, driverless cars and other high-tech devices.