Heads up by Vault 7 CIA scandal topic on Wikileak. Last time we are talking about the high level overview of Samsung TV vulnerabilities for home user and hospitality industry.
We did not discuss technical information last time, since this is a quite interested topic. Let’s take this opportunity see whether we can find out more details in this area. Linux and Microsoft operating system cover up the computer market more than 30 years . Microsoft server and workstation market share are the biggest in business enterprise market exclude the BYOD and IoT markets. Since windows OS and traditional linux OS are bulky. Whereby hardware manufactures would like to develop their operating system. Apple hardware we all known using their proprietary iOS. Android and IoT devices more preferred linux environment. Tizen is a open source mobile operating system. It is developed by the alliance of Linux Foundation, LiMo Foundation, Intel, Samsung and Sprint Nextel. It supports the ARM and x86 platforms. The Tizen source code is available for download as it is a open source project. From technical point of view, Tizen operating system looks possible to replace OS platform for BYOD and IoT devices market soon. Meanwhile Tizen operating system have his own fundamental design limitation and weakness. Hackers or governance enforcement team can relies on this alleged design limitation and weakness to compromise the device. As a matter of fact, jailbreak activities popular since Apple iPhone century. We can seen that there are numbers of jailbreak technique available on the market includes Nintendo, Sony and Microsoft electronic game devices and mobile phone. But who is the accomplice of this activities? We believed that it is given by open source!
About the situation of Jailbreak Smart TV on the market
Understanding of Tizen OS architecture
Tizen is an operating system based on the Linux kernel and the GNU C Library implementing the Linux API. New model of Samsung Smart TV is running on top of TizenOS platform.The Tizen OS architecture shown as below:
About jailbreak methodology and official define usage angle
As usual, the traditional jail break method relies on physical USB serial adapter cable. A security expert did a proof of concept on LG smart TV. The experiment proof that it is easily to hack your LG TV with an adruino card via uploading scripts. Mike Stevans is the professor of ethical hacking course in México. He explains that libLGTV_serial is a Python library to control LG TVs (or monitors with serial ports) via their serial (RS232) port. Therefore you can use this method to hack into TV mode and root it. From hardware manufacture policy, end user are allow to customize the firmware. LG smart TV users are can download old firmware’s from official LG websites or for Internet forums. These firmware’s are customized as per user needs. Since manufacturer define a open standard policy on their products. This policy benefits for product development since more input idea and solutions can improve and enhance the smart TV functions and features. However a group of people not limit to hacker can take the advantage of this benefits to satisfy their wants. For instance, surveillance, information collection (video and voice recording). But it is hard to judge such action is incorrect if it use to avoid crime or terrorism activities.
Wireless attack on smart TV?
Hacker found that you are able to compromise the SamSung TV by Skype application! One of the solution is that install Skype widget on Smart TV goal reproduce Plug in authentication by pass. An authentication by-pass was discovered in the Desktop API offered by Skype whereby a local program could by-pass authentication if they identified themselves as a Skype Dashboard widget program. The smartTV app (skype) is linked directly to Tizen libraries, native libraries or Application compatibility layer (ACL) supplied libraries depending on functional, performance or hardware requirements. The architecture model of Skype application is shown as below:
Above information proof that the fundamental design of Tizen operating system contains authentication weakness. Hacker easy embedded malicious code in zip file through Skype. These can be used to copy files to any writable file system on the target and install a backdoor.
Remark: Yes, agreed that the culprit no only Tizen OS itself. Skype application contains vulnerabilities. The T9000 backdoor discovered by PaloAlto Networks is able to infect victims’ machines to steal files, take screengrabs, and records Skype conversations.
Foreseen security Issues in Tizen OS
1 . Applications over permission
2. OS memory protection
DEP (Data Execution prevention) not enable on Tizen OS.
Address Space Layout Randomization (ASLR) function have bugs. Remark: A technical article found that all the address of heap, stack and main modules in Tizen OS was not randomize. As a result it can’t avoid malware infection.
As mentioned last time, the 1st step I finish check-in from hotel will going to do this action.