How an Internet-connected Samsung TV can spill your deepest secrets

A frame from a video demonstrating how Samsung TVs can be remotely commandeered.

If you use a Samsung "Smart TV" that's connected to the Internet, there's a good chance Luigi Auriemma can hack into the device and access files stored on connected USB drives.

The researcher with Malta-based security firm ReVuln says he has uncovered a vulnerability in most Samsung models that makes it easy for him to locate their IP address on the Internet. From there, he can remotely access the device and exercise the same control someone in the same room would have. That includes gaining root access and installing malicious software. The attack exploits bugs in features that allow end users to install Skype, Pandora, and other types of apps. The TVs can be controlled using smartphone and tablet apps and in some cases by voice commands.

"At this point the attacker has complete control over the device," he wrote in an e-mail to Ars. "So we are talking about applying custom firmwares, spying on the victim if camera and microphone are available, stealing any credential and account stored... on the device, using his own certificates when accessing https websites, and tracking any activity of the victim (movies, photos, music, and websites seen) and so on. You become the TV."

Read 9 remaining paragraphs | Comments

New Mac trojan tricks users into paying pricey cell phone fees

Researchers have discovered new Mac-based malware that's designed to trick users into paying pricey subscription fees.

Dubbed Trojan.SMSSend.3666, the trojan masquerades as "VKMusic 4 for Mac," a name that closely resembles an app used to listen to music on a popular Russian social networking site, according to a report published on Wednesday by Russia-based antivirus provider Doctor Web. An installer prompts users for a cell phone number, purportedly as part of the registration process. Users who respond to a subsequent text message then receive a bill charged to their mobile account.

"Trojans of this family used to plague Windows users, but Trojan.SMSSend.3666 targets owners of Apple computers," Wednesday's advisory stated.

Read 1 remaining paragraphs | Comments

FBI snares $850 million Butterfly botnet ring with help of Facebook

On Tuesday, the FBI announced that it had arrested ten people connected to a botnet that had spread through Facebook. Spread by a virus targeting Facebook users, the botnet caused over $850 million in losses to financial institutions, infected over 11 million computers, and stole credit card and bank account data. The botnet itself was shut down in October, according to an FBI statement.

This is the second major outbreak of botnets based on the Butterfly (aka Mariposa) bot tool. The first incarnation, discovered in December 2008 and shut down a year later, infected over 12 million PCs worldwide and was spread primarily through file-sharing and instant messaging attacks. It also harvested financial information from over 800,000 victims.

In the latest incarnation of Butterfly, the botnet spread itself using variants of Yahos, a virus that spreads itself by sending links via social networks and instant messaging. Victims clicked on the link, launching Yahos' attack. The malware, which in some variants disguised itself as an NVIDIA video driver, then downloaded and installed the botnet controls and browser exploits that captured users' credit card and bank account information. The spread of viruses like Yahos prompted Facebook to  partner with McAfee in 2010 to provide tools to users to clean infected systems.

Read 1 remaining paragraphs | Comments

Smartphone and Tablet Version of TOGAF 9

For those that are like me, I use my smartphone or tablet throughout the day. Often times it is much easier to go to those devices than the traditional laptop. Given that I am always on the hunt for mobile formatted versions of content.

The Open Group has had their TOGAF mobile site enabled for quite some time but not sure many folks knew about it. Below is a link to that site:

http://pubs.opengroup.org/architecture/togaf9-doc/m/

I use this like I use an app on the iPhone. You can add this to your Home Screen fairly easily. Here are the steps:

  1. Launch Safari on your iPhone
  2. Browse to the TOGAF Mobile Site (http://pubs.opengroup.org/architecture/togaf9-doc/m/)
  3. Click the Share button at the bottom of Safari
  4. Click "Add to Home Screen"
  5. Type a name for the icon that will appear on your home screen
  6. Click the "Add" button