Enlarge / A screen shot showing the exploit taking control of a Samsung TV.

A new attack that uses terrestrial radio signals to hack a wide range of Smart TVs raises an unsettling prospect—the ability of hackers to take complete control of a large number of sets at once without having physical access to any of them.

The proof-of-concept exploit uses a low-cost transmitter to embed malicious commands into a rogue TV signal. That signal is then broadcast to nearby devices. It worked against two fully updated TV models made by Samsung. By exploiting two known security flaws in the Web browsers running in the background, the attack was able to gain highly privileged root access to the TVs. By revising the attack to target similar browser bugs found in other sets, the technique would likely work on a much wider range of TVs.

"Once a hacker has control over the TV of an end user, he can harm the user in a variety of ways," Rafael Scheel, the security consultant who publicly demonstrated the attack, told Ars. "Among many others, the TV could be used to attack further devices in the home network or to spy on the user with the TV's camera and microphone."

Read 6 remaining paragraphs | Comments

 
libplist 'parse_string_node()' Function Local Denial of Service Vulnerability
 
libplist 'base64encode()' Function Local Denial of Service Vulnerability
 
Splunk Enterprise HTML Injection and Information Disclosure Vulnerabilities
 

Im involved in a project to deploy a SIEM (Security Information Event Management) / SOC (Security Operation Center) for a customer. The current approach is to outsource the services to an external company also called a MSSP (Managed Security Services Provider). We had an interesting chat about the pro con to have an internal or external SOC. The main arguments from the company are:

  • We dont have experience on board and we should hire people. And keep them on board!
  • We dont know how to deploy the SIEM / SOC
  • We have a limited budget (which is the 1st argument for many organizations)

Often, if not always conceded, the deployment of a SIEM is part of a long list of compliance requirements (from the business or the group the company belongs to).

Here is a small recap of the points we discussed:

SOC Pro Con
Internal
  • Good knowledge of the business
  • Tailored to your own requirements
  • All data are stored and processed internally
  • Easier correlation of events between the departments
  • Costs to deploy and maintain
  • Difficulty to hire talented people
  • Risk of conflict of interest between departments
  • Long term ROI
External
  • Costs (its a new service contract - OPEX)
  • Benefit of trends and detection on other customers
  • Access to more threat intelligence
  • No conflict of interest with the other departments (external advice reporting)
  • Scalability and flexibility
  • There is a clear lack of knowledge of the business
  • Lack of communications
  • Difficulties to keep the SIEM in sync with the infrastructure
  • Services are provided based on levels (ex: gold / silver / bronze)
  • Lack of dedicated people to YOUR environment
  • Data stored and processed outside your perimeter
  • Lack of customization

And you? What is your point of view? Feel free to share.

Xavier Mertens (@xme)
ISC Handler - Freelance Security Consultant
PGP Key

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Pitivi CVE-2015-0855 Arbitrary Code Execution Vulnerability
 
Nextcloud CVE-2016-9464 Unauthorized Access Vulnerability
 
ownCloud and Nextcloud CVE-2016-9462 Security Bypass Vulnerability
 
ownCloud and Nextcloud CVE-2016-9459 HTML Injection Vulnerability
 
Multiple VMware Products CVE-2017-4902 Local Heap-Based Buffer Overflow Vulnerability
 
Multiple VMware Products CVE-2017-4904 Local Memory Corruption Vulnerability
 
Multiple VMware Products CVE-2017-4905 Local Information Disclosure Vulnerability
 
GNU Binutils CVE-2017-7224 Remote Denial of Service Vulnerability
 
IBM Cognos Analytics CVE-2016-3015 Cross Site Scripting Vulnerability
 
Linux Kernel CVE-2016-2384 Local Denial of Service Vulnerability
 
Google Android CVE-2016-8399 Remote Privilege Escalation Vulnerability
 
[security bulletin] HPESBGN03722 rev.1 - HPE Operations Agent, Local Escalation of Privilege
 
Pixie CVE-2017-7361 Cross Site Scripting Vulnerability
 
IBM TRIRIGA Application Platform CVE-2017-1180 Unspecified Remote Privilege Escalation Vulnerability
 
Exponent CMS CVE-2016-9020 SQL Injection Vulnerability
 
GNU Binutils CVE-2017-7225 Remote Denial of Service Vulnerability
 
Dahua IP Camera CVE-2017-7253 Privilege Escalation and Information Disclosure Vulnerabilities
 
MikroTik RouterBoard CVE-2017-7285 Remote Denial of Service Vulnerability
 
Pixie CVE-2017-7363 Cross Site Scripting Vulnerability
 
NetIQ Sentinel CVE-2017-5185 Denial of Service Vulnerability
 
Linux Kernel CVE-2017-2647 Null Pointer Deference Local Privilege Escalation Vulnerability
 
Linux Kernel CVE-2017-7346 Local Denial of Service Vulnerability
 
Wonderware InTouch Access Anywhere Multiple Security Vulnerabilities
 
Multiple eMLi Products CVE-2017-7258 Directory Traversal Vulnerability
 
Multiple Schneider Electric Modicon Products Weak Cryptography Multiple Security Weaknesses
 
MantisBT CVE-2017-7241 Cross Site Scripting Vulnerability
 
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Linux Kernel CVE-2017-7294 Local Denial of Service Vulnerability
 
WebKit Memory Corruption and Information Disclosure Vulnerabilities
 
MantisBT CVE-2017-6973 Cross Site Scripting Vulnerability
 
MantisBT CVE-2017-7309 Cross Site Scripting Vulnerability
 
LibTIFF CVE-2016-10268 Heap Based Buffer Overflow Vulnerability
 
Internet Storm Center Infocon Status