All Samsung TVs have a remote kill switch to disable stolen sets, and the company just...

[midian182]

In brief: Samsung has given us another reason not to buy stolen goods: the Korean giant has revealed a feature that allows it to disable its televisions remotely. The technology was recently used after a number of TVs were stolen from a warehouse in South Africa.

Samsung explains that the Television Block Function is already pre-loaded on all Samsung TV products, though it only works if Samsung knows the serial code of a stolen unit. Once the set connects to the internet, its number is checked against a database on the company's servers. A match results in all of the TV's functions being disabled.

Samsung utilized Television Block last month after unrest and looting in South Africa saw several of its sets stolen from the company's Cato Ridge distribution center. As they were taken from Samsung directly, the company knew exactly which serial numbers to look out for.

"In keeping with our values to leverage the power of technology to resolve societal challenges, we will continuously develop and expand strategic products in our consumer electronics division with defence-grade security, purpose-built, with innovative and intuitive business tools designed for a new world. This technology can have a positive impact at this time, and will also be of use to both the industry and customers in the future," said Mike Van Lier, Director of Consumer Electronics at Samsung South Africa.

We still don't know if Samsung TV owners can or will be able to report their stolen set's serial numbers to Samsung so the company can activate the block, or if the service is reserved for large-scale thefts from stores and warehouses.

While the technology will doubtlessly be helpful in deterring thieves, Samsung TV owners might be concerned by the company's ability to brick their sets remotely, especially if the feature could potentially be hacked.

Samsung added that anyone in South Africa whose television was blocked by accident must send their proof of purchase to zaservicemanager@samsung.com.

Permalink to story.

https://www.techspot.com/news/90957-all-samsung-tvs-have-remote-kill-switch-disable.html

 

[QuantumPhysics]

One of the things people fail to understand about digital technology is that all of these items are unique.

Their uniqueness shows up immediately on a network.

They can be identified and manipulated over that network.

Stolen equipment being disabled doesn't concern me.

But the mere fact that they can be disabled arbitrarily does.

 

[NicktheWVAHick]

If they know where the signal is coming from why don’t they just hire a hit squad to go to that location and exterminate the criminal? THAT would make for some great TV….”Samsung Assasin Squad” on Fox.

 

[seeprime]

This is concerning because hackers will now try to phish and otherwise get into the Samsung servers to not only install ransomeware but to also threaten to disable every connected Samsung TV. This is a real possibility. Once disabled, the original TV owner must send Samsung proof of purchase and some personal ID's to have it reactivated. Should millions be shut down all at once, this will be a logistical nightmare for both Samsung and its customers. I just learned that there is no good reason to keep a smart TV online anymore. I'll use a Roku box and stream using that.

Damnit. The world is going nuts.

 

[hahahanoobs]

If OnStar can disable a car fleeing police, Samsung should be just fine.

 

[Dimitriid]

There's no reason why instead of a "kill yourself" switch you put a "report back all the data you can about this serial number" as soon as the initial handshake it's done: If there was ever a privacy concern about IoT stuff well, Samsung just went ahead and created a huge backdoor they're overseeing entirely and once again, it is up to a private company to decide if they want to limit their scope or not instead of being accountable to anyone about controlling a product they already sold.

Plus you know groups like the NSA will be rushing to demand control of them if they don't have it already.

 

[fps4ever]

I wonder if you just connect it as a "dumb" TV with no network access it will never report back and it works? Hook up a Roku, Firestick, etc...and go from there.

 

[madboyv1]

If OnStar can disable a car fleeing police, Samsung should be just fine.

A corporation unilaterally taking action against stolen property to protect their interests is a little different than the process of Onstar using Stolen Vehicle Assistance, which requires a victim to file a police report and then law enforcement contacting Onstar to do it.

But otherwise, yes Samsung will be fine. They would not be willy nilly disabling screens for fun as it would harm their brand image immediately and permanently, and that of course is no bueno for the bottom line. I'd be more concerned for bad actors like seeprime mentions. Good thing my Samsung TV is almost 10 years old and does not have any smart features~

 

[wiyosaya]

Its not like other things on the market do not already have something similar. Some of Apple's devices have a similar feature. This has got to be some incentive for people not to attempt to steal things like this.

One of the things people fail to understand about digital technology is that all of these items are unique.

Their uniqueness shows up immediately on a network.

They can be identified and manipulated over that network.

Stolen equipment being disabled doesn't concern me.

But the mere fact that they can be disabled arbitrarily does.

And they all have a "call home" feature that they all use to check on software updates, etc., if they are connected to the internet.

I do have plans to get a smart TV in the future, however, it will only be used as a monitor for my HTPC. As I am not all that concerned about a mistaken disable command being sent to my display.

This is concerning because hackers will now try to phish and otherwise get into the Samsung servers to not only install ransomeware but to also threaten to disable every connected Samsung TV. This is a real possibility. Once disabled, the original TV owner must send Samsung proof of purchase and some personal ID's to have it reactivated. Should millions be shut down all at once, this will be a logistical nightmare for both Samsung and its customers. I just learned that there is no good reason to keep a smart TV online anymore. I'll use a Roku box and stream using that.

Damnit. The world is going nuts.

IMO, you have hit on the key - There are plenty of reasons to not connect a "smart device," of any kind, to the internet, IMO.

And, of course, it would be a logistical nightmare, not to mention a PR one, for Samsung to accidentally disable millions of TVs.

Heck, when the new digital TV standard ATSC 3.0 hits the general market and I get a TV and/or HD HomeRun tuner that complies with the standard, I plan on blocking it, at my firewall, from connecting to the internet because part of the ATSC 3.0 standard is that it can call back to any stations that it receives via the Internet thus allowing "targeted advertising".

 

[wiyosaya]

A corporation unilaterally taking action against stolen property to protect their interests is a little different than the process of Onstar using Stolen Vehicle Assistance, which requires a victim to file a police report and then law enforcement contacting Onstar to do it.

But otherwise, yes Samsung will be fine. They would not be willy nilly disabling screens for fun as it would harm their brand image immediately and permanently, and that of course is no bueno for the bottom line. I'd be more concerned for bad actors like seeprime mentions. Good thing my Samsung TV is almost 10 years old and does not have any smart features~

A good firewall would protect against random connections from outside the owner's local network. First, the hacker has to find their way through that firewall - if that is even possible in the case of a well-designed firewall. That, though, depends on the device owner having a reasonable degree of technical knowledge about how to protect their network and the devices on it.

Personally, I am not all that concerned for my network with respect to the threat of such an attack. My firewall just does not respond to any "ping" requests, and will not allow connections to it that are not related to an outgoing connection. Nor do I have any ports open for anything. Lastly, I tend not to have "smart" devices connected to the internet. IMO, "bad actors" are not that hard to deal with when someone has a good firewall between their local network and the internet.

But, for the non-technical user, I can see instances where this might be a problem if they don't have a good firewall device that is properly configured by default.

 

[nodfor]

Just remembered an episode from "Brotherhood", were some criminals were thinking to link up a console and start playing online and their boss (Freddie Cork) responded " How about we invite the FBI to listen to us when we talk, huh?"

 

[wiyosaya]

If they know where the signal is coming from why don’t they just hire a hit squad to go to that location and exterminate the criminal? THAT would make for some great TV….”Samsung Assasin Squad” on Fox.

Yes, that's the ticket. That would serve justice and Samsung's reputation.

(I am sure you were being sarcastic.)

 

[Lionvibez]

If they know where the signal is coming from why don’t they just hire a hit squad to go to that location and exterminate the criminal? THAT would make for some great TV….”Samsung Assasin Squad” on Fox.

lol you watch too much Tv dude.

 

[madboyv1]

[stuff]

All that is true and all, especially the comment about non-technical users, which are a vast majority of users. However, when I mention bad actors, I mean like the scenario like seeprime envisioned where said bad actor (read:hacker) attacks or infiltrates Samsung's network, finds the C&C system for this TV Block mechanism and inevitably a database of serial numbers, and then starts causing havoc. An unlikely event for sure, but considering how many breaches have affected corporations and servers as of late, the chances are not even close to 0%.

And it should be noted that a lot of these smart devices relies on being able to call home and get word back from the server for a lot of their smart features to work properly, if at all. There are websites/forums/subreddits dedicated to poking around seeing what can be blocked and what can't be in order to clamp down all the data leakage (usually behavioral for ads and content recommendations) smart TVs in particular are notorious for.

 

[ScottSoapbox]

So don't connect a stolen TV to wifi.

 

[Avro Arrow]

"Once the set connects to the internet, its number is checked against a database on the company's servers. A match results in all of the TV's functions being disabled."
Oh man, that's a pretty irresponsible thing to reveal. Now the thieves know that the TVs will still be usable as long as they're used as regular TVs and not hooked up to the internet to enable their "smart" features.

THEY LITERALLY JUST TOLD THE THIEVES HOW TO GET AROUND THIS SECURITY FEATURE!!!

I personally don't care for "smart" TVs because I always hook up a PC to them anyway and that way my TV can't spy on me.

 

[hahahanoobs]

A corporation unilaterally taking action against stolen property to protect their interests is a little different than the process of Onstar using Stolen Vehicle Assistance, which requires a victim to file a police report and then law enforcement contacting Onstar to do it.

But otherwise, yes Samsung will be fine. They would not be willy nilly disabling screens for fun as it would harm their brand image immediately and permanently, and that of course is no bueno for the bottom line. I'd be more concerned for bad actors like seeprime mentions. Good thing my Samsung TV is almost 10 years old and does not have any smart features~

Actually the call to OnStar happens in real time during a chase. Ending the chase and retrieving the car.

Disabling the TV's does the exact same thing. But you're worried about your privacy even it could result in getting your TV back. Cool story. Fearmongering doesn't work against common sense. Just an FYI.

 

[hahahanoobs]

So don't connect a stolen TV to wifi

Am I correctly assuming the logic here is to keep stealing them - just don't use their main function?

Why isn't it, don't steal tv's?

 

[Uncle Al]

Just as problematic is the fact that a decent hacker can also get access and create all sorts of problems. For that reason I still think the rightful owner should have the ability and right to shut down that part of the system. It's easy enough for them to do it so why reserve it to corporate controllers? AND just as important, what happens if your TV accidentally gets shut down ... ever try to deal with their CSR's?

 

[Avro Arrow]

Just as problematic is the fact that a decent hacker can also get access and create all sorts of problems. For that reason I still think the rightful owner should have the ability and right to shut down that part of the system. It's easy enough for them to do it so why reserve it to corporate controllers? AND just as important, what happens if your TV accidentally gets shut down ... ever try to deal with their CSR's?

Well, that does depend on whether or not they're able to figure out the OS that the TV's using. If it's UNIX-based, then yeah, but if it's a Samsung-proprietary OS, they might not have a clue as to how to even get in.

 

[Avro Arrow]

So don't connect a stolen TV to wifi.

Yep, that was really stupid of Samsung to reveal. All they had to do was say "We have a way of bricking stolen TVs." but no, they had to explain it like some dumb supervillain explaining his elaborate plan to Batman which lets Batman know how to defeat it.

 

[wiyosaya]

There's no reason why instead of a "kill yourself" switch you put a "report back all the data you can about this serial number" as soon as the initial handshake it's done: If there was ever a privacy concern about IoT stuff well, Samsung just went ahead and created a huge backdoor they're overseeing entirely and once again, it is up to a private company to decide if they want to limit their scope or not instead of being accountable to anyone about controlling a product they already sold.

Plus you know groups like the NSA will be rushing to demand control of them if they don't have it already.

This reminds me of a story I saw several years ago where some dude had a Mac stolen. I don't remember the details, but he had something set up on the system where he could log in remotely when it was connected to the internet. I am not entirely sure it was a VPN, but when he logged in to that system, he had full administrative access. So, the thief powered up the system and it connected to the internet. The owner of the system then turned on the camera and made video of the thief. The owner was also able to track the address of the thief's location - and then called the police in that area to report all the information to them. (Unfortunately, I am unable to quickly find the link to the story, but it was a very humorous read. ) This was all without Apple's help.

Long story short - the police paid the thief a visit and arrested the thief, and the owner eventually got his system back.

So, the same thing would almost certainly be possible to do with the stolen TVs reporting as much info to an interested party - in this case, probably Samsung, who could then contact authorities in that area and have them visit the TV thief and arrest them. Somewhat similar to what @NicktheWVAHick was suggesting without dispensing instant "justice."

To me, it seems like that would be a better idea rather than disabling the set. (I.e., just leave it enabled and let the thief, or purchaser of the stolen TV think they got a great deal ) However, I am sure someone in possesion of the stolen goods would attempt to argue that they were "entrapped" illegally.

All that is true and all, especially the comment about non-technical users, which are a vast majority of users. However, when I mention bad actors, I mean like the scenario like seeprime envisioned where said bad actor (read:hacker) attacks or infiltrates Samsung's network, finds the C&C system for this TV Block mechanism and inevitably a database of serial numbers, and then starts causing havoc. An unlikely event for sure, but considering how many breaches have affected corporations and servers as of late, the chances are not even close to 0%.

Unfortunately, that's on Samsung. I think the same argument can be made of IoT devices, as well.

And it should be noted that a lot of these smart devices relies on being able to call home and get word back from the server for a lot of their smart features to work properly, if at all. There are websites/forums/subreddits dedicated to poking around seeing what can be blocked and what can't be in order to clamp down all the data leakage (usually behavioral for ads and content recommendations) smart TVs in particular are notorious for.

Interesting. All I can say is I am glad I don't rely on the "smart" functions of TVs or other devices.

 

[wiyosaya]

Well, that does depend on whether or not they're able to figure out the OS that the TV's using. If it's UNIX-based, then yeah, but if it's a Samsung-proprietary OS, they might not have a clue as to how to even get in.

From my experience, information on how to get a device into "service mode" is generally available somewhere on the internet. Once you have a device in service mode, administrative settings are generally available.

For instance, I have an LG monitor at home that was incorrectly identified by PCs as a TV which caused the video to skew off the left of the display and leave a black bar on the right. I looked the problem up - it was widely known - and found out how to get the monitor into service mode (I think I found a YouTube video on it) which then allowed me to overwrite the EEPROM in the monitor to permanently make the monitor report itself as a Monitor instead of a TV.

 

[Avro Arrow]

From my experience, information on how to get a device into "service mode" is generally available somewhere on the internet. Once you have a device in service mode, administrative settings are generally available.

For instance, I have an LG monitor at home that was incorrectly identified by PCs as a TV which caused the video to skew off the left of the display and leave a black bar on the right. I looked the problem up - it was widely known - and found out how to get the monitor into service mode (I think I found a YouTube video on it) which then allowed me to overwrite the EEPROM in the monitor to permanently make the monitor report itself as a Monitor instead of a TV.

Well that's cool, as weird as it is that a monitor would ID itself as a TV. I probably would have just adjusted the picture position manually to compensate (if it had enough play that is) but it's cool to know that you can do it in different ways.

 

[CrisisDog]

Great if used properly, but imagine the government getting a hold of this information at a time of civil unrest....