
Samsung Blu-ray players bricked because of an XML config file - jgome
https://www.theregister.com/2020/07/18/samsung_bluray_mass_dieoff_explained/
======
userbinator
_One thing you have to understand is that these internet-connected Blu-ray
players in question are programmed to log their activities and send copies of
this information to Samsung._

In some ways, this is even more disturbing than the bricking.

Only corporate greed can create a media player that watches you and needs
constant firmware updates.

I have a VCR and DVD player which still work, and things like this are the
reason I'm not buying any newer standalone players.

It reminds me of this old meme (I'm not aware of a Blu-ray version):
[https://files-cdn.sharenator.com/pirate-
dvds-s800x825-43988....](https://files-cdn.sharenator.com/pirate-
dvds-s800x825-43988.jpg)

~~~
Johnny555
It's worse than you think - it's not just your DVD player that's spying on
you, but your TV is too -- many TV's use Automated Content Recognition to
detect what you're watching regardless of source (DVD, over the air, streaming
app, etc). They even detect commercials, and which language you're listening
to.

[https://www.adexchanger.com/ad-exchange-news/the-
marketers-g...](https://www.adexchanger.com/ad-exchange-news/the-marketers-
guide-to-acr-tech-in-smart-tvs/)

~~~
dylan604
How do you think manufactures can afford to sell these large screens at such
cheap prices. They continue to make money off of you long after the initial
sale. I'm surprised they just don't give them away (except it would probably
raise too many questions).

Your digital cable boxes have been doing this for even longer.

~~~
megablast
They aren't getting much back from selling the data. Maybe $20 off.

~~~
dylan604
And that is based on what data? BigCorps tend to not continue doing something
if it's not going to bring them much return.

~~~
Fezzik
Somewhat tangential, but Facebook’s average revenue per user was less than $9
in 2019. I can’t imagine TV manufacturers can eek out nearly that much revenue
from the data they collect. Especially considering that almost everyone is
streaming or using cable and all of that data is going to Hulu/Netflix/Cable
providers and then passed on to advertisers anyway.

~~~
dylan604
FB has 1.5B+ daily users. $9 * 1.5B = A LOT OF CASH. Is that per month, per
year? Plus Insta, plus WhatsApp

TV Manufactures may not sell 1B units (maybe they do), but it's still a large
enough number that it will not be unnoticed in a balance sheet

~~~
fdupress
In the case of Samsung and smart TVs, and to fully support the argument you
are supporting, it is not sufficient that Samsung makes a lot of money. They
need to make a lot more per user selling data than they would adding $20 to
the price of that TV.

But that $20 price difference would probably mean that less people buy
Samsung, so the maths isn't going to be that straightforward.

------
Someone1234
That's why: " _What_ does a factory reset entail?" is a fascinating question.

Everyone assumes you'll lose your settings during a factory reset, but what
isn't as clear cut: Does it revert the firmware to whatever it was shipped
with (bugs and all)? Some vendors do, but most vendors do not.

A legitimate factory reset (inc. firmware) mechanism or USB boot/reflash would
have likely saved Samsung considerable amounts of money here (relative to
mailing all of them two ways, they could have e.g. sent out free USB keys with
the firmware).

~~~
toast0
> Does it revert the firmware to whatever it was shipped with (bugs and all)?
> Some vendors do, but most vendors do not.

I think that's the only reasonable thing to do. Have the original firmware
either as an actual rom, or only writable with an enable jumper flipped; use a
power on key sequence to boot from the original firmware, copy to normal
firmware and reboot into normal firmware (which is now the original firmware).
Run through that process during manufacturing to confirm it works.

Regularly test that all released firmware images, especially those in the
original firmware slot can successfully upgrade (or at least not crash).
Preferably include current firmware version in all requests so you can give
workaround responses as needed when you figure out you broke something -- in
the hostname is ideal, as you can use that to work around version specific
certificate issues.

The reason a Blu-Ray player (or a video game console) might not let you go
back to original firmware is to prevent reverting to earlier firmwares that
allowed copied media, etc. For those, you probably want to have a 'safe'
firmware slot (or two, ideally) that drives the factory reset process, and
only reflash those slots on some updates (to reduce testing needs)

~~~
gruez
>I think that's the only reasonable thing to do.

But that'd also mean you need double the flash capacity, which drives up the
BOM cost.

~~~
phildenhoff
Not necessarily. I worked on the team the managed the OS for an embedded
hardware project (radio equipment) and our disk was partitioned four ways:

1\. current operating system

2\. previous operating system (and next, on upgrade)

3\. data partition, shared across both current and previous OS

4\. factory reset partition

That means if we needed to do a factory reset we could just load the firmware
archive from the fourth partition onto the second partition and execute a
normal upgrade, albeit to an older version. Since upgrade packages were small,
maybe 500MB?, we could easily cut a little space from the rest of the
partitions to make it fit without having to increase the flash capacity.

~~~
WrtCdEvrydy
Yeah, but this is 2020... the blu-ray drive needs a copy of React with
node_modules sized at 26Gb :P

------
tpmx
I think the best approach is to never, ever connect a device like a TV, Blu-
ray player, etc to the internet. That's the only way they'll survive. So far
no HDMI-based attacks.

Hotglue the ethernet port?

~~~
Symbiote
At least TVs on the (originally) European DVB broadcast system can pick up
firmware from broadcasts.

Packets in the transport stream include the necessary firmware.

~~~
Ambroos
This is still used for set-top boxes, at least in Belgium. It happens in the
background now, but up until a few years ago when you first got one you'd only
see the firmware downloader for an hour or two, with this block diagram where
you could follow along:
[https://i.imgur.com/hh7eWZr.jpg](https://i.imgur.com/hh7eWZr.jpg)

The worst part about that was if your signal quality wasn't great. You'd see
blocks fail, and it'd take ages for them to come up again.

The boxes now ship with usable firmware preloaded, and will update in the
background in the first few days usually.

~~~
WrtCdEvrydy
That is the most LCAR upgrade screen I have ever seen...

~~~
lathiat
that can't be an accident surely; i want it.

------
harry8
You broke it, you bought it Samsung. Full refund. Pick up the device at your
expense or provide disposal costs as well.

Warranty is not any part of the issue if you come into my house and break a
thing I own and is my property.

~~~
duncan_bayne
What makes you think that what they broke is your property?

Read the EULA. It almost certainly specifies that what you think you own, has
in fact just been licensed to you.

~~~
harry8
No. This is actually nonsense.

Nobody has read the Eula. Nobody has knowingly and willingly agreed to those
terms (if they exist). No vendor has expected those terms to be read (if they
even exist). No vendor has explained those terms to a customer.

There is a contract for exchange of ownership. You can't actually break that
contract with unconscinable means such as fine print that nobody reads nor is
expected to read nor has had explained.

Read a EULA if you like but it will do absolutely nothing for you nor will it
alter the law and the application of the law. Maybe you'll enjoy the read
though?

It is an item, purchased in a shop in exchange for money. There's rather a lot
of established law about that.

~~~
duncan_bayne
> You can't actually break that contract with unconscinable means such as fine
> print that nobody reads nor is expected to read nor has had explained.

You _shouldn 't_ be able to, but I think in most jurisdictions you most
certainly can.

[https://en.wikipedia.org/wiki/End-
user_license_agreement#Enf...](https://en.wikipedia.org/wiki/End-
user_license_agreement#Enforceability_of_EULAs_in_the_United_States)

------
ajuc
These things can get really tricky.

We once almost bricked our devices (electronic magnifier/OCR for low vision
people) with an update that added automatic calibration for the cheap crappy
OEM touchscreen we used in some devices. It was so crappy all the screens we
had in our company had the same serial numbers and returned different
coordinates when you clicked in the same spot :)

Fortunately libev has calibration - you can provide a matrix to transform all
touchscreen events with. We added calibration step - the software asked user
to touch 4 corners on the screen, calculates inverse matrix and saves it to
configuration for better touchscreen accuracy. We tested it extensively, and
uploaded the version to our update server.

The next day customers started calling :) turns out libev (which reads the
configuration during booting) had a "feature" that parsed the numbers in the
configuration using the default system locale.

German locale uses . as thousands separator and , as fraction separator.

So, when you did the calibration and restarted the device with German locale
your screen transformed the touschscreen events multiplying them by thousands
- so you couldn't click on anything, so you couldn't use the device or click
"update software".

It was even worse if you used german locale, saved the calibration
configuration and then changed locale to English - then it simply crashed
during boot because of wrong number format :)

Fortunately we left one usb port accessible so users could attach usb mouse
and click "update" if they had the first situation, or download the whole
firmware on an usb pendrive and update from it.

BTW the libev bug is fixed, now it always reads the configuration using C
locale. Guess what happened when we updated the linux on our systems half a
year later and that change was included :)

------
_ph_
Programming errors happen, but thats why I don't get, that companies still use
programming languages, where such errors result in a crash vs. an error which
can be handled and recovered from. A faulty XML file shouldn't render the
whole machine unusable.

~~~
tedunangst
What language makes it impossible to write if parse(config) == false then
reboot?

~~~
_ph_
Impossible is a big word :). But while a C or C++ program tends to crash in
the presence of an error, like with a segfault, a lot of languages just throw
an error which you can catch. So you could proceed with the default values, if
the file cannot be read correctly.

~~~
rndgermandude
"can catch" doesn't give you anything, unless you actually do the catching.

C and C++ programs tend to crash in the presence of an error, but so do rust
programs (panic), C# and java and js and python programs (unhandled
exception). Some languages make it harder to footgun yourself for certain
types of errors, but never all types of errors.

I have seen js programs (and similar stuff in other languages) crash because
of something like

    
    
        JSON.parse(response).list[0].string.length
    

where the response was valid json, just the .list property was an empty array
(or even undefined because omitted in the json).

Does rust protect from such mistakes (because I know some people on here like
to claim rust is the answer to everything)? Verbatim from their docs:

    
    
        let v = vec![0, 2, 4, 6];
        println!("{}", v[6]); // it will panic!
    

I'd guess it's exactly such type of bounds error at play with the Saumsung
thing, from the mention of that empty <list/> element in the article.

I have written such code myself because I was lazy or distracted or "need
performance" or "this can never be empty per spec" or "oops, my range
calculation was off by one", tho luckily I didn't outright brick anything,
yet.

~~~
rstuart4133
There is one difference in Rust: they are so confident of their memory model,
panic!() only kills the current thread. The exception is if it happens in the
main thread it kills everything.

In Samsung's case, if they put the parsing of the telemetry config xml file in
a separate thread the default Rust behaviour is not to kill the entire thing.
Sending the telemetry back to servers sounds like something you would do in a
separate thread, so perhaps it would have saved them.

Other languages with similarity strong memory models like Java / Python /
Haskell could do the same thing of course. And in those languages programmer
could just emulate it in any case. C / C++ with their weak memory models could
not sanely do it. A programmer could emulate it in those languages by using
separate processes if the OS supported it, but they would have to forgo shared
memory.

Not a huge difference perhaps - but Rust's strong memory model does buy you
something.

------
dreamcompiler
Yet another reason for the warning _don 't connect your 'smart' TV, DVD
player, or any other entertainment device to your wifi router._ If you need
Netflix, use a standalone device such as a Roku and connect it to the TV with
HDMI.

~~~
electro_blah
smart my arse. it's as smart as the guy who designed/programmed it.

------
eucryphia
Our Samsung home theatre sound system's bluray stopped working years ago,
everything else works fine.

We have a few Samsung products and each one has a particularly annoying
problem.

The worst part is the support, I post a polite request on their website and
always get a very concise unhelpful answer.

I no longer buy Samsung products.

------
pengaru
Are these running Tizen?

~~~
tpmx
Probably. Samsung hired thousands of c++ developers in a particular low-cost
country to build Tizen. You can't really hire that many quality developers
that quickly, and it showed.

~~~
perryizgr8
Tizen is not a bad system by itself. For example, all Samsung watches run it,
and they're the best wearables after iwatch.

~~~
tpmx
It kinda is shitty, though. Do remember that it was built as a replacement for
Android on smartphones, then when that, in a 100% expected way completely
failed, was was relegated to the TV and smartwatch platforms where general
requirements are perhaps 5x less.

Those two platforms probably only use the best 20-30% core functionality of
what was built. And they're still second tier...

------
shannifin
I was wondering what had happened to my blu-ray player; thanks for posting
this!

------
crispyporkbites
This is one of the many reasons hardware companies stop supporting older tech.
It’s just not in their interests to push updates down to them, and can
seriously back fire

