
Spoofing the Samsung Smart TV Internet Check - lelf
http://www.sodnpoo.com/posts.xml/spoofing_the_samsung_smart_tv_internet_check.xml
======
Bud
"Smart" TVs are dumb, by design, in their very conception. TVs get upgraded
perhaps once a decade or so. They don't need to have software in them, and
shouldn't. Leave that to people and companies who actually know how to produce
software. TVs should display an image. That's it. Nothing else.

There are no exceptions.

~~~
Shinkei
>There are no exceptions.

Wow, well I guess the issue is closed. I wish they had contacted you from the
start, otherwise this multinational, multi-billion dollar corporation could've
avoided the entire market. /s

I mean are you intentionally being dense? It has been a LONG time coming to
supplant the multiple devices I have to keep around my TV just to use cable,
streaming services, etc. Now I don't need to fire up the Wii if I want to
watch Hulu or Netflix, movies off a media drive or USB. If only I could
integrate the cable box into the TV, then it would really be a game changer.

I don't know about you, but I consider myself an above-average tech consumer
and I value simplicity and if companies can manage to keep my TV functional
for the next 5-7 years with all of my services, then it is money well spent.

~~~
chavesn
I agree with your well-placed sarcasm -- this is not a black and white issue.

However, I _disagree_ that there is fundamental value in built-in TV software
supplanting third-party devices. That is, unless a _software company_ is
making the _software_.

I have a Roku, and built-in software from Sony on a blu-ray player (on
separate TVs). The Roku is so much better that it's _painful_ to use the TV
without it:

\- The buffering is much worse on the Sony. When it switches between ads and
the video it takes several seconds to rebuffer.

\- The delay between menus is measured in seconds, while the Roku is almost
instantaneous

\- It's almost like Sony didn't even have one UX designer working on their
project. It will do idiotic things like when Hulu opens, create a modal dialog
that says "The internet content is ready" and I must click OK to proceed.

\- The remote and other menus are slow and hard to decipher just like you'd
expect from built-in software.

The point is that building the user experience of a video client is not
trivial. I can't even blame Sony, really -- a non-software company will never
do a good job at that kind of thing.

The Roku is a world of difference and until a company like that is building
the built-in software, the mainstream of the market will be in third-party
devices.

~~~
Nexxxeh
>The point is that building the user experience of a video client is not
trivial.

No, but "Sony" have done it before and it's been fine. PS3. (I've not tried
the PS4's media player.)

>I can't even blame Sony, really -- a non-software company

Sony Vegas? ACID? Sound Forge? Sony is not short of software production, "Sony
Creative Software" makes a few software products most people here would have
heard of. Not to mention SCE, they've made quite a bit of software and no-
doubt have some UI engineers.

~~~
A_COMPUTER
"Sony Vegas? ACID? Sound Forge?"

They bought every single one of those, from Vegas and from Sonic Foundry, Sony
was not responsible for their design or creation. The UIs were AFAIK fully in
place before Sony ever owned them, though I am sure some changes have been
made.

------
kenrose
Devices that infer that connectivity to one site implies connectivity to the
Internet are flawed. Having connectivity to one site means only that a route
exists between you and the remote host. That's it. It says nothing about any
other site. It's generally not good to do "Internet connectivity" checks. Just
check to see if the site you want to connect to is responding. In the case of
Samsung, who cares if samsung.com is down if I want YouTube. Just connect to
YouTube and if that's down, then tell me.

The only useful exception to the above that I've seen is for Wi-Fi hotspot
detection (e.g., checking a known response from Microsoft NCSI). The key
difference here is that if the NCSI server is down or not responding, the user
is not blocked from trying to connect.

~~~
kiallmacinnes
So, yes, they are broken when you think about them like that. But, they cover
the 95% use case... That case where most people say "The Internet is down" ;)

Giving the 95% a good experience should always be prioritised above giving
100% of users a mediocre experience.

~~~
ryandrake
Browsing samsung.com on ones TV's close to a 0% use case, not a 95% use case
for users. Therefore checking to make sure samsung.com is up helps about 0% of
their users.

------
mnkypete
I really don't like how Samsung handles this.. I couldn't use my TV all
morning to watch Youtube (I know, problems..), just because they think "If
Samsung is down, don't bother opening the Youtube app". Seriously, what the
heck...

Also, this is not the first time this happens.. I mean their data center was
on fire (www.engadget.com/2014/04/20/samsung-com-outage-sds-fire/), but isn't
there some failover?

~~~
madeofpalk
Apple devices also had a similar problem a while back
[http://www.zdnet.com/what-went-wrong-with-ios-6-wi-
fi-700000...](http://www.zdnet.com/what-went-wrong-with-ios-6-wi-
fi-7000004598/)

When iOS or Mac connects to wifi, it hits a similar URL to Apple to check if
the device is stuck behind a captive wifi network. If the check failed, it
attempts to throw up the networks login page.

But Apple's check server went down, and therefore peoples iPod touches, Macs
and iPads got stuck in a nasty cycle of trying to throw up a non-existant
login page.

~~~
0x0
Actually it wasn't that the server was down, it was that it was misconfigured
and returned unexpected 404 responses which made it look like a captive
portal.

------
amirmc
If we don't start building (and pushing for) more distributed/decentralised
systems then this is the future we can expect more of. Aside from this, why
should my TV need to dial home at all?

~~~
sjtrny
Why? To confirm connectivity.

Welcome to HN, where answering a question gets downvoted.

~~~
amirmc
My browser doesn't do that so there's really no _need_ for a TV to do that.

~~~
andybak
Are you sure your browser doesn't do that? There's usually some code that
checks for 'captive portals' \- i.e. wifi providers that want you to login
before giving you a real internet connection.

~~~
amirmc
What I mean is that my browser (Safari) doesn't dial home (Apple) to decide
whether or not it can try serving me content (HackerNews). NB That doesn't
mean it never connects to Apple without my knowledge (or elsewhere), but
rather that it's not a point of failure.

Edit: I'm making a distinction between what my _browser_ does vs the _OS and
wifi_. In any case, your home TV doesn't really have to deal with captive
portals.

~~~
nwh
Your Mac does exactly that actually.

[http://blog.erratasec.com/2010/09/apples-secret-wispr-
reques...](http://blog.erratasec.com/2010/09/apples-secret-wispr-request.html)

Apple broke the page once and everybody's wifi broke in response. Single point
of failure.

~~~
tjoff
How did everybody's wifi broke? I would have imagined that the only thing that
would have happened was that, for wifis that required a login portal, you
would have to launch your browser manually and let the portal hijack any
pagerequest.

How did they manage to ensure that this didn't work if there wasn't such a
portal or if you did it manually?

~~~
ninkendo
It's not safari that does it but the "OS" itself, and by that I mean the
wireless networking tool. I would imagine that there's some code that runs
upon successful connection to an AP and checks to see if you're in a captive
portal or not.

The resulting UI looks like a plain window with no UI elements except a close
button and a browser frame so you can auth with the captive portal system, and
goes away once connectivity is "restored".

------
runeks
This just reaffirms my impression of Samsung as a decent hardware company and
a poor software company.

I was thrilled to switch from my Samsung Galaxy S3 to my Nexus 4. The S3 had
horrible Samsung-equivalent apps for everything: email, chat, a browser, and a
lot of system services that I couldn't uninstall. It also had some specially
built update mechanism, separate from Google Play, that would drain my
battery, until it was fixed.

I like Samsung though, as long as they stick to producing hardware. My ARM
Chromebook is a lovely device: Samsung hardware with Google software on it.

------
nixy
I build "smart" TV apps for a living. Samsung's connectivity check for their
TVs from 2010 has a list of five domains that it checks against. Discovered
this during some debugging a couple of years ago. The list, in the order pings
are made, is:

    
    
      icq.com (not kidding)
      yahoo.com
      samsung.com
      google.com
      Some other domain I can't remember

~~~
aqme28
And it requires all five to connect, rather than just one?

------
benmarks
Single points of failure everywhere. This is not the future we were promised.
At least the fixes are in our hands.

~~~
scrollaway
Custom and open operating systems are the only way forward against this sort
of bullshit. It's not just crappy engineering, it's also TVs doing analytics
on what you watch, always-on cameras, etc..

As long as we have the power to root these devices and install our own
software on it, we will be fine. But for how long is that going to keep up?

~~~
userbinator
> TVs doing analytics on what you watch, always-on cameras

 _Who_ 's doing the watching now? That sounds ridiculously Orwellian...

> As long as we have the power to root these devices and install our own
> software on it, we will be fine. But for how long is that going to keep up?

The most interesting part of this is that "rooting" often relies on finding
and exploiting a _vulnerability_ , something that would be considered
detrimental to security and normally thought of as a bug. In other words, this
power is coming from having not-so-secure devices. Imagine if this TV was more
secure; it used DNSSEC and HTTPS to authenticate/encrypt communications, and
was designed to be resistant to tampering via hardware (secure processor,
encrypted memory, etc.) -- ostensibly for things like DRM. Do suggestions like
"all Internet traffic should be encrypted" start to look less appealing now?
To say it plainly, in this case "insecurity is freedom."

~~~
maxerickson
"Users should be able to install certificates" isn't super helpful for most
users, but it is sensible and also a nice clear message.

------
logfromblammo
This is exactly the sort of problem that made me decide to buy a regular
television after having previously bought a "smart" television. It does not
anger me quite so much as Microsoft trying to get me to pay them a
subscription fee to access my own network hardware, but it does drive me in
the direction of wanting an open-source set-top HTPC to sit at the interface
between dumb viewscreen and Internet.

------
voltagex_
So from that XML, you seem to control the URLs the TV will grab. Just a few
buffer overflows away from root on the TV, and of course you don't really own
the hardware you bought until you have root, right?

------
shavenwarthog2
A while back I "hacked" my Samsung TV. I spoofed a DNS entry to point to my
laptop, and put a tiny webserver on it. Then I could hit the "News" button on
my remote and get obscene fortune cookies on my TV!

Then I turned it off. Internet on TV is silly, as far as I can tell.

My girlfriend's wonderful Panasonic has tons of internet features -- web,
youtube. Web is nearly useless because of lack of keyboard; youtube is
awkward; vimeo isn't bad. Using an Android app, selecting your youtube video,
then doing "send to TV" is great when we bother to do it.

The "smart" Panasonic is a dumb screen in front of Roku. The only other non-
dumb features we use is the "play videos from SD card" feature, and the "play
from DLNA (my laptop)" feature -- both get used quite often, and work well.

------
keithgabryelski
testing a connection for various features is not as robust as actually trying
the operation you want to complete and determining if it worked.

drop all the extra work and let code fail gracefully while in action.

------
chavesn
It's a good thing they didn't use HTTPS. And a good thing that something else
doesn't actually rely on samsung.com (listing services, API endpoints,
whatever).

This is a cool hack for now but if I had to make a prediction I'd bet there's
a future coming where this isn't possible, where the two are even more
intertwined -- even though most of us know they don't need to be and wouldn't
design our own systems that way.

------
thejosh
Oh boyo.

We have samsung smart tvs at home, which Plex runs on top of... looks like I'm
going to have to implement something like this with openWRT in future..

------
akandiah
I assume Samsung is using Linux as the underlying OS here. If so, does Linux
have a "Network Awareness" API? I understand that Windows has one. More info:
[http://technet.microsoft.com/en-
us/library/cc766017%28WS.10%...](http://technet.microsoft.com/en-
us/library/cc766017%28WS.10%29.aspx)

~~~
runeks
As far as I can see, this issue exists because, fundamentally, there is no
such thing as "Internet access". If a device can access only 50% of hosts on
the Internet, does it have Internet access? What about 1% or 99%?

Consequently, it makes no sense to make "Internet access" a binary variable
that a software system uses to determine whether it has access to _all_
Internet sites.

One would think the YouTube app would have a built-in mechanism for handling a
failure when connecting to youtube.com. It's entirely possible that
samsung.com could be up, but youtube.com down. I assume the YouTube app
gracefully handles this, and this would render Samsung's binary state
"Internet present?" variable useless at best.

 _TL;DR_ : Having a system-wide "Internet available?" variable is meaningless
because individual apps need to be able to handle not being able to connect to
a particular host anyway (eg. youtube.com, netflix.com).

~~~
zachlipton
Well, the system-wide "internet available?" variable isn't completely useless
from a user perspective.

If youtube.com happens to be down for whatever reason, there isn't much the
user can do about it except wait, so there isn't much for the YouTube to do
besides display a standard error message and call it a day.

But in the more common case where the user's internet connection is
unavailable or misconfigured, there are troubleshooting steps the user can
take (make sure it's plugged in, try turning the router off and on again,
check network settings, etc...).

I suspect the design was to help users get their TVs connected to the internet
by providing more useful diagnostics when they are offline. To do that, you
need some kind of system-level check for connectivity. Now, there are
certainly better ways they could have implemented the feature, ways that
didn't involve a single point of failure where a fire at one building means
that millions of TVs can't access Netflix or YouTube for no good reason, but
the intent wasn't completely meaningless.

------
markomikolavcic
Very helpful. I have the LG smart tv and i would like to know if in my case
(lg) could happen the same... Just in case to know if it happens. my opinion
about these smart tv's is very positive. I like to browse or watch films over
netflix or others. Hope that in a couple of years it gets even smarter :)

------
nfriedly
Nice work! I ran into the same issue with my samsung "smart" TV, and I was
starting to set up a similar hack when my wife beat me to the punch: hit the
"factory reset" option in the menu, and then it loses the wifi settings and
stops trying to check for updates.

------
thefreeman
I wouldn't be suprised if it's vulnerable to XXE too (
[http://projects.webappsec.org/w/page/13247002/XML%20Entity%2...](http://projects.webappsec.org/w/page/13247002/XML%20Entity%20Expansion)
)

------
turrini
It amazes me that most of these "Smart" TVs don't use SSL or any sort of
encryption in first place.

~~~
mobiplayer
I know first hand some other brands do.

------
dcosson
> I overrode the DNS and pointed it to 127.0.0.1 and tried again.

Is there an easy way to spoof that on your local home network?

~~~
EvanAnderson
Run your own local DNS server. Virtually every lightweight router-oriented
Linux distro includes dnsmasq if you don't want to run a full-blown DNS
server.

~~~
Piskvorrr
Moreover, your router is very likely to already run dnsmasq under the hood.

------
beagle3
I have a Vizio "smart tv" which is about as "smart"

------
kdot
I guess this explains why my Fios TV app isn't working.

------
ndesaulniers
Wow now I want to buy a DRM... I mean "Smart" TV!

