This involved adding an isolated network segment dedicated to TV research, in order to isolate it from company traffic. The first step in this is obvious – we set up a VPN to the TV. This is very useful for our research, but we noted a number of disparities between the emulated environment and the actual TV, and so we wanted to ensure that the TV hardware was used whenever possible. Some investigation of this revealed it to be running a modified version of qemu and an x86 build of the TV’s guest OS.
We could somewhat mitigate this by using Samsung’s development tool chain, which includes an emulator for the TV. Furthermore, the team needs 24/7 access to the devices (everyone knows the best hacking always happen at 2AM, fuelled by energy drinks!).
Our first hurdle was one of practicality – once we buy the TV, how can we make it available to a team of geographically-dispersed hackers? Most of our research was based in our Singapore office, but we were joined on the work by staff in Poland and the UK.
