Screengrab

Samsung's clever merging of a tablet-like operating system with a conventional TV to create "smart TVs" seems pretty cool, but device developers may have forgotten a pretty crucial detail for a major household appliance connected to the web--security.

Malta-based security researchers ReVuln found a creepy vulnerability in Samsung Smart TVs that could lead to a particularly invasive form of hacking. They detailed for The Security Ledger just how spooky things could get if hackers take advantage of the problem:

It could give an attacker the ability to access any file available on the remote device, as well as external devices (such as USB drives) connected to the TV. And, in a Orwellian twist, the hole could be used to access cameras and microphones attached to the Smart TVs, giving remote attacker the ability to spy on those viewing a compromised set.

The Security Ledger mentions Skype cameras sold as accessories for the Smart TV as an example of equipment that could be used to spy on victims as they sit placidly eating popcorn and watching Netflix. They also point out that Smart TVs don't have security at the moment, not even a basic firewall.

Barring access to Skype cameras, a hacker could at the very least use access to a compromised Smart TV to steal data used on social networks, such as login names and more importantly, passwords.

ReVuln has created a video demonstrating the problem, which you can watch below. They didn't hesitated to double down on the unsettling nature of the security hole, titling the video, "The TV is watching you."

Gloria Berg, who was in the store with her children at the time, complained to the manager. In an interview with a local TV station, Mrs. Berg told of the the manager's interesting response to her concerns:

She says the manager told her someone had used the store's WI-FI to upload the image to the TV's.

She says the manager told her the same thing had happened the night before and there was nothing the store could do about it.

"They, like, brush it off like it's...who cares? Nobody cares. It's pornography. And we are getting adjusted to that kind of mentality. That's why we are losing our morals," Berg says.

The news station couldn't get a response from the local Best Buy but the corporate office issued a statement, stating that "two individuals" had hacked into the store's wireless signal "to broadcast inappropriate content on a smart television display."

Best Buy apologized for the incident(s) and said it would work to "ensure that it does not happen again."

Local law enforcement is investigating.

Techdirt recently wondered if Smart TVs were "not such a smart idea," noting that "the Smart TV is just a sales vehicle dreamt up and promoted by the TV OEMs. They had a bang-up decade updating everyone to flat panels, then pushing the upgrade to 1080P. They've had less success with 3D, and are looking for the hook to make another upgrade worthwhile."

That's practical, but in an age when the amorphous hacktivist collective Anonymous appears to worry even the N.S.A., the way Smart TVs are displayed inside big box retailers like Best Buy (or Wal-Mart) may present yet another opportunity for hackers to wreak havoc on the sensibilities of customers like Mrs. Berg or even launch an Anon-style protest to prove a point.

Or, like the "Max Headroom" hacker 25 years ago, just show unsuspecting shoppers video of themselves getting spanked with flyswatters.