At the end of June 2020, we reported that Samsung's Blu-ray players and home theaters were experiencing serious problems.
Depending on the device model, these failures looked different, but most often the problem was that the gadgets go off endlessly rebooting immediately after turning on. Some users wrote about other occurrences, for example, the device could make strange sounds and constantly tried to read the disc, even if there is no disc in the drive; devices could turn off a few seconds after turning on; in other cases, the players stopped responding to any commands and button presses.
At the time, some users and researchers speculated that the problem might have been caused by a failed firmware update or an outdated SSL certificate, but the exact cause was unknown. Samsung representatives in the end advised customers to return non-working devices to service centers for repair, since the software patch would not solve the problem.
Now edition The register reports that a month later, the cause of the mysterious failures was nevertheless established. The root of the problem was an XML file that Samsung devices on the network occasionally downloaded from the company's servers.
When this file was saved in the device's flash memory and processed, it caused a device failure and forced reboot. After rebooting, the player parsed the same XML file again, crashed again, and the device rebooted again. At the same time, the analysis of the "bad" XML file was carried out before downloading the new version from the Internet, which is why many Samsung players are tightly stuck in a loop of endless reboots.
An independent information security specialist and reader of The Register, known under the nickname Gray, helped the publication's journalists to understand the problem. He explains that the company's Blu-ray players recorded their activities and regularly sent copies of these telemetry logs to Samsung's servers (during software update checks). Such logs, for example, stored information about when the user launched the Netflix application and when it closed.
What the device should log and send to the vendor's servers was defined in a special XML logging policy file that was regularly downloaded from https: //configprd.samsungcloudsolution (.) Net / openapi / dict / logpolicyconfig.
Gray says that the players did not transmit their logs to the company's servers until the user accepted the data privacy notice. This notification appeared when a customer connected their device to the Internet and tried to use network services (for example, Netflix). After the user gave their consent, the Blu-ray players no longer asked for anything and started sending telemetry to Samsung's servers while checking for updates.
The problem was that even if the owner of the device did not use services like Netflix, did not agree with the privacy notice, did not download software updates, but simply connected his player to the Internet, he still regularly downloaded the logging policy file related to with telemetry, and automatically analyzed it. That is why the failure affected even those devices that did not receive any updates and did not use network services.
“Players have turned into 'bricks', although users have never tried to update them remotely. It was enough that the player was basically connected to the Internet. Samsung has never asked its users if the bomb can be loaded, ”the researcher writes.
The bug in the XML file appeared on June 18, 2020. On that day, the file was not formatted properly and contained an empty list element as seen in the screenshot below. An empty list created an invalid reference to a memory location in the device's main program, bdpprog, causing the kernel to abort and restart. As mentioned above, after restarting the player, the problematic XML file was processed again, and everything repeated.
Gray writes that there seems to be no way to break this "vicious circle" by standard means. The only way to deal with the problem is to delete the problematic XML file from the device's flash memory, or update the player's firmware to a version that fixes the XML parsing error. But, unfortunately, at the moment such an updated firmware simply does not exist.
“Unfortunately, both of these methods require low-level access to the player's serial port, soldering on the motherboard, proprietary hardware and software, and in-depth knowledge of the device architecture. This is beyond the power of an ordinary user. Therefore, the best solution that Samsung can and offers to its customers is to send the player to an authorized service center, ”the specialist sums up.
Journalists note that on June 27 this year, Samsung engineers replaced the problem file on their server, that is, the number of victims will no longer increase. However, fixing the file will not help the already "ripped" devices in any way.