A couple of weeks ago I was commenting on the case of a Sony Bravia that could be remotely turned off from a PC by flooding packets sent over the network, this time a similar problem was detected on televisions. Samsung D6000 series.
Investigator Luigi Auriemma discovered it by mistake when trying to display a personalized message while his brother was watching TV.
These Samsung models can be remotely controlled by iOS and Android mobile applications that are on the same local network, they work as remote controls to change channels, increase volume, etc. Other programs that support the same protocol could also control them.
When the television detects a new device, it displays a message on the screen with two options to accept or deny the connection, also indicating the name, the MAC address and the IP address. When this package is modified with a unexpected message or strange characters The error occurs, regardless of which option the user selects.
TV enters a infinite restart loop and stop respondingeven if the power is turned off and back on again. The only way to recover it is through a service mode that can be activated while it is turning on, something like the Windows F8.
Luigi estimates that the vulnerability would also allow malicious code to be run on the TV but he did not delve into the analysis, he is not interested in destroying his TV to find bugs. As I said at the beginning, I discovered it by mistake when I wanted to play a prank on his brother :]