Last Friday, thousands of owners of Samsung Blu Ray players found that their home entertainment devices would no longer boot up. While devices getting stuck in a power-cycling loop is not uncommon, this case stands out as it affected a huge range of devices all at the same time. Samsung’s support forum paints a bleak picture, with one thread on the issue stretching to 177 pages in just a week.
So what is going on, and what can be done to fix the problem? There’s a lot of conflicting information on that. Some people’s gear has started working again, others have not and there are reports of customers being told to seek in-person repair service. Let’s dive in with some wild speculation on the problem and circle back by commiserating about the woes of web-connected appliances.
Time To Die
When thousands of devices all fail at the same time, it tends to point to an external causal factor. One theory put forth by many has been that the issue was caused by an automatic firmware update, bricking the machines. However, with the problem affecting a wide cross section of machines, all presumably running different hardware and different firmware, this would seem an unlikely cause. While firmware updates can cause problems, it would be unusual for Samsung to roll out an update to so many varied models all on the same day. A staggered rollout as fixes were developed would be more likely, particularly for a product line facing end of life, like Blu Ray players.
A more likely culprit is an expired SSL certificate which the players use to access Samsung servers. With Samsung’s Blu Ray players often featuring Internet connectivity for streaming video, such certificates are necessary to avoid security issues out in the real world. If not kept up to date, these certificates eventually expire, and need to be updated if secure connections are to be maintained.
Of course, if expired certificates are the problem, it highlights far deeper issues with Samsung’s appliances. While an expired certificate cannot be used for secure online communication, there is no reason that it should brick the entire device. A simple few lines of code are all that is required to detect the out-of-date certificate and notify the user as to the cause of the problem. The player could then allow the user to still use the offline functionality of the device. Instead, what users see is a machine that fails within 10 seconds of power on, getting stuck in an infinite loop.
The fact that the problem is affecting even devices that aren’t connected to the Internet will prove yet more galling for Samsung’s customers. While a certificate failure is a problem for online use, there’s no reason it should affect the proper operation of the Blu Ray player itself. One of the major benefits of physical media is it sidesteps the requirement for an internet connection, and yet owners of these machines still find themselves out of luck.
A Potential Fix
Assuming the problem is indeed an SSL certificate issue — a plausible scenario since Blu Ray involves a lot of signed DRM features — the only real way to fix this problem for the average user will be for Samsung to issue a valid certificate, rolling it out to machines with a firmware update. This may prove difficult with the machines stuck in a bootloop if the affected units restart prior to checking for online updates. And, of course, assuming the updates are sent through an SSL secured channel, there’s no hope of an over-the-air fix at all. Users who don’t have their players connected to the Internet at all are out of luck whatever happens.
However, this isn’t WaitForAnUpdateADay, it’s Hackaday, and we’re in the business of providing quick and dirty back-of-the-envelope solutions. If the problem is tied to the magic date of Friday the 19th of June, resetting the machine’s clock prior to this date may just coax the machine back into life. The really adventurous could try packet-capture the running device to determine where it connects to, and spoof NTP servers on a closed network. But more likely than not the firmware was written with this type of attack in mind.
Consumer Rights
Fundamentally, the consumers who purchased these Samsung devices are feeling hard done by. A week has passed with no solution, and it’s likely Samsung doesn’t have a whole lot of resources on the problem. Having announced their exit from the market in 2019, the simple factors of lower demand in the face of streaming services have meant the Blu Ray market is shrinking fast.
Despite various countries having rules that manufacturers can’t sell defective hardware without proper restitution, it’s unlikely Samsung will be shipping new Blu Ray decks to affected customers. Manufacturing lines have likely already been closed, and the stock simply isn’t available. In our current throw-away society, there isn’t exactly a network of service centres for this sort of hardware either. If they can’t fix it, past bricked-hardware debacles point to class-action and refund settlements. A messy way forward, but with plenty of historical precedent behind it. Let’s hope a device firmware update (DFU) from a USB thumb drive can resurrect these before it gets that far. What a mess!
So what are your thoughts? Is there anything that can be done to get these working again? What happens when a stored SSL cert expires, and what is the proper way to fail in that case? We’d love to hear from any readers who have experience with how the authentication stack works for Blu Ray DRM, especially if there’s an offline fall-back that make these appliances simmer down and spin up some discs.
No comments:
Post a Comment