34

I have a Samsung Smart TV running Tizen OS, and out of curiosity I scanned it with Nmap. I found multiple open ports. One of those ports is running a "display" service. Does this mean it can cast its own screen, or that i can cast my screen to it?

enter image description here

Saker Alabas
  • 451
  • 1
  • 4
  • 4
  • 4
    Something to keep in mind with nmap is how it decides what service is running on a port. The first page of the documentation has some good examples of why this detection matters, https://nmap.org/book/vscan.html . In your case, nmap is probably right about it being a display service, but it's worth understanding what options your GUI tool might be using and if you really need to know what services are exposed how to probe or verify them more accurately. – Freiheit Jun 14 '19 at 20:05
  • 26
    Weird the you obscured the port but not the service name. They correspond 1-to-1 in most cases, including this one. – David Schwartz Jun 14 '19 at 20:45
  • I've nmapped my home network and found many open ports on my Samsung Smart TV, including one that nmap labeled as Bitcoin, as well as my printer and various other IoT on the network. The things I **don't** want speaking out of turn, I put in my router's MAC blacklist. My printer works fine locally but can no longer phone home about ink and status. I also blacklisted my TV. This of course eliminates most of the "*smart*" functions, but my Roku device handles all that and my TV no longer reports on what I watch via antenna or other devices. The TV also no longer forces unknown firmware patches u – user10216038 Jun 14 '19 at 22:34
  • @David Schwartz, I had no idea that they were linked. I was trying to be safe, now I realized how dumb that is. I'm 13 years old and new to this networking and security stuff. – Saker Alabas Jun 25 '19 at 12:56

1 Answers1

48

While this isn't strictly a security question, I'm unsure if the Stack Exchanges for Super User or Networking would take this, so I'll just answer it quickly:

Depending on your options, nmap will return different results for ports because different steps for service reconnaissance are taken. Since you seem to use a GUI to nmap and are asking a security beginners question, I'm assuming it's the default options, untweaked. In this case, per /usr/share/nmap/nmap-services this is:

 display 7236/tcp        0.000000        # Wi-Fi Alliance Wi-Fi Display Protocol

If the port does in fact match (unfortunately, you did hide that information from us), this is probably a Miracast instance.

From there you can see the direction the display sharing is supposed to work (emphasis mine):

Miracast is a standard for wireless connections from devices (such as laptops, tablets, or smartphones) to displays (such as TVs, monitors or projectors), introduced in 2012 by the Wi-Fi Alliance. It can roughly be described as "HDMI over Wi-Fi", replacing the cable from the device to the display.

TLDR:

Does this mean it can cast its own screen, or that i can cast my screen to it?

The latter.

Luc
  • 31,973
  • 8
  • 71
  • 135
Tobi Nary
  • 14,302
  • 8
  • 43
  • 58
  • 4
    See https://www.samsung.com/sg/support/tv-audio-video/screen-mirroring-samsung-tv-with-mobile-device/ – Swashbuckler Jun 14 '19 at 16:27
  • 4
    Samsung has an app called smartthings, that does this. Enabling you to cast from a smartphone or likewise to the tv. It has some restrictions on what you may cast. But just confirming the above answer from a former salesmans perspective. – Olba12 Jun 14 '19 at 22:51