Codex Hacked a Samsung TV

April 16, 2026
aisecurityprivacystreaming
Blurry close-up of a computer screen displaying code with orange lighting.
Photo by Daniil Komov on Pexels

What happened

It has been reported that researchers at Calif gave OpenAI’s Codex a foothold inside a Samsung Smart TV’s browser and, after a series of automated steps, the model “popped a root shell.” They say no TVs were seriously harmed — one may have been repeatedly rebooted, they add — and they acknowledged OpenAI as a partner on the project. Shocking? A little. Unthinkable? Not anymore. Black Mirror vibes, but with a lab notebook and careful disclaimers.

How it worked

The team started from an existing browser-app shell on a KantS2 (Samsung Smart TV) device and set up a controller that could build static ARMv7 binaries, host files over HTTP, and feed commands into the TV’s live tmux-driven shell. It has been reported that Codex audited the matching firmware source, identified vulnerable driver code, validated a physical-memory primitive on the live device, and used a memfd-based loader to bypass Samsung’s Unauthorized Execution Prevention so unsigned binaries could run from memory. Calif says they didn’t hand the model a bug or an exploit recipe — the loop was inspect, build, deploy, log, repeat — and that Codex adapted its tooling to the device’s execution constraints until the browser process became root. Allegedly, the whole escalation chain was discovered and executed end-to-end by the AI working against a real device.

Why it matters

This is a practical demonstration of a trend many security folk have warned about: AI is getting competent enough to accelerate offensive research, turning what used to be a manual, creative hunt into something much faster. Should vendors panic? Probably not yet — but they should pay attention. Firmware supply chains, execution restrictions like UEP, and memory-hardening primitives now face a new kind of adversary: an assistant that can read source trees, generate toolchains, and iterate on live evidence at machine speed. The emotional punch here is small but sharp: a consumer TV, trivial to overlook, becomes a stage for a machine to flex its hacking muscles. Time to tighten the screws.

Sources: calif.io, Hacker News