Recent research by CALIF has demonstrated that OpenAI’s Codex AI model can achieve root-level access on a Samsung Smart TV by exploiting vulnerabilities in world-writable driver interfaces. This significant development, revealed on April 14, 2026, highlights critical security concerns regarding the handling of device security in consumer electronics and how artificial intelligence can be leveraged in cybersecurity research.
The experiment began with researchers establishing a basic code execution foothold within the TV’s web browser, operating under a limited user privilege. From this vantage point, Codex was granted direct access to the live device and the corresponding KantS2 firmware source code. The primary objective was to determine if the AI could escalate these privileges to a full root account without being explicitly guided towards specific exploits, mimicking the process of a human penetration tester.
How Codex Achieved Root by Exploiting World-Writable Driver Interfaces
The investigation into the Samsung TV’s security, running Linux kernel 4.1.10 on Samsung’s Tizen platform, faced an initial hurdle with Unauthorized Execution Prevention (UEP), a feature designed to block unsigned binaries from launching directly from disk. However, the CALIF team had already implemented a memfd wrapper, a mechanism that loads programs into memory rather than executing them from a file path, effectively bypassing the UEP protection. Codex utilized this method to deploy and run its custom ARMv7 binaries seamlessly.
During its internal reconnaissance, Codex identified three critical device nodes within the ntk* driver family that were accessible with world-writable permissions: ntkhdma, ntksys, and ntkxdma. These interfaces, visible as crw-rw-rw-, were part of the Novatek Microelectronics driver stack integrated into Samsung’s firmware. Their accessibility from the browser shell, their presence on the device, and their inclusion in the released KantS2 source code made them the primary targets for the AI’s privilege escalation attempt.
The Physmap Primitive and Privilege Escalation
The core of the exploit lay within the /dev/ntksys kernel driver. According to CALIF’s analysis, this driver allows user-space applications to register a physical memory address and size, enabling them to map that memory directly into their own process space using mmap. Security experts refer to this capability as a “physmap primitive,” which grants unprivileged code direct read and write access to physical memory without requiring kernel code execution. The vulnerability stemmed from a default udev rule (KERNEL=="ntksys", MODE="0666") that assigned world-writable permissions, combined with a driver that failed to adequately validate requested memory ranges against kernel-owned or privileged memory segments.
Codex meticulously constructed the exploit. It first queried /dev/ntkhdma to obtain the physical address of a DMA buffer (0x84840000), providing a known, usable memory page for testing. This page was then mapped via ntksys, allowing Codex to confirm read and write capabilities from the browser shell. With this primitive verified, Codex proceeded to scan memory regions. By analyzing /proc/cmdline and identifying the browser process’s credential structure based on its stored UID and GID, the AI was able to zero out these fields, effectively nullifying the privilege restrictions.
The final verification confirmed a complete privilege escalation, with the system reporting uid=0(root) gid=0(root). The research team recommends that Samsung, and other vendors incorporating similar driver stacks, should restrict access to ntk* device nodes to only privileged processes. Additionally, they advise removing world-writable udev rules for memory management interfaces and implementing robust physical range validation within drivers like ntksys before any mmap calls. A thorough audit of third-party kernel components embedded in consumer firmware, adhering to the principle of least privilege, is also strongly encouraged before deployment.
The full technical write-up and the proof-of-concept code detailing how Codex exploited these vulnerabilities are available on the CALIF GitHub repository under the designation MADBugs/samsung-tv. This research signals a new frontier in AI-assisted cybersecurity, demonstrating its potential to uncover complex hardware-level vulnerabilities. The implications for the security of smart TVs and other connected devices are significant, prompting a broader discussion on the security assurance of embedded systems.
Looking ahead, the findings from this experiment are likely to spur further research into AI’s capabilities in both offensive and defensive cybersecurity. Manufacturers will need to intensify their efforts in securing device drivers and firmware, potentially leading to new industry standards for embedded system security. The rapid evolution of AI poses both opportunities and challenges for the cybersecurity landscape.