Researchers have demonstrated that OpenAI's Codex can autonomously hack hardware devices, using a Samsung Smart TV as their test case. Starting with code execution inside the TV's browser application, they posed a simple question: could Codex escalate this foothold to root access? The answer was yes.

Codex audited Samsung's KantS2 firmware source and identified a critical vulnerability in the /dev/ntksys kernel driver. The driver accepted physical addresses from user space and mapped them directly into the caller's address space without proper validation. A world-writable udev rule exposed this physmap primitive to unprivileged code, allowing the browser process to access arbitrary physical memory.

The exploit chain required navigating Samsung's Unauthorized Execution Prevention (UEP), which blocked unsigned binaries from disk. Researchers used a memfd wrapper to load ARMv7 binaries into memory instead. Codex iterated through the source, identified the ntksys and ntkhdma drivers from Novatek Microelectronics, and built a proof chain that turned browser-level code execution into root access on a real device. No TVs were seriously harmed, though one may have experienced mild distress from repeated remote reboots.