Keeping an eye on your smart TV

Keeping an eye on your smart TV
Nick FitzGerald, Senior Research Fellow, ESET


The time when all that our TV sets could do was show us ‘regular’ TV stations is now over. These days, ‘old-school’ TVs are increasingly being replaced with their ‘smart’ successors, which allow users to stream video and audio, play games, browse the internet, and download and use apps – all thanks to the addition of some computing power and internet connectivity.

The ascent of the smart TV is in line with trends in Asia, as countries like Singapore, Malaysia and the Philippines take the first strides towards all-digital broadcasting by 2020. This evolution is part of a wider trend that involves connecting consumer electronics and everyday objects to the internet, creating a rapidly growing mass of various Internet of Things (IoT) devices in the process.

However, the internet connectivity of smart TVs, combined with the perilous state of security in the IoT space in general, opens the floodgates to a deluge of threats to our privacy and security. Researchers have shown that attacks against smart TVs are practicable, often requiring no physical access to the device or interaction from the user. Once compromised, an Internet-enabled TV can serve as a springboard for attacks against other devices within the same network, ultimately targeting a user’s personal information stored on even juicier targets such as PCs or laptops.

With more smart TVs finding their way into Asian households, it is more critical than ever for consumers to be aware of the risks at hand.

Watch your back

In 2013, researchers demonstrated that by exploiting security holes in some models of Samsung’s internet-capable TVs, it was possible to remotely turn on the built-in camera and microphone. In addition to converting the TVs into all-seeing, all-hearing devices, they were able to take control of embedded social media apps, posting information on the users’ behalf and accessing files. Another researcher disclosed an attack that allowed him to insert fake news stories into the browser of a smart TV.
Malware, too, can find its way into smart TVs and convert them into bugging devices. In this attack vector, hackers could create a legitimate app before releasing a malicious update that would then be automatically downloaded onto a smart TV. For example, a CIA program had apparently provided hackers with access to Samsung Smart TVs, allowing a television’s built-in voice control microphone to be remotely enabled while keeping the appearance that the TV itself was switched off.

In 2014, loopholes in a widely used interactive TV standard known as HbbTV came to light. Through means like burying attack codes into rogue broadcasts or deploying rogue over-the-air signals, thousands of internet-enabled smart TVs could be targeted in one fell swoop. This opens an almost endless list of malicious actions, including spying on the user via the TV's microphone and camera and burrowing deep into the local network. It is estimated that as many as 9 in 10 smart TVs sold in recent years are vulnerable to such attacks. In these cases, the victim would spot no outward signs of something being amiss. Furthermore, this attack does not require any special hacking smarts.

In February 2018, US non-profit organization Consumer Reports released the results of hack tests on five brands of internet-connected TVs, each of which features a different smart TV platform. “Millions of smart TVs can be controlled by hackers exploiting easy-to-find security flaws”, said the organization. The devices were found to be susceptible to rather unsophisticated hacks that would enable an attacker to flip through channels, crank up the volume to blaring levels, install new apps, and knock the device off Wi-Fi – all from a remote location.

Modern-day tattletales

Privacy concerns about smart TVs were raised in 2015, when details about Samsung’s ‘voice recognition’ function – another layer of convenience that enables you to give voice commands to your smart TV – were publicized. The company warned its customers who use the voice recognition feature on their smart TVs that their private conversations would be among the data captured and shared with third parties. In addition, the voice information picked up in such ‘official snooping’ was not always encrypted, potentially enabling intruders to listen in on private conversations.

It is also the case that, with some devices, smart TV users need to consent to the collection of very detailed data about their viewing habits, unless they are prepared to forgo most or all of the ‘smart’ features of their new smart TV. Over the years, several manufacturers have been found to engage in the behind-the-scenes acquisition of, and trafficking in, data about the viewing habits of consumers.

With forecasts projecting that over 750 million smart TVs will be in use worldwide by the end of 2018, the security and privacy concerns involved can no longer go unattended. Smart TVs afford us the opportunity to use them for purposes that are more commonly associated with tablets and smartphones. Thus, our understanding of cybersecurity and privacy measures for mobile devices should also extend to smart TVs. Some of the same rules apply here, such as practising good password hygiene and staying on top of updates rolled out by developers. Given that the Android OS has dominated the global smartphone market and is projected to capture the smart TV market, it seems that consumers will look towards deploying Android security products to their smart TVs. 

For the LATEST tech updates,
FOLLOW us on our Twitter
LIKE us on our FaceBook
SUBSCRIBE to us on our YouTube Channel!
    Blogger Comment
    Facebook Comment