In honour of World Television Day, within this blog post we discuss the various risks posed by Smart TVs.
As manufacturers continue to produce more and more devices capable of connecting to the internet, as a society we become more open and accepting of their convenience and the options they provide. As prices have decreased and quality has increased, Smart TVs have fast become a favourite entertainment device. Smart TVs are intricately developed devices, allowing users to enjoy streaming services such as Amazon Prime, Netflix and Hulu, while also browsing the internet and playing games. Despite these benefits, Smart TVs also present risks to our privacy: many devices have the ability to trace users’ browsing history, for example. While most Smart TVs allow the user to disable this type of tracking, it is often shipped as the default option.
Smart TVs have also consistently raised a variety of consumer privacy issues. For example, in 2017 the Federal Trade Commission (FTC) released information showing Vizio was using its Smart TVs to track the viewing behaviour of its customers, with the data collection turned on by default. This data was sold on to analytics and advertising companies, targeting the customers with personalised advertisements. The incident eventually cost Vizio USD 2.2 million (~GBP 1.66 million) in legal damages.
As well as logging your browsing history or collecting your viewing data, Smart TVs raise additional security concerns: the FBI recently warned that an unsecured, internet-connected TV is just as vulnerable to compromise as any other device. If unsecured, or configured with a weak or default password, a cybercriminal could compromise your Smart TV and gain access to your home network, or even spy on your every move via the TV’s built-in webcam. Once they have access to your home router, cybercriminals can move laterally and compromise connected devices without additional security in place, putting your whole network – and the data stored within it – at risk.
For example, a Consumer Reports investigation concluded that millions of Samsung TVs contained security flaws, allowing cybercriminals to potentially change TV channels, adjust the TV’s volume, play videos via YouTube, or disconnect the TV from its Wi-Fi connection. While Samsung addressed the problem with firmware updates, the incident showed how threat actors could easily target vulnerabilities in Smart TVs to gain initial footholds on victims’ networks.
While these security problems undoubtedly negatively impact individuals, they have wider implications for privacy and security: in 2017, Wikileaks published a draft plan from the US and UK governments to use Smart TVs as a means of collecting intelligence on individuals of interest by making the TV appear to turn off while still transmitting data.
In conclusion, Smart TVs are an attractive yet often overlooked attack vector, not just for government espionage campaigns but also for opportunistic cybercriminals and individual operations against individuals.
We recommend the following steps to help reduce the risk from your Smart TV:
- Practice good password hygiene by changing standard password and updating them often
- Disable cameras or microphones and consider using a webcam cover
- Install any software updates as soon as they are issued
- Check regularly for software updates
- Read the terms and conditions to understand what data is being collected and what is happening with it
- Disable any tracking or features you are not comfortable with