Keeping an eye on your smart TV
Nick
FitzGerald, Senior Research Fellow, ESET
FitzGerald, Senior Research Fellow, ESET
The time
when all that our TV sets could do was show us ‘regular’ TV stations is now
over. These days, ‘old-school’ TVs are increasingly being replaced with their
‘smart’ successors, which allow users to stream video and audio, play games,
browse the internet, and download and use apps – all thanks to the addition of
some computing power and internet connectivity.
when all that our TV sets could do was show us ‘regular’ TV stations is now
over. These days, ‘old-school’ TVs are increasingly being replaced with their
‘smart’ successors, which allow users to stream video and audio, play games,
browse the internet, and download and use apps – all thanks to the addition of
some computing power and internet connectivity.
The ascent
of the smart TV is in line with trends in Asia, as countries like Singapore, Malaysia and the Philippines take the first strides towards all-digital broadcasting by 2020. This evolution is part of a wider trend that
involves connecting consumer electronics and everyday objects to the internet,
creating a rapidly growing mass of various Internet of Things (IoT) devices in
the process.
of the smart TV is in line with trends in Asia, as countries like Singapore, Malaysia and the Philippines take the first strides towards all-digital broadcasting by 2020. This evolution is part of a wider trend that
involves connecting consumer electronics and everyday objects to the internet,
creating a rapidly growing mass of various Internet of Things (IoT) devices in
the process.
However, the
internet connectivity of smart TVs, combined with the perilous state of
security in the IoT space in general, opens the floodgates to a deluge of threats
to our privacy and security. Researchers have shown that attacks against smart
TVs are practicable, often requiring no physical access to the device or
interaction from the user. Once compromised, an Internet-enabled TV can serve
as a springboard for attacks against other devices within the same network,
ultimately targeting a user’s personal information stored on even juicier
targets such as PCs or laptops.
internet connectivity of smart TVs, combined with the perilous state of
security in the IoT space in general, opens the floodgates to a deluge of threats
to our privacy and security. Researchers have shown that attacks against smart
TVs are practicable, often requiring no physical access to the device or
interaction from the user. Once compromised, an Internet-enabled TV can serve
as a springboard for attacks against other devices within the same network,
ultimately targeting a user’s personal information stored on even juicier
targets such as PCs or laptops.
With more smart TVs finding their way into Asian households, it is more critical than ever for consumers to be
aware of the risks at hand.
aware of the risks at hand.
Watch your back
In 2013, researchers
demonstrated that by exploiting security holes in some models of
Samsung’s internet-capable TVs, it was possible to remotely turn on the
built-in camera and microphone. In addition to converting the TVs into
all-seeing, all-hearing devices, they were able to take control of embedded
social media apps, posting information on the users’ behalf and accessing
files. Another researcher disclosed an attack that allowed him to insert fake news stories into the
browser of a smart TV.
demonstrated that by exploiting security holes in some models of
Samsung’s internet-capable TVs, it was possible to remotely turn on the
built-in camera and microphone. In addition to converting the TVs into
all-seeing, all-hearing devices, they were able to take control of embedded
social media apps, posting information on the users’ behalf and accessing
files. Another researcher disclosed an attack that allowed him to insert fake news stories into the
browser of a smart TV.
Malware,
too, can find its way into smart TVs and convert them into bugging devices. In this attack vector, hackers could create a legitimate app before
releasing a malicious update that would then be automatically downloaded onto a
smart TV. For example, a CIA program had apparently provided hackers with access to
Samsung Smart TVs, allowing a television’s built-in voice control microphone to
be remotely enabled while keeping the appearance that the TV itself was
switched off.
too, can find its way into smart TVs and convert them into bugging devices. In this attack vector, hackers could create a legitimate app before
releasing a malicious update that would then be automatically downloaded onto a
smart TV. For example, a CIA program had apparently provided hackers with access to
Samsung Smart TVs, allowing a television’s built-in voice control microphone to
be remotely enabled while keeping the appearance that the TV itself was
switched off.
In 2014,
loopholes in a widely used interactive TV standard known as HbbTV came to light. Through means like burying
attack codes into ‘rogue’ broadcasts or deploying rogue over-the-air signals, thousands of internet-enabled smart TVs could be targeted
in one fell swoop. This opens an almost endless list of malicious actions,
including spying on the user via the TV’s microphone and camera and burrowing
deep into the local network. It is estimated that as many as 9 in 10 smart TVs
sold in recent years are vulnerable to such attacks. In these cases, the victim
would spot no outward signs of something being amiss. Furthermore, this attack does
not require any special hacking smarts.
loopholes in a widely used interactive TV standard known as HbbTV came to light. Through means like burying
attack codes into ‘rogue’ broadcasts or deploying rogue over-the-air signals, thousands of internet-enabled smart TVs could be targeted
in one fell swoop. This opens an almost endless list of malicious actions,
including spying on the user via the TV’s microphone and camera and burrowing
deep into the local network. It is estimated that as many as 9 in 10 smart TVs
sold in recent years are vulnerable to such attacks. In these cases, the victim
would spot no outward signs of something being amiss. Furthermore, this attack does
not require any special hacking smarts.
In February
2018, US non-profit organization Consumer Reports released the results of hack tests on five brands of internet-connected
TVs, each of which features a different smart TV platform. “Millions of smart
TVs can be controlled by hackers exploiting easy-to-find security flaws”, said
the organization. The devices were found to be susceptible to rather
unsophisticated hacks that would enable an attacker to flip through channels,
crank up the volume to blaring levels, install new apps, and knock the device
off Wi-Fi – all from a remote location.
2018, US non-profit organization Consumer Reports released the results of hack tests on five brands of internet-connected
TVs, each of which features a different smart TV platform. “Millions of smart
TVs can be controlled by hackers exploiting easy-to-find security flaws”, said
the organization. The devices were found to be susceptible to rather
unsophisticated hacks that would enable an attacker to flip through channels,
crank up the volume to blaring levels, install new apps, and knock the device
off Wi-Fi – all from a remote location.
Modern-day tattletales
Privacy concerns
about smart TVs were raised in 2015, when details about Samsung’s ‘voice recognition’
function – another layer of convenience that enables you to give voice commands
to your smart TV – were publicized. The company warned its customers who use the voice recognition feature
on their smart TVs that their private conversations would be among the data
captured and shared with third parties. In addition, the voice information
picked up in such ‘official snooping’ was not always encrypted, potentially enabling intruders to listen in on
private conversations.
about smart TVs were raised in 2015, when details about Samsung’s ‘voice recognition’
function – another layer of convenience that enables you to give voice commands
to your smart TV – were publicized. The company warned its customers who use the voice recognition feature
on their smart TVs that their private conversations would be among the data
captured and shared with third parties. In addition, the voice information
picked up in such ‘official snooping’ was not always encrypted, potentially enabling intruders to listen in on
private conversations.
It is also the
case that, with some devices, smart TV users need to consent to the collection
of very detailed data about their viewing habits, unless they are prepared to
forgo most or all of the ‘smart’ features of their new smart TV. Over the
years, several manufacturers have been found to engage in the behind-the-scenes acquisition of,
and trafficking in, data about the viewing habits of consumers.
case that, with some devices, smart TV users need to consent to the collection
of very detailed data about their viewing habits, unless they are prepared to
forgo most or all of the ‘smart’ features of their new smart TV. Over the
years, several manufacturers have been found to engage in the behind-the-scenes acquisition of,
and trafficking in, data about the viewing habits of consumers.
With forecasts projecting that over 750 million smart TVs will be in use worldwide by the end of 2018, the
security and privacy concerns involved can no longer go unattended. Smart TVs
afford us the opportunity to use them for purposes that are more commonly
associated with tablets and smartphones. Thus, our understanding of
cybersecurity and privacy measures for mobile devices should also extend to
smart TVs. Some of the same rules apply here, such as practising good password
hygiene and staying on top of updates rolled out by developers. Given that the
Android OS has dominated the global smartphone market and is projected to capture the smart TV market, it seems that consumers will look towards deploying Android
security products to their smart TVs.
security and privacy concerns involved can no longer go unattended. Smart TVs
afford us the opportunity to use them for purposes that are more commonly
associated with tablets and smartphones. Thus, our understanding of
cybersecurity and privacy measures for mobile devices should also extend to
smart TVs. Some of the same rules apply here, such as practising good password
hygiene and staying on top of updates rolled out by developers. Given that the
Android OS has dominated the global smartphone market and is projected to capture the smart TV market, it seems that consumers will look towards deploying Android
security products to their smart TVs.
For the LATEST tech updates,
FOLLOW us on our Twitter
LIKE us on our FaceBook
SUBSCRIBE to us on our YouTube Channel!
