Your Smart TV Could Give Hackers a Window on Your World

Cybercriminals have discovered ways to compromise smart TVs, including hacking them, the Portland office of the Federal Bureau of Investigation recently warned.

Smart TV owners should do their due diligence to secure the devices, the bureau urged.

Smart TVs are just as accessible to unauthorized parties as computers or other Internet-connected devices. Because many TVs now feature microphones and cameras, predators could commit serious privacy intrusions, such as cyberstalking users in their own homes, the FBI pointed out.

In addition, a smart TV could be a gateway to a home network, allowing hackers to gainpersonal information from the set or from other Internet of Things devices.

Take Control of Your Smart TV

To combat the potential cybersecurity threats the FBI called onowners to review the features of any smart TV purchased, and learn how to control them. Buyers should review the features before choosing a set, and thenread the manual.

Those who still have questions should search the Web using the model number and such words as “microphone,” “camera” and “privacy,” the FBI advised.

Users should not depend on the default security settings. They should change passwords when possible. If they’re unable to do that, they should turn off microphones and cameras when not in use. If a TV camera can’t be turned off, a back-to-basics solution is to cover it with a piece of black tape.

The FBI suggested that users consider whether it is necessary to buy a model that utilizes cameras and microphones.

Smart TV owners also should research how a set gatherspersonal information, what data is collected, how that data isstored, and what the manufacturer might do with it.

Finally, buyers should assess the manufacturer’s ability toupdate the device with security patches, and check into how it hasaddressed these issues in the past, the FBI suggested.

Computerized Devices

Today’s smart TVs have functionality that overlaps with computers — including the ability to browse the Web — and with those capabilities come many of the same cybersecurity issues.

“Computers are great for bringing information into our homes, butanything that can carry data in can also carry data out,” said JimPurtilo, associate professor in the University of Maryland Department of Computer Science.

“A smart TV is just a computer system that some manufacturer hasconfigured for a specific role in our living rooms, so it isn’t asurprise that they’re actually built to transmit, not just receive –yet sometimes we forget that the camera and microphone are there for areason,” he told TechNewsWorld.

“Any device can be hacked — any device with a camera and microphonecan potentially be put to spying,” noted Roger Kay, principal analystat Endpoint Technologies Associates.

“That’s one reason I don’t use a notebook in my office and won’thave an Echo in my home,” he told TechNewsWorld.

TV Spies

The FBI’s warnings come as smart TV functionality has increased,and as more and more viewers are watching streaming content. However,few consumers may remember past smart TV breaches and security shortcomings, if they even knew of them at all.

TV viewers may be tuning into spy thrillers such as Homeland, BerlinStation and Tom Clancy’s Jack Ryan — but more ominous than what they see on the screen is that their sets may be spying on them.

The Electronic Privacy InformationCenter, a consumer rights group, in 2015 called out South Korean consumer electronics giant Samsung for recording private conversations via the built-inmicrophones in Samsung smart TVs.

The group accused Samsung ofbreaking U.S. privacy laws, including the ElectronicCommunications Privacy Act and the Children’s Online PrivacyProtection Act.

Jessica Rich, then director of the Bureau of ConsumerProtection, addressed the issue in her opening remarks at the2016 Smart TV workshop hosted by the Federal Trade Commission.

WikiLeaks a year later asserted that Samsung smart TVs could be used to spyon owners. It described a program dubbed “Weeping Angel” — reportedlydesigned by the CIA and the United Kingdom’s MI5/BTSS — that couldmake the TVs appear to be in the off mode while the microphones andcameras were still functioning.

“There are lots of ways to mitigate potential attacks, but awell-financed, determined state actor can get into your device,”suggested Kay.

Such tools would not be used against American citizens, according to former CIA director Michael Hayden, who characterized theability to listen in on conversations as a “wonder capability.”

Of course, if the CIA can listen in, so too can manufacturers or hackers.

“The FBI correctly warns about the potential that criminals mightwatch us via cameras on hacked TVs, but I don’t know many consumerswho would feel relief if it was only tech firms watching and listeninginstead,” remarked UMD’s Purtilo.

“The probability of hackage is low, but not zero,” said Endpoint’s Kay, “and withall these new devices, we’re creating a self-surveillance statewithout even being forced to.”

Watch What You Watch

Though the potential for hacking is worrisome, what the manufacturers are gathering from TV owners is also a major cause for concern.

Multiple smart TV makers, including LG and Samsung, werecollecting information from users about the content they viewed, The Washington Post reported earlier this year.

They were monitoring content to help advertisers bettertarget ads, according to the report.

TV tracking has been a serious ongoing issue. TVmaker Vizio paid a US$2.2 million fine after it was caught secretlycollecting customer viewing data.

“The FBI’s cautionary recommendations are entirely valid,” saidCharles King, principal analyst at Pund-IT.

“Too often, consumers consider security to be someone else’s job orresponsibility,” he told TechNewsWorld. “The problem is, that kind of passive fatalism sets people up to be victimized both by consumer electronics giants who usecustomers’ data for commercial gain, and by cybercriminals looking toprofit personally.”

Beyond the TVs

Any device connected to the Internet — whether by a cable or wirelessly — could provide a port of entry to a home network and allow access to personal data.

“It is all IoT devices that we need to worry about,” said Roger Entner, principal analyst at Recon Analytics.

“These are the open doors into your home,” he told TechNewsWorld. “These ports are left open so that consumers can access them, but inturn so too can everyone else.”

Users need to be vigilant about locking down the systems.

“You basically need to stop unauthorized access from those ports andput firewalls up, and where possible use the highest level of encryption,” Entner recommended.

Scary Internet of Things to Come

Currently the dangers that the FBI and cybersecurity experts arewarning about are cyberstalking and compromise of personal data,but IoT could open the ports to even more sinister threats.

One possibility is ransomware, which demands that users pay a price to regain control of hacked devices.

“Imagine how someone could make a quick buck by hijacking your TV,refrigerator or other connected device,” said Entner.

“This could involve someone turning up the volume on the TV — or worse,turning up the temperature to 90 degrees and then turning it off,” he suggested.

“Right now, as the smart home evolves, we are walking around like babesin the woods — like there is no evil out there,” Entner said.

“Consumers mistakenly think smart TVs, like doorbell monitors anddigital assistants, exist to offer services to us,” noted Purtilo.

“It’s true that these technologies can offer us value, but their chiefdesign function is to convey information about us back to companiesthat monetize it,” he said. “They leverage our data to tailor betterpitches to sell things to us. The tech is great — for the companies.”

Peter Suciu has been an ECT News Network reporter since 2012. His areas of focus include cybersecurity, mobile phones, displays, streaming media, pay TV and autonomous vehicles. He has written and edited for numerous publications and websites, including Newsweek, Wired and FoxNews.com.Email Peter.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by Peter Suciu
More in Cybersecurity

Should businesses and organizations require staff to provide proof of Covid-19 vaccination before physically coming to work?
Loading ... Loading ...

TechNewsWorld Channels