Your Smart TV Could Give Hackers a Window on Your World | Cybersecurity
Cybercriminals have discovered ways to compromise smart TVs, including hacking them, the Portland office of the Federal Bureau of Investigation recently warned.
Smart TV owners should do their due diligence to secure the devices, the bureau urged.
Smart TVs are just as accessible to unauthorized parties as computers or other Internet-connected devices. Because many TVs now feature microphones and cameras, predators could commit serious privacy intrusions, such as cyberstalking users in their own homes, the FBI pointed out.
In addition, a smart TV could be a gateway to a home network, allowing hackers to gain
personal information from the set or from other Internet of Things devices.
Take Control of Your Smart TV
To combat the potential cybersecurity threats the FBI called on
owners to review the features of any smart TV purchased, and learn how to control them. Buyers should review the features before choosing a set, and then
read the manual.
Those who still have questions should search the Web using the model number and such words as “microphone,” “camera” and “privacy,” the FBI advised.
Users should not depend on the default security settings. They should change passwords when possible. If they’re unable to do that, they should turn off microphones and cameras when not in use. If a TV camera can’t be turned off, a back-to-basics solution is to cover it with a piece of black tape.
The FBI suggested that users consider whether it is necessary to buy a model that utilizes cameras and microphones.
Smart TV owners also should research how a set gathers
personal information, what data is collected, how that data is
stored, and what the manufacturer might do with it.
Finally, buyers should assess the manufacturer’s ability to
update the device with security patches, and check into how it has
addressed these issues in the past, the FBI suggested.
Computerized Devices
Today’s smart TVs have functionality that overlaps with computers — including the ability to browse the Web — and with those capabilities come many of the same cybersecurity issues.
“Computers are great for bringing information into our homes, but
anything that can carry data in can also carry data out,” said Jim
Purtilo, associate professor in the University of Maryland
Department of Computer Science.
“A smart TV is just a computer system that some manufacturer has
configured for a specific role in our living rooms, so it isn’t a
surprise that they’re actually built to transmit, not just receive —
yet sometimes we forget that the camera and microphone are there for a
reason,” he told TechNewsWorld.
“Any device can be hacked — any device with a camera and microphone
can potentially be put to spying,” noted Roger Kay, principal analyst
at Endpoint Technologies Associates.
“That’s one reason I don’t use a notebook in my office and won’t
have an Echo in my home,” he told TechNewsWorld.
TV Spies
The FBI’s warnings come as smart TV functionality has increased,
and as more and more viewers are watching streaming content. However,
few consumers may remember past smart TV breaches and security shortcomings, if they even knew of them at all.
TV viewers may be tuning into spy thrillers such as Homeland, Berlin
Station and Tom Clancy’s Jack Ryan — but more ominous than what they see on the screen is that their sets may be spying on them.
The Electronic Privacy Information
Center, a consumer rights group, in 2015 called out South Korean consumer electronics giant Samsung for recording private conversations via the built-in
microphones in Samsung smart TVs.
The group accused Samsung of
breaking U.S. privacy laws, including the Electronic
Communications Privacy Act and the Children’s Online Privacy
Protection Act.
Jessica Rich, then director of the Bureau of Consumer
Protection, addressed the issue in her opening remarks at the
2016 Smart TV workshop hosted by the Federal Trade Commission.
WikiLeaks a year later asserted that Samsung smart TVs could be used to spy
on owners. It described a program dubbed “Weeping Angel” — reportedly
designed by the CIA and the United Kingdom’s MI5/BTSS — that could
make the TVs appear to be in the off mode while the microphones and
cameras were still functioning.
“There are lots of ways to mitigate potential attacks, but a
well-financed, determined state actor can get into your device,”
suggested Kay.
Such tools would not be used against American citizens, according to former CIA director Michael Hayden, who characterized the
ability to listen in on conversations as a “wonder capability.”
Of course, if the CIA can listen in, so too can manufacturers or hackers.
“The FBI correctly warns about the potential that criminals might
watch us via cameras on hacked TVs, but I don’t know many consumers
who would feel relief if it was only tech firms watching and listening
instead,” remarked UMD’s Purtilo.
“The probability of hackage is low, but not zero,” said Endpoint’s Kay, “and with
all these new devices, we’re creating a self-surveillance state
without even being forced to.”
Watch What You Watch
Though the potential for hacking is worrisome, what the manufacturers are gathering from TV owners is also a major cause for concern.
Multiple smart TV makers, including LG and Samsung, were
collecting information from users about the content they viewed, The Washington Post reported earlier this year.
They were monitoring content to help advertisers better
target ads, according to the report.
TV tracking has been a serious ongoing issue. TV
maker Vizio paid a US$2.2 million fine after it was caught secretly
collecting customer viewing data.
“The FBI’s cautionary recommendations are entirely valid,” said
Charles King, principal analyst at Pund-IT.
“Too often, consumers consider security to be someone else’s job or
responsibility,” he told TechNewsWorld. “The problem is, that kind of passive fatalism sets people up to be victimized both by consumer electronics giants who use
customers’ data for commercial gain, and by cybercriminals looking to
profit personally.”
Beyond the TVs
Any device connected to the Internet — whether by a cable or wirelessly — could provide a port of entry to a home network and allow access to personal data.
“It is all IoT devices that we need to worry about,” said Roger Entner, principal analyst at Recon Analytics.
“These are the open doors into your home,” he told TechNewsWorld. “These ports are left open so that consumers can access them, but in
turn so too can everyone else.”
Users need to be vigilant about locking down the systems.
“You basically need to stop unauthorized access from those ports and
put firewalls up, and where possible use the highest level of encryption,” Entner recommended.
Scary Internet of Things to Come
Currently the dangers that the FBI and cybersecurity experts are
warning about are cyberstalking and compromise of personal data,
but IoT could open the ports to even more sinister threats.
One possibility is ransomware, which demands that users pay a price to regain control of hacked devices.
“Imagine how someone could make a quick buck by hijacking your TV,
refrigerator or other connected device,” said Entner.
“This could involve someone turning up the volume on the TV — or worse,
turning up the temperature to 90 degrees and then turning it off,” he suggested.
“Right now, as the smart home evolves, we are walking around like babes
in the woods — like there is no evil out there,” Entner said.
“Consumers mistakenly think smart TVs, like doorbell monitors and
digital assistants, exist to offer services to us,” noted Purtilo.
“It’s true that these technologies can offer us value, but their chief
design function is to convey information about us back to companies
that monetize it,” he said. “They leverage our data to tailor better
pitches to sell things to us. The tech is great — for the companies.”
Peter Suciu has been an ECT News Network reporter since 2012. His areas of focus include cybersecurity, mobile phones, displays, streaming media, pay TV and autonomous vehicles. He has written and edited for numerous publications and websites, including Newsweek, Wired and FoxNews.com.
Email Peter.