FBI: That Cyber Monday Smart TV Deal May Be A Huge Security And Privacy Threat

Smart TV
Pretty much all new TVs these days have smart functionality built into them. This can vary by model—some are simply loaded up with streaming apps, like Netflix and Hulu, while others offer voice control. Some even have built-in cameras, both for facial recognition and to utilize apps like Skype. In response to these increasingly sophisticated TV sets permeating the market, FBI Portland has issued a warning that they can pose security and privacy threats.

Of course, this has been known, and for quite a while. Around this time in 2012 (seven years ago), it was discovered that some smart TV models (including some Samsung smart TVs) were susceptible to a vulnerability that could allow an attacker to gain remote access. Once inside, the attacker could muck around with the settings, swipe files from a USB flash drive connected to the TV, and serve up malware.

More recently, Samsung issued guidance to customers saying they should regularly scan their smart TVs for malware, just like a PC. Samsung caught some heat for the warning, which it posted on Twitter and then later deleted, because many people felt that smart TVs should do this on their own without the user having to manually initiate a scan.

Others have raised security and privacy concerns as well, including the FBI.

"Beyond the risk that your TV manufacturer and app developers may be listening and watching you, that television can also be a gateway for hackers to come into your home. A bad cyber actor may not be able to access your locked-down computer directly, but it is possible that your unsecured TV can give him or her an easy way in the backdoor through your router," FBI Portland stated in a blog post.

In addition, the FBI says once a hacker takes control of a TV, they can change the channels, adjust the volume, show kids inappropriate videos, and even turn the camera and microphone on, which can be especially problematic for TVs situated in the bedroom.

The FBI also offered up some tips...
  • Know exactly what features your TV has and how to control those features. Do a basic Internet search with your model number and the words 'microphone', 'camera', and 'privacy'.
  • Don’t depend on the default security settings. Change passwords if you can—and know how to turn off the microphones, cameras, and collection of personal information if possible.
  • If you can’t turn them off, consider whether you are willing to take the risk of buying that model or using that service. If you can’t turn off a camera but want to, a simple piece of black tape over the camera eye is a back-to-basics option.
  • Check the manufacturer’s ability to update your device with security patches. Can they do this? Have they done it in the past?
  • Check the privacy policy for the TV manufacturer and the streaming services you use. Confirm what data they collect, how they store that data, and what they do with it.
Fortunately, smart TVs are not a popular attack vector, so there's no need to panic. However, who knows if that will change as more homes upgrade their dumb TVs to smart ones. Along those lines, a recent study highlighted how what kind of data collection occurs from smart TVs and streaming products.

It's all stuff to keep in mind when you upgrade your TV, now that the season of deals is upon us.