Cybercriminals have discovered ways to compromise smart TVs, including hacking them, the Portland office of the Federal Bureau of Investigation recently warned.
Smart TV owners should do their due diligence to secure the devices, the bureau urged.
Smart TVs are just as accessible to unauthorized parties as computers or other Internet-connected devices. Because many TVs now feature microphones and cameras, predators could commit serious privacy intrusions, such as cyberstalking users in their own homes, the FBI pointed out.
In addition, a smart TV could be a gateway to a home network, allowing hackers to gain personal information from the set or from other Internet of Things devices.
Take Control of Your Smart TV
To combat the potential cybersecurity threats the FBI called on owners to review the features of any smart TV purchased, and learn how to control them. Buyers should review the features before choosing a set, and then read the manual.
Those who still have questions should search the Web using the model number and such words as “microphone,” “camera” and “privacy,” the FBI advised.
Users should not depend on the default security settings. They should change passwords when possible. If they’re unable to do that, they should turn off microphones and cameras when not in use. If a TV camera can’t be turned off, a back-to-basics solution is to cover it with a piece of black tape.
The FBI suggested that users consider whether it is necessary to buy a model that utilizes cameras and microphones.
Smart TV owners also should research how a set gathers personal information, what data is collected, how that data is stored, and what the manufacturer might do with it.
Finally, buyers should assess the manufacturer’s ability to update the device with security patches, and check into how it has addressed these issues in the past, the FBI suggested.
Today’s smart TVs have functionality that overlaps with computers — including the ability to browse the Web — and with those capabilities come many of the same cybersecurity issues.
“Computers are great for bringing information into our homes, but anything that can carry data in can also carry data out,” said Jim Purtilo, associate professor in the University of Maryland Department of Computer Science.
“A smart TV is just a computer system that some manufacturer has configured for a specific role in our living rooms, so it isn’t a surprise that they’re actually built to transmit, not just receive — yet sometimes we forget that the camera and microphone are there for a reason,” he told TechNewsWorld.
“Any device can be hacked — any device with a camera and microphone can potentially be put to spying,” noted Roger Kay, principal analyst at Endpoint Technologies Associates.
“That’s one reason I don’t use a notebook in my office and won’t have an Echo in my home,” he told TechNewsWorld.
The FBI’s warnings come as smart TV functionality has increased, and as more and more viewers are watching streaming content. However, few consumers may remember past smart TV breaches and security shortcomings, if they even knew of them at all.
TV viewers may be tuning into spy thrillers such as Homeland, Berlin Station and Tom Clancy’s Jack Ryan — but more ominous than what they see on the screen is that their sets may be spying on them.
The Electronic Privacy Information Center, a consumer rights group, in 2015 called out South Korean consumer electronics giant Samsung for recording private conversations via the built-in microphones in Samsung smart TVs.
The group accused Samsung of breaking U.S. privacy laws, including the Electronic Communications Privacy Act and the Children’s Online Privacy Protection Act.
Jessica Rich, then director of the Bureau of Consumer Protection, addressed the issue in her opening remarks at the 2016 Smart TV workshop hosted by the Federal Trade Commission.
WikiLeaks a year later asserted that Samsung smart TVs could be used to spy on owners. It described a program dubbed “Weeping Angel” — reportedly designed by the CIA and the United Kingdom’s MI5/BTSS — that could make the TVs appear to be in the off mode while the microphones and cameras were still functioning.
“There are lots of ways to mitigate potential attacks, but a well-financed, determined state actor can get into your device,” suggested Kay.
Such tools would not be used against American citizens, according to former CIA director Michael Hayden, who characterized the ability to listen in on conversations as a “wonder capability.”
Of course, if the CIA can listen in, so too can manufacturers or hackers.
“The FBI correctly warns about the potential that criminals might watch us via cameras on hacked TVs, but I don’t know many consumers who would feel relief if it was only tech firms watching and listening instead,” remarked UMD’s Purtilo.
“The probability of hackage is low, but not zero,” said Endpoint’s Kay, “and with all these new devices, we’re creating a self-surveillance state without even being forced to.”
Watch What You Watch
Though the potential for hacking is worrisome, what the manufacturers are gathering from TV owners is also a major cause for concern.
Multiple smart TV makers, including LG and Samsung, were collecting information from users about the content they viewed, The Washington Post reported earlier this year.
They were monitoring content to help advertisers better target ads, according to the report.
TV tracking has been a serious ongoing issue. TV maker Vizio paid a US$2.2 million fine after it was caught secretly collecting customer viewing data.
“The FBI’s cautionary recommendations are entirely valid,” said Charles King, principal analyst at Pund-IT.
“Too often, consumers consider security to be someone else’s job or responsibility,” he told TechNewsWorld. “The problem is, that kind of passive fatalism sets people up to be victimized both by consumer electronics giants who use customers’ data for commercial gain, and by cybercriminals looking to profit personally.”
Beyond the TVs
Any device connected to the Internet — whether by a cable or wirelessly — could provide a port of entry to a home network and allow access to personal data.
“It is all IoT devices that we need to worry about,” said Roger Entner, principal analyst at Recon Analytics.
“These are the open doors into your home,” he told TechNewsWorld. “These ports are left open so that consumers can access them, but in turn so too can everyone else.”
Users need to be vigilant about locking down the systems.
“You basically need to stop unauthorized access from those ports and put firewalls up, and where possible use the highest level of encryption,” Entner recommended.
Scary Internet of Things to Come
Currently the dangers that the FBI and cybersecurity experts are warning about are cyberstalking and compromise of personal data, but IoT could open the ports to even more sinister threats.
One possibility is ransomware, which demands that users pay a price to regain control of hacked devices.
“Imagine how someone could make a quick buck by hijacking your TV, refrigerator or other connected device,” said Entner.
“This could involve someone turning up the volume on the TV — or worse, turning up the temperature to 90 degrees and then turning it off,” he suggested.
“Right now, as the smart home evolves, we are walking around like babes in the woods — like there is no evil out there,” Entner said.
“Consumers mistakenly think smart TVs, like doorbell monitors and digital assistants, exist to offer services to us,” noted Purtilo.
“It’s true that these technologies can offer us value, but their chief design function is to convey information about us back to companies that monetize it,” he said. “They leverage our data to tailor better pitches to sell things to us. The tech is great — for the companies.”