Smart TV connected to the internet can invade your privacy. Here’s what the FBI and two top security experts recommend doing to protect yourself.
Smart TVs offer a lot of interesting features, including internet access, streaming apps, cameras, and built-in microphones. However, because they are always connected to the internet, those TVs can be potentially risky.
Hackers with access can control your TV and change certain settings. Using a built-in camera and microphone, a hacker is smart and able to track your conversations. In November 2019, the FBI issued a warning about the risks of smart TVs to your privacy and made a number of recommendations.
The FBI notes that TV manufacturers and app developers have the ability to listen to and track you. However, a more serious potential threat comes from bad guys accessing your unsafe TV and taking control by changing channels, adjusting volume levels, and even displaying content that isn’t appropriate for children. Worst of all, they can turn on your TV’s camera and microphone to track you or use that access to find the back door to your router and other connected devices.
FBI Best Methods
All this may sound like the worst kind of nightmare scenario, but it’s a situation that doesn’t scare you into using your smart TV. The FBI puts in place a number of best principles and methods to better ensure your security and privacy:
Know exactly what features your TV has and how to control them. Perform basic internet searches with your model number and the words “microphone,” “camera,” and “privacy.”
It doesn’t depend on the default security settings. Change your password if you can — and know how to turn off your microphone, camera, and collect personal information if you can. If you can’t turn them off, consider whether you’re willing to take the risk of buying that model or using it.
If you can’t turn off the camera but still want to, then a simple piece of black adhesive tape on the camera’s eyes is a completely basic option.
Check the manufacturer’s ability to update your device with security patches. Can he do this? Has it done it in the past?
What experts say
In addition to the FBI’s advice, we have industry experts considering this issue. Stephen Hyduchak, CEO of identity verification service Aver and Joseph Carson, chief security scientist and CISO Advisor at privileged access management company Thycotic, have shed light on the TV hack.
What are the potential risks and risks for smart TV owners from hackers?
Hyduchak: The risk comes from anything related to microphones, cameras and sensors. Data mining is based on what you see and your location is also valuable in the data market, so these also become risks.
Carson: Smart TVs are basically computers running operating systems. The same risks that apply to computers also apply to smart TVs. Most smart TVs have cameras, microphones, and file systems. If cybercriminals gain access to your smart TV, which can be connected to the Internet, it means that the attacker can see you through the camera, listen to your conversations, and steal your data. An attacker can also use your smart TV to then move to other devices in your home network. This includes your laptop or other personal devices, including network memory.
How are these risks and threats real and predicting? Is this threat being overblown or something that all smart TV owners should be concerned about?
Hyduchak: The risk is real. In 2018, Huawei, a Chinese-based company that produces all kinds of consumer electronics, was found with “back doors” in their products. This gives them basic access to phone data when they want. Many in the U.S. government came out and immediately recommended stopping using all their products.
Carson: The threat is very real. When possible, cybercrime will make full use of it.What are the real cases of TV manufacturers using smart TVs to snoop on users, whether intentionally or accidentally?
Hyduchak: Back in 2017, Vizio sold data from their TV and was fined by the FTC. Once a second, the software in the Vizio TV reads pixel data from a segment of the screen. This information is sent home and compared to a database of movie, TV and promotional content to determine what is being viewed.
Has there been any real case of hackers gaining access to smart TVs and then being able to find other information on the user’s home network?
Hyduchak: The FBI and CIA are warning that our TV could be a window to your network. It is difficult to find data about violations because most are silent. However, rest assured that when Roku makes patches for vulnerabilities, that’s not a mistake or no reason for that patch.
Carson: Quite possible. I personally have even used it in previous penetration tests using the TV’s camera and microphone.
Are TV manufacturers doing anything to fix the vulnerabilities of smart TVs?
Hyduchak: They’re more transparent about their use and things like the California Consumer Privacy Act (CCPA) that oblige data usage disclosure.
Carson: Honestly, when no one complains and they don’t disclose that they’re victims, TV producers don’t urgently improve security systems or patches.
In addition to the recommendations made in the FBI’s warning, what else should smart TV owners do to protect themselves and their privacy?
Hyduchak: Make sure your products are up to date with the latest software and make sure that products like Huawei are not in your bedroom, let alone your home.
Carson: I recommend always making sure that you know what features are enabled on your smart TV that will create risks and then decide if you need them. You should also keep your smart TV patched and powered off completely when you’re not using it.
There are also specific steps that owners of certain TV brands should follow.
Sony Android TV uses the Google Play Store, which integrates Google Play Protect to scan all Android apps on TVs to find malware before and after they’re downloaded to the TV. Owners of such TVs can adjust android TV’s default settings to access apps only through the Google Play Store or only download apps via USB, according to Sony.
On the Sony Select row of Android TV home screens, the ESET Smart TV Security app can be installed to protect Android security issues and USB devices plugged into the TV while helping to prevent unauthorized access to data when connected.