More

    Smart TVs: The Cyberthreat Lurking in Your Living Room, Feds Warn

    TV takeover, privacy threats, botnet concerns, and Wi-Fi network compromise are all big concerns when it comes to connected TVs.

    Black Friday and Cyber Monday sales of smart TVs are likely prodigious this Thanksgiving weekend – but consumers need to be aware of the hole they can punch in home cyber-defenses.

    That’s the word from the FBI, which warned that smart TVs, which hook up to the internet to allow users to access apps and stream Netflix and other video services, can be gateways for hackers.

    “Hackers can take control of your unsecured TV,” according to the notice. “At the low end of the risk spectrum, they can change channels, play with the volume, and show your kids inappropriate videos. In a worst-case scenario, they can turn on your bedroom TV’s camera and microphone and silently cyberstalk you.”

     

    Smart TVs also present other security issues, such as the ability for hackers to compromise them to infiltrate home Wi-Fi setups and penetrate other devices on the network.

    “A bad cyber-actor may not be able to access your locked-down computer directly, but it is possible that your unsecured TV can give him or her an easy way in the backdoor through your router,” the bureau said in its notice, issued ahead of Black Friday and Cyber Monday.

    While the FBI didn’t directly warn about botnets, it should be noted that the Internet of Things (IoT) devices like smart TVs are popular targets for botherders, according to security researchers.

    “Many cyberattacks, like the Mirai malware and the Dyn attacks, infect a network of computers, including smart connected devices such as home appliances, security cameras, baby monitors, air conditioning/heating controls, televisions, etc., and turn them all into compromised servers,” wrote Alan Grau, vice president of IoT, Embedded Solutions at Sectigo, who also outlined concerns in a recent Threatpost webinar. “These compromised servers then act as nodes in an attack and together create a botnet. They can participate in a variety of coordinated attacks, infecting other devices and expanding the network of bots, or participating in denial-of-service attacks.”

    The feds also warned of the potential “risk that your TV manufacturer and app developers may be listening and watching you,” noting that newer TVs with built-in cameras allow video-chatting. Also, some models have facial recognition, “so the TV knows who is watching and can suggest programming appropriately,” according to the notice, which also potentially opens up privacy concerns.

    “If you can’t turn off a camera but want to, a simple piece of black tape over the camera eye is a back-to-basics option,” the FBI noted. “Check the privacy policy for the TV manufacturer and the streaming services you use. Confirm what data they collect, how they store that data, and what they do with it.”

    The concern is not theoretical: Recently, researchers discovered that smart TVs from Samsung, LG and others are sending sensitive user data to partner tech firms, even when devices are idle.

    The FBI’s warning also follows news of real-world hacks and the discovery of several security vulnerabilities in smart TVs over the course of the last few years as the devices have gained popularity. Like many IoT devices, TV vendors don’t necessarily follow security-by-design principles, the FBI warned.

    For instance, in April, researchers found two vulnerabilities in Android-based smart TVs from Sony, including the flagship Bravia line, which could allow attackers to access Wi-Fi passwords and images stored on the devices. In June, a vulnerability in SUPRA Smart Cloud TVs was found that would allow attackers on the same Wi-Fi network to hijack the TV set to broadcast their own content – including, potentially, fake emergency broadcast messages.

    To protect themselves from all of these threats, consumers should change smart TVs’ default security settings and passwords, and know how to turn off the microphones, cameras and collection of personal information if possible, the FBI said. They should also check a manufacturer’s track record with pushing out security patches.

    Recent Articles

    5 Things to Know About the macOS 10.15.2 Update in December

    5 Things to Know About the macOS 10.15.2 Update in December is a post by Josh Smith from Gotta Be Mobile. Apple is working on...

    5 Best WordPress Business Directory Plugins

    Are you looking for the best WordPress business directory plugins? A business directory helps users discover service providers in a particular niche or category. At...

    René Auberjonois, Odo from ‘Star Trek: Deep Space Nine’, has died

    Veteran actor and singer René Auberjonois has died of metastatic lung cancer at his Los Angeles home on Dec. 8. Auberjonois' son Rèmy-Luc confirmed...

    Pokémon Sword and Shield Berries, Berries, and more Berries!

    A common feature in Pokémon games, Berries serve many purposes and Pokémon Sword and Shield is no different. Within battle, your Pokémon can eat...

    This week’s top stories: Completely wireless iPhone in 2021, App Store awards, Mac Pro, more

    In this week’s top stories: Ming-Chi Kuo details the 2020 and 2021 iPhones, Apple reveals its 2019 App Store awards, Peloton launches an Apple Watch...

    Latest Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox