How safe are you around your smart TV?

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,048
The times when all that our TV sets could do was show us ‘regular’ TV stations are now over. These days, such ‘old-school’ television sets are increasingly being replaced with their ‘smart’ successors, which we can use for streaming video and audio, playing games, browsing the internet, downloading and using apps – all of that thanks to their internet connectivity. This leads to a key question: Are you safe around your smart TV?

This evolution is part of a wider trend that involves connecting consumer electronics and everyday objects to the internet, creating a rapidly growing mass of various Internet-of-Things (IoT) devices in the process.

However, the internet connectivity of smart TVs and the perilous state of security in the IoT space in general has opened the floodgates to a deluge of threats to our privacy and security.

Research has shown that various attacks against smart TVs are possible and practicable, often requiring no physical access to the device or interaction from the user. It has also been demonstrated several times that, once compromised, an Internet-enabled TV can serve as a springboard for attacks at other devices within the same network, ultimately targeting a user’s personal information stored on even juicier targets such as PCs or laptops.

Watching you watching me
Now, you probably enjoy watching your smart TV, but chances are that you don’t want it to watch you, too. But ‘watch its watchers’ is precisely what these TVs can do.

Back in 2013, researchers demonstrated that, by exploiting security holes in some models of Samsung’s internet-capable TVs, it was possible to remotely turn on the built-in camera and microphone. In addition to converting the TVs into all-seeing, all-hearing devices, they were able to take control of embedded social media apps, posting information on the users’ behalf and accessing files. Another researcher highlighted an attack that allowed him to insert fake news stories into the browser of a smart TV.

Malware, too, can find its way into smart TVs that could convert them into bugging devices. In this attack vector, which has also been proven practicable, hackers could create a legitimate app before releasing a malicious update that would then be automatically downloaded onto a smart TV fitted with a built-in microphone.

In 2014, a loophole in a widely used interactive TV standard known as Hybrid Broadcast Broadband TV (HbbTV) came to light. It emerged that malicious attack code could be buried into ‘rogue’ broadcasts and target thousands of smart TVs in one fell swoop, hijacking these as well as other devices in the network, stealing logins, displaying bogus adverts, and even sniffing for unprotected Wi-Fi networks. In addition, the attack was found not to require any special hacking smarts.

Issues with HbbTV were in the spotlight again in 2017. A security researcher demonstrated a technique for deploying a rogue over-the-air signal to compromise internet-enabled televisions. Once taken over by the attacker, the TV could be used for an apparently endless list of malicious actions, including to spy on the user via the TV’s microphone and camera, and to burrow deep into the local network. As many as nine in ten smart TVs sold in recent years were estimated to be prone to this hack. As with the earlier example, the victim would spot no outward signs of something being amiss.

In February 2018, US non-profit organization Consumer Reports released the results of hack tests on internet-connected TVs of five brands, each of which features a different smart TV platform. “Millions of smart TVs can be controlled by hackers exploiting easy-to-find security flaws”, said the organization. The devices were found to be susceptible to rather unsophisticated hacks that would enable an attacker to flip through channels, crank up the volume to blaring levels, install new apps, and knock the device off Wi-Fi – all while working remotely, of course.

The review also found that users need to consent to the collection of very detailed data about their viewing habits – unless they’re ready to forgo some of the smart features of their new smart TV. Over the years, several manufacturers have been found to engage in the behind-the-scenes acquisition of, and trafficking in, data about the viewing habits of consumers.

Having a listen
Concerns about the implications of smart TVs for privacy were also raised in 2015, when Samsung’s ‘voice recognition’ function as another layer of convenience that enables you to give voice commands to your smart TV came to the fore. The company warned its customers who use the voice activation feature on their smart TVs that their private conversations would be among the data captured and shared with third parties. In addition, the voice information picked up in such ‘official snooping’ was not always encrypted, potentially enabling intruders to listen in on private conversations.

All told, the security conversation is here to stay, as a range of private and security concerns persist while more and more consumers are snapping up smart TVs. According to one projection, over 750 million smart TVs will be in use worldwide by the end of 2018.

Smart TVs afford us the opportunity to use them for purposes that are more commonly associated with computers. In fact, that’s what these TVs have become – internet-connected ‘computers’, much like mobile phones. It would no doubt help if we thought of them as such and treated them accordingly.
 
D

Deleted member 65228

All they need to do now is make Smart TVs into anti-burglar robots. When someone tries to steal the TV, it turns into a full-on robot and tackles them to the ground. Identities burglar threats via finger-print, microphone, IRIS scanning/picture analysis.

I mean if they can surveillance may as well add in some security features right. Best put an Amazon lock on it, that will be super secure.

Lmao
 
F

ForgottenSeer 58943

There is a very simple way to secure Smart TV's 'fairly' well.. OPT-Out of all services and DO NOT accept the terms of service on setup. Without those, nothing much happens to them and you can still use them and update them.

The second method is use Pi-Hole then use the Smart-TV telemetry/spying block list.

The third method is to simply turn it into a dumb TV and not connect it to the internet exactly 4 times a year to upgrade firmware.

Or if you are like me, you employ all three methods to varying degrees. :unsure:
 

Daviworld

Level 2
Verified
Feb 19, 2018
60
Which is why I bought a smart TV without a voice activation or camera feature installed on it, however the speaker's can stilled be used by a determined actor to spy on conversation's, by turning the speaker's into listening device's.

I also declined Samsung's smart TV term's of agreement on set-up, due to me finding out before I bought my smart TV about the smart TV's with voice and camera function's being hacked and/or used by the companies themselves to gather information. As a paranoid security nut, that was a huge no no for me lol.

However, after a awhile the convenience of just streaming through the TV while in bed, without cable's and casting seemed enticing.

I utilize 3 different VPN's, one for my phone and PC, another for my console and smart TV, and another for downloading and research purposes.
set up strict security policy's for the smart TV. So, now I can see whatever it is connecting too, how much traffic is typically used, from where, a very restrictive firewall, etc. I was even going as far as separating the TV from the LAN traffic into it's own local network and subnet, I reverted that last change, for convenience of casting.

Safe to say, I have fun with each new potential spying device that enter's my home lol
 
  • Like
Reactions: Weebarra

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
This leads to a key question: Are you safe around your smart TV?
'How stupid are people around technology?' is the definitive answer to the question.

On a side note, you rarely see new TVs with a built-in camera.
 
  • Like
Reactions: Weebarra

kellysi

Level 1
Feb 19, 2018
13
I would agree that we are not safe, ahaa, yep, not safe, there are reality shows everywhere.
That aside lets not forget ultrasonic ads some companies deploy that emit a sound no human can hear and in doing so they recognize all the devices that have been using such ads in the surrounding. That's what I heard than again curiosity killed the cat. Anyway, I dont think we should crawl in hole, but I just read the post on the guy that probably got unwanted "remote assistance" thats just creepy. I mean I had a friend that opened and closed my CD I got a heart attack and he had a good laugh. But things like the above mentioned are not funny. 'How stupid are people around technology?' good question. Frankly, I am not very tech savvy but I do realize there are some things you dont do. I think people live in an innocent bubble and know less than me. I am guessing that once you were logged in never considered the bad stuff going on. Even if there was a user manual or a video welcoming new Internet users, they still wouldn't take a look at it instead click next like the life is going to pass if he doesn't click right that instant.
 
  • Like
Reactions: Weebarra
D

Deleted member 65228

I doubt Smart TVs are as innocent as they may appear at first or are marketed, I can hear the sirens of surveillance ringing like a bell in my ear every time I look at one.

But Smart TVs do have some neat features and there's many nice Smart TVs. I guess if you need Netflix, Now TV or other alike services then you could just link up a PS4 or Xbox One to the TV or even a laptop screen though.
 
  • Like
Reactions: Weebarra
F

ForgottenSeer 58943

I doubt Smart TVs are as innocent as they may appear at first or are marketed, I can hear the sirens of surveillance ringing like a bell in my ear every time I look at one.

But Smart TVs do have some neat features and there's many nice Smart TVs. I guess if you need Netflix, Now TV or other alike services then you could just link up a PS4 or Xbox One to the TV or even a laptop screen though.

Run a Pi-Hole on your network, there are curated blacklists to block DNS to some TV manufacturers without breaking TV functionality. Roku, Sticks, and other stuff are effectively neutralized for spying with other lists on Pi-Hole.

I use Samsung devices and use a curated Samsung blacklist on my Pi-Hole. Samsung is WAY overly chatty so I consider it essential.

https://v.firebog.net/hosts/static/SamsungSmart.txt

Good discussion here on blocks for many 'smart' devices that stop telemetry/spying but don't break functionality.

Commonly blacklisted domains
 

TheJokerz

Level 7
Verified
Well-known
Jan 7, 2016
311
I put roku boxes on all my "smart" tv's. I never connected my "smart" tv's to the internet, so therefore I should not have anything to worry about with the tv's.
 
  • Like
Reactions: Weebarra

Daviworld

Level 2
Verified
Feb 19, 2018
60
Run a Pi-Hole on your network, there are curated blacklists to block DNS to some TV manufacturers without breaking TV functionality. Roku, Sticks, and other stuff are effectively neutralized for spying with other lists on Pi-Hole.

I use Samsung devices and use a curated Samsung blacklist on my Pi-Hole. Samsung is WAY overly chatty so I consider it essential.

https://v.firebog.net/hosts/static/SamsungSmart.txt

Good discussion here on blocks for many 'smart' devices that stop telemetry/spying but don't break functionality.

Commonly blacklisted domains

Thank's for the resource, I'll add it to my current blocklist

I currently use these blocklist on my router:
https://iplists.firehol.org/files/bds_atif.ipset
https://iplists.firehol.org/files/taichung.ipset
https://iplists.firehol.org/files/urandomusto_telnet.ipset
https://iplists.firehol.org/files/urandomusto_ssh.ipset
https://iplists.firehol.org/files/normshield_high_attack.ipset
https://iplists.firehol.org/files/normshield_high_bruteforce.ipset
 
  • Like
Reactions: Weebarra

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top