Story image

Five ways smart TVs are at risk of cyber attacks

14 Aug 2019
Twitter
Facebook

Smart TVs with internet connections are quickly replacing the older, heavier TVs of yesteryear – but even those old TVs can be converted to streaming devices with gadgets such as Google Chromecast.

With pervasive internet connectivity, it’s easier than ever for cybercriminals to exploit devices that aren’t as secure on the internet as they should be.

According to ESET senior research fellow Nick FitzGerald, Android TV is the most popular operating system for TVs – but it’s also vulnerable to many malware strains that affect other Android devices, because it shares the same base architecture.

ESET says that smart TVs are vulnerable in the following ways:

1. Malware 

TVs can fall prey to ransomware like Simplocker, which includes threats that instruct victims to pay money to recover access to their devices. 

Many users may also install software from outside the Google Play store for Android TV, which could be potentially hazardous. In these cases, cybercriminals leverage the elevated permissions to steal information from accounts in other apps, execute a key logger, or neutralise the system’s security safeguards. 

2. Poor configuration 

Misconfiguring a smart TV could leave it open to all sorts of threats. Vendors modifying the underlying operating system to add new functionalities as well as customer oversight could be at fault. Misconfiguration ranges from keeping ports open and using insecure protocols to enabling debugging mechanisms, relying on poor or default passwords (or no passwords at all), or using unneeded services. 

3. Vulnerabilities 

Other vulnerabilities include flaws that make it possible to control TV models remotely using public APIs or allow attackers to run arbitrary commands on the system. Built-in voice assistants and links to a variety of Internet of Things (IoT) sensors can open more potential attack vectors. Because smart TVs are hubs for endless sensors and vehicles for sensitive information, they are enormously attractive to cybercriminals. 

4. Physical attacks through USB ports 

USB ports in TVs can be used to run malicious scripts or to exploit vulnerabilities. This can be done quickly and easily by using gadgets such as Bash Bunny, and they are also not particularly complicated or expensive to create from scratch. 

5. Social engineering 

Social engineering remains at the heart of many campaigns aimed at stealing personal information, distributing malware, or exploiting security loopholes. Nearly all (if not all) smart TVs are now fitted with an email client and web browser, allowing for risks such as phishing to still be viable through a TV screen. 

While cybercriminals can hack into a smart TV a variety of ways, there are plenty of ways that consumers can prevent this from happening. These include protecting router credentials, properly configuring smart TVs, always installing the latest updates, and streaming with caution. 

“Smart TVs are gaining more features, and the amount and sensitivity of the data they handle makes them ever more appealing to cybercriminals. However, rather than be frightened off using smart TVs, consumers must simply take the appropriate steps to protect themselves,” FitzGerald concludes.