How to Stop Your Smart TV From Spying on You
Your internet-connected smart TV can invade your privacy. Here’s what the FBI and two top security experts recommend you do to protect yourself.
Smart televisions offer a lot of cool features, including internet access, streaming apps, and built-in cameras and microphones. But because they’re always connected to the internet, those TVs can be a potential risk.
Hackers who gain access can control your TV and change certain settings. Using built-in cameras and microphones, a smart and capable hacker can spy on your conversations. In November 2019, the FBI issued a warning about the risks of smart TVs to your privacy and offered several recommendations.
The FBI noted that TV manufacturers and app developers have the ability to listen to and watch you. But a potentially more serious threat comes from bad actors who gain access to your unsecured television and take control by changing channels, adjusting volume levels, and even showing inappropriate content to children. At worst, they might turn on your TV’s camera and microphone to spy on you, or use that access to find a backdoor into your router and other connected devices.
FBI’s Best Practices
This all sounds like the worst type of nightmare scenario, but it’s one that shouldn’t make you afraid to use your smart TV. The FBI offers a few guidelines and best practices to better ensure your security and privacy:
- Know exactly what features your TV has and how to control them. Do a basic internet search with your model number and the words “microphone,” “camera,” and “privacy.”
- Don’t depend on default security settings. Change passwords if you can-and know how to turn off the microphones, cameras, and collection of personal information if possible. If you can’t turn them off, consider whether you are willing to take the risk of buying that model or using that service.
- If you can’t turn off a camera but want to, a simple piece of black tape over the camera eye is a back-to-basics option.
- Check the manufacturer’s ability to update your device with security patches. Can it do this? Has it done it in the past?
- Check the privacy policy for the TV manufacturer and the streaming services you use. Confirm what data they collect, how they store that data, and what they do with it.
What the Experts Say
Besides the FBI’s advice, we had industry experts weigh in on the issue. Stephen Hyduchak, CEO of identity-verification service Aver, and Joseph Carson, chief security scientist and Advisory CISO at privileged access management firm Thycotic, shed some light on TV hacking.
What are the potential risks and hazards for smart TV owners from hackers?
Hyduchak: The risks come from anything involved with microphones, cameras, and sensors. Data mining based on what you watch and where you are is also valuable in the data marketplace, so these things become a risk too.
Carson: Smart TVs are basically computers that are running an operating system. The same risks that apply to computers also apply to smart TVs. Most smart TVs have cameras, a microphone, and a file system. If a cybercriminal gains access to your smart TV, which is likely connected to the internet, it would mean an attacker can see you through your camera, listen to your conversations, and steal your data. An attacker could also use your smart TV to latterly move to other devices on your home network. This includes your laptops or other personal devices, including network storage.
How real and pervasive are these risks and threats? Is this threat being overblown, or is it something all smart TV owners should be concerned about?
Hyduchak: The risk is real. In 2018, Huawei, a Chinese-based company that makes all kinds of consumer electronics, was found with “backdoors” in their products. This allowed them to essentially access the phone data as they please. Many in the US government came out and immediately recommended a stop-use of all their products.
Carson: The threat is very real. When it is possible, a cybercriminal is going to take full advantage of it.
Have there been real instances of TV manufacturers using smart TVs to snoop on users, either purposely or accidentally?
Hyduchak: Back in 2017, Vizio was selling data from their TVs and was fined by the FTC. Once every second, software in the Vizio TVs would read pixel data from a segment of the screen. This was sent home and compared against a database of film, television and advertising content to determine what was being watched.
Have there been real instances of hackers who gained access to a smart TV and were then able to find other information on a user’s home network?
Hyduchak: The FBI and CIA are warning that our TVs can be a window to your network. The data is hard to find on breaches because most are silent. But, be assured that when Roku is putting out patches for vulnerabilities, it is not a mistake or without a reason for that patch.
Carson: Absolutely. I personally have even used it in penetration tests in the past using the TV’s camera and microphone.
Are the TV manufacturers doing anything to shore up the vulnerabilities of smart TVs?
Hyduchak: They are being more transparent about their usage, and things like the California Consumer Privacy Act (CCPA) mandate that data use is disclosed.
Carson: Frankly, when no one is complaining, and they don’t release that they are a victim, the TV manufacturers are not in any urgency to improve security or patch systems.
Beyond the recommendations offered in the FBI’s warning, what else should concerned smart TV owners to do protect themselves and their privacy?
Hyduchak: Make sure your products are always up to date with the newest software and ensure that products like Huawei’s aren’t in your bedroom, let alone your home.
Carson: I would recommend that you always make sure you know what features are enabled on your smart TV that will create risk and then decide whether or not you need them. You should also keep your smart TV patched and power it completely off when you are not using it.
There are also specific steps that owners of certain brand TVs should follow.
Sony Android TVs utilize the Google Play Store, which incorporates Google Play Protect to scan all Android apps on the TV for malware before and after they are downloaded to the TV. Owners of such TVs can adjust the Android TV’s default setting to only access apps via the Google Play Store or only load apps via USB, according to Sony.
On the Sony Select row of the Android TV’s home screen, the ESET Smart TV Security app can be installed to provide protection for Android security issues and USB devices plugged into the TV, and to help prevent unauthorized access to data while connected.
Originally published at https://www.pcmag.com.
