Menu
The next wave of cybercrime will come through your smart TV

The next wave of cybercrime will come through your smart TV

Always on and vulnerable, smart TVs are waiting to be attacked

Smart TVs are opening a new window of attack for cybercriminals, as the security defenses of the devices often lag far behind those of smartphones and desktop computers.

Running mobile operating systems such as Android, smart TVs present a soft target due to how to manufacturers are emphasizing convenience for users over security, a trade-off that could have severe consequences.

Smart TVs aren't just consumer items, either, as the devices are often used in corporate board rooms. Sales of smart TVs are expected to grow more than 20 percent per year through 2019, according to Research and Markets.

While attacks against smart TVs are not widespread yet, security experts say it is only a matter of time before cybercriminals take note of the weaknesses.

"Many of the solutions aren't even adapting the best practices that are already known in the IT world," said Phil Marshall, chief research officer for Tolaga Research. "The ecosystem is fragmented, and there is an emphasis on getting the solution to market quickly."

Smart TVs are essentially computers, with USB ports, operating systems and networking capabilities no different than smartphones. But unlike computers and mobile devices, smart TVs often don't require any authentication.

"Basically with these TVs, if you are in the same room, you're always going to be treated like you're the owner of the TV," said Craig Young, a computer security researcher with Tripwire.

Young, who has been researching security issues with smart TVs, also said some models don't confirm whether someone sending commands over the network is the same person who can actually physically control the TV.

This means an attacker from afar could potentially cause a smart TV to show something far more risque than the latest sales figures during a meeting.

"If someone in the board room is doing a presentation, that can lead to some embarrassing situations or some unexpected situations," Young said.

Many of the major manufacturers -- Samsung, LG and Sony -- have built app stores for smart TVs, a model pioneered by Apple for smartphones. But users can also be convinced to download malicious apps from third-party app stores, an attack method used against smartphones that could also be used against smart TVs.

Candid Wueest, a threat researcher with Symantec, deliberately infected his brand-new, Android-powered TV with ransomware, which is malware that encrypts files and demands a ransom to be paid in bitcoin.

Wueest's experiment was a bit rigged: he modified the DNS (Domain Name System) settings on his own router in a mock man-in-the-middle attack and directed the TV to download the malicious app from a dodgy source. But such an attack would not be beyond the capabilities of attackers, he said.

Wueest has also noted many other issues with smart TVs revolving around software updates. Some models do not use encryption known as SSL/TLS (Secure Sockets Layer/Transport Layer Security) when downloading updates.

That would make it possible to trick a TV into downloading malicious firmware, which is low-level code that bridges a computer’s hardware and operating system at startup. Some models of smart TVs don't even verify the integrity of the downloaded firmware.

Security for smart TVs "is more sprinkled on at the end as an afterthought," Wueest said in a phone interview from Switzerland.

All of these issues pose vexing problems, particularly as smart TVs become more integrated with commerce and people increasingly enter payment card details into their TVs.

"My wife likes to do Black Friday shopping on the TV," said Scott Wu, co-founder of 0xID, a Seattle-based company that specializes in mobile device security. "You are closely tied to your financial information on your TV."

Smart TVs don't run antivirus software, and it's questionable whether that would be a practical solution to stopping cyberattacks.

While antivirus software could work, it also could degrade performance, and the question becomes "whether running security software on the TV is going to mean your Netflix is going to become choppy," Young said. "That would be a big deal breaker."

At least for Android, Wu said that its permissions model limits what apps can do without explicit approval from a user, blunting the capabilities of a malicious app on a smart TV. But users might just mindlessly click away warnings to continue watching TV.

Young said the issues around smart TVs are the same ones affecting a whole range of devices that are now being networked-enabled, the so-called Internet of things, that experts worry can be abused.

Some companies are addressing the concerns with new products designed to detect anomalies on networks rather than full-scale antivirus software. For example, F-Secure's Sense product and one from Dojo-Labs monitor home network traffic flowing to many devices for signs of trouble.

"It's clear that people in the industry are thinking about this problem," Young said.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Featured

Slideshows

Meet the leading female front runners of the Kiwi channel

Meet the leading female front runners of the Kiwi channel

Reseller News honoured the leading female front runners of the New Zealand channel at the 2018 Women in ICT Awards (WIICTA) in Auckland. The awards honoured standout individuals across seven categories, spanning Entrepreneur; Innovation; Rising Star; Shining Star; Community; Technical and Achievement.

Meet the leading female front runners of the Kiwi channel
Meet the top performing customer-centric Microsoft channel partners

Meet the top performing customer-centric Microsoft channel partners

Microsoft honoured leading partners across the channel following a year of customer innovation and market growth in New Zealand. The 2018 Microsoft Partner Awards recognised excellence within the context of the end-user, spanning a host of emerging and established providers.

Meet the top performing customer-centric Microsoft channel partners
Reseller News launches new-look Awards at 2018 Judges’ Lunch

Reseller News launches new-look Awards at 2018 Judges’ Lunch

Introducing the Reseller News Innovation Awards, launched to the channel at the 2018 Judges’ Lunch in Auckland. With more than 70 judges now part of the voting panel, the new-look awards will reflect the changing dynamics of the channel, recognising excellence across customer value and innovation - spanning start-ups, partners, distributors and vendors.

Reseller News launches new-look Awards at 2018 Judges’ Lunch
Show Comments