ng-nz logo
Story image

Five ways smart TVs are at risk of cyber attacks

14 Aug 2019

Smart TVs with internet connections are quickly replacing the older, heavier TVs of yesteryear – but even those old TVs can be converted to streaming devices with gadgets such as Google Chromecast.

With pervasive internet connectivity, it’s easier than ever for cybercriminals to exploit devices that aren’t as secure on the internet as they should be.

According to ESET senior research fellow Nick FitzGerald, Android TV is the most popular operating system for TVs – but it’s also vulnerable to many malware strains that affect other Android devices, because it shares the same base architecture.

ESET says that smart TVs are vulnerable in the following ways:

1. Malware 

TVs can fall prey to ransomware like Simplocker, which includes threats that instruct victims to pay money to recover access to their devices. 

Many users may also install software from outside the Google Play store for Android TV, which could be potentially hazardous. In these cases, cybercriminals leverage the elevated permissions to steal information from accounts in other apps, execute a key logger, or neutralise the system’s security safeguards. 

2. Poor configuration 

Misconfiguring a smart TV could leave it open to all sorts of threats. Vendors modifying the underlying operating system to add new functionalities as well as customer oversight could be at fault. Misconfiguration ranges from keeping ports open and using insecure protocols to enabling debugging mechanisms, relying on poor or default passwords (or no passwords at all), or using unneeded services. 

3. Vulnerabilities 

Other vulnerabilities include flaws that make it possible to control TV models remotely using public APIs or allow attackers to run arbitrary commands on the system. Built-in voice assistants and links to a variety of Internet of Things (IoT) sensors can open more potential attack vectors. Because smart TVs are hubs for endless sensors and vehicles for sensitive information, they are enormously attractive to cybercriminals. 

4. Physical attacks through USB ports 

USB ports in TVs can be used to run malicious scripts or to exploit vulnerabilities. This can be done quickly and easily by using gadgets such as Bash Bunny, and they are also not particularly complicated or expensive to create from scratch. 

5. Social engineering 

Social engineering remains at the heart of many campaigns aimed at stealing personal information, distributing malware, or exploiting security loopholes. Nearly all (if not all) smart TVs are now fitted with an email client and web browser, allowing for risks such as phishing to still be viable through a TV screen. 

While cybercriminals can hack into a smart TV a variety of ways, there are plenty of ways that consumers can prevent this from happening. These include protecting router credentials, properly configuring smart TVs, always installing the latest updates, and streaming with caution. 

“Smart TVs are gaining more features, and the amount and sensitivity of the data they handle makes them ever more appealing to cybercriminals. However, rather than be frightened off using smart TVs, consumers must simply take the appropriate steps to protect themselves,” FitzGerald concludes.

Story image
Hands-on review: JBL Tune 220TWS
Another great part of the design is the earbuds themselves. Most other earbuds on the market can’t be worn for more than two hours at a time because of the amount of pressure they put on ear canals. Thankfully, the JBL Tune 220 were designed with all-day wear in mind. More
Story image
IT pros report increase in security issues due to remote working
Security issues, IT workloads and communication challenges have all seen significant increases in the new remote working era, according to new research from Ivanti.More
Story image
2degrees unveils new infrastructure sharing agreement, passes $1b milestone
The company has revealed it has invested $1 billion into its network infrastructure, and has expanded on its venture with Spark and Vodafone to connect the country's rural areas.More
Story image
Spark boosts rural wireless broadband capacity to meet COVID-19 demand
Spark has boosted its rural wireless broadband capacity in a bid to meet demand following the COVID-19 lockdown.More
Story image
Trend Micro Home Network Security - giving frazzled parents everywhere just that much more peace of mind
Trend Micro have announced the launch of Trend Micro Guardian, an app which “enhances the parental controls features of Home Network Security, and extends the coverage to outside the home."More
Story image
Kiwi game developers move forward with indigenous gaming platform Katuku Island
“We created Katuku Island to bring cultural literacy to a technological platform that uses Maori Toi graphics, sounds, characters, tribal tattoo and indigenous challenges. As an indigenous researcher and business owner, I wanted to make a difference.”More