In the middle of June, Samsung tweeted out advice to owners of its smart TVs: Scan them for malware and viruses. Hours later, after tech cognoscenti started pointing out that it was promoting its virus-scanning service for TVs when few smart-TV threats are considered viruses, the company deleted the tweet.
Just in case you missed how to virus check your Samsung TV before the tweet was deleted pic.twitter.com/bJctBQo8F6
— Leo Kelion (@LeoKelion) June 17, 2019
Actual security experts say Samsung’s tweet was a bit alarmist. Consumers face security and privacy risks from smart TVs, they say, just like any other device connected to the Internet. (Those risks include smart TV makers themselves, according to a 2018 study by Consumer Reports. Caveat emptor.)
Even with potential risks, smart TVs are rapidly taking over the market. IHS Markit predicted that smart TVs would account for 70 percent of all global TV sales in 2018, up from 45 percent in 2015. Zion Market Research expects the smart-TV market to jump in value from $158 billion in 2018 to nearly $300 billion by 2025. At the moment, three manufacturers dominate the market. Samsung, Vizo, and LG together comprised around 70 percent of smart TVs in America in 2018, with Samsung leading the pack.
“The smart TV is a weak link in your network” because it likely doesn’t have certain built-in security features, says Matthew Hickey, co-founder and director of the cybersecurity research and training company Hacker House. These include scans for malicious apps, automatic over-the-air software updates to patch vulnerabilities, secure connections to prevent hackers from taking over TV features, and encryption of personal information stored on the device. “If you connect it to the same network that you’re doing your banking on, it’s an obvious prime target.”
READ MORE ON SECURING THE INTERNET OF THINGS
FBI’s router reboot call reminds us why to check for updates
Why hackers love your Wi-Fi (and how to protect it)
Time for a Department of the Internet of Things?
5 questions to ask before buying an IOT device
Smart TVs appeal to businesses and consumers because they combine decades-long familiarity in boardrooms and living rooms with Internet-rich features such as integrated Web browsing, streaming video, and voice-controlled digital assistants that can conduct online shopping while controlling the overhead lights. But just as with any other members of the Internet of Things, smart-TVs can be exploited to steal data, cause havoc, or jump to more valuable network-connected targets.
Even the top U.S. spy agency sees value in targeting smart TVs. In 2017, WikiLeaks published what it called the Vault 7 documents, a trove of CIA files that included details on the Weeping Angel initiative to spy on targets using Samsung smart TVs.
As smart TVs become ubiquitous, consumers can take steps to make them more secure—and they don’t have to rely on a McAfee virus scanner to do the trick.
“I recommend that people segment their networks, so create a separate network for their TV and IoT devices.”—Matthew Hickey, co-founder and director, Hacker House
There are three important areas that smart-TV owners can lock down on their own, relying on standard instructions from their TV manuals, says Ted Harrington, executive partner at Internet of Things security company Independent Security Evaluators: network access, microphones, and cameras.
- Reduce your attack surface. “Turn off any unused or unneeded services,” says Harrington. If you use an external device to stream shows and movies, such as a Google Chromecast, Apple TV, Roku, or Amazon Fire TV Stick, turn off all streaming services on the smart TV. Or use the smart TV as the streaming-service manager, and get rid of any other external devices you might have.
- Be careful around hot mics. “From a privacy standpoint, consider the implications of any voice-activated services,” Harrington says, such as Amazon’s Alexa. If your smart TV has a microphone for digital voice-assistant control, but you don’t plan on using it, turn it off. Alternatively, check if your smart TV allows the voice assistant to be input-activated, such as pressing a button first. Otherwise, be cautious what you say around your TV.
- Watch out for cameras too. “As with the microphone, assume that the camera might be active at all times; consider how you feel about that,” he warns. If you can’t turn off the camera but don’t want to worry about being always on, a piece of electrical tape makes for a cheap camera cover. More elegant plastic ones are available too.
- Connect the smart TV to a secondary network. “I recommend that people segment their networks, so create a separate network for their TV and IoT devices,” Hickey says. Most modern Wi-Fi routers can create a secondary network, with its own SSID and password. Setting up a separate network takes a bit more time, but ultimately makes it much harder for a hacker to jump from a vulnerable smart TV to a laptop or phone connected to the same network.
For more advice on locking down your smart TV, see Consumer Reports’ 2018 guide for tightening security protocols on the most popular smart-TV models.