Since 1996, when broadcasters first began sending high-definition television signals over the U.S. airwaves, Americans have been migrating from traditional CRT televisions to LED or plasma flat-screen units. Now that most TV stations and consumers have already “gone digital,” the new trend is toward so-called “smart TVs,” which combine digital broadcast playback with an Internet connection and entertainment apps so viewers can access streaming media services without an additional piece of equipment.
Smart TVs are expected to be a popular item this holiday season. But if you’re considering shelling out a bunch of money for an even fancier television, you might consider doing a little more research.
Should You Buy One?
Before you make a big technology purchase like this, you might consider whether you actually need a smart TV. According to a recent poll by NPD Group, only one in 10 smart TV owners has actually used the web browser and only 15 percent has used the device for streaming music playback. If you’re just going to use your television to watch television, it doesn’t really need to be smart.
It’s possible that you could get smart TV features by adding a less expensive device to your current setup. For example, if you want to view streaming content, it may be more cost-effective to add an Apple TV, Amazon Fire, Google Chromecast, Roku, or WD TV media player to your entertainment system. One benefit to having the streaming apps on a separate device is that you can upgrade to new player technology without having to buy yet another TV.
Is Your Information Safe?
Many smart televisions collect data on the content you watch—whether it’s live TV, streaming movies, YouTube videos and even your own DVDs. According to Consumer Reports, some TV companies then sell information on your media consumption to advertising networks. These networks then target you for content-specific ads.
Because the ad targeting is often based on your IP address, any other device within the same network will likely receive these ads. One of the major smart TV makers gives this feature the Orwellian name “Smart Interactivity.” While it’s possible to turn it off, it’s enabled by default and many owners don’t even know the feature exists.
Consumer Reports explored this question and recommended that electronics manufacturers take a good look at both their policies and their information practices.
Any Other Known Risks?
Most people don’t expect their televisions to extort money from them, but Symantec engineer Candid Wueest recently published a report on some startling weaknesses in the software used to power and update certain smart televisions. According to the report, the Android-driven TV Wueest tested didn’t use industry-standard SSL encryption for communications between the device and the remote servers. By spoofing the app installation process, he was able to install “ransomware” software that allowed him to hijack the television.
“Ransomware” is a relatively new type of malware that locks a legitimate owner out of a device (a computer, phone, laptop, or smart TV) until a sum of money is paid to the hackers. According to Norton, a typical ransom demand is between $60 and $200. Ransomware viruses are known to display law enforcement logos or pornographic images along with their ransom demands in order to scare/shame users into paying up. While ransomware and other malware is a danger with any type of electronic device, the newness of smart TV technology—coupled with weak security protocols—means they are particularly vulnerable.
In Wueest’s case, the test device was infected with a Trojan horse virus that displayed a ransom note every few seconds, making the device unusable. The malware was “smart” enough to make it impossible for him to uninstall the software or perform a factory reset. The TV’s manufacturer (not mentioned in the article) was unable to help him by logging into the device remotely. Basically, his TV was useless.
According to Catalin Cimapnu, a tech blogger for Softpedia, the security vulnerabilities in smart TVs also make them the perfect target for other hacker activities. According to Cimapnu, “Attackers can hijack smart TVs to perform click fraud, crypto-currency mining, steal user personal data, extract various authentication credentials used by smart TV apps, or even add the TV to a DDoS botnet.” (A DDoS botnet, for example, was used by hackers to overload and cripple the White House and Pentagon sites back in 2009.)
Cimapnu notes that the risk is especially high with adult apps on Android-enabled devices.
Ask Lots of Questions
If you do purchase a smart TV this holiday season, Symantec’s Wueest provided a list of tips to help keep your device, your network, and your personal information safe:
- Be careful when installing unverified applications from unknown sources.
- Enable app verification in the settings when possible.
- Modify the privacy and security settings of the device to your needs.
- Disable features that are not used, such as the camera or microphone, and consider covering the camera sensor.
- Disable or protect remote access to smart TVs when not needed.
- Use a strong encryption method, such as WPA2, when setting up Wi-Fi networks.
- Use wired connections instead of wireless where possible.
- Set up devices on a separate home network when possible, such as a guest account to help isolate the impact of compromised devices.
- Be careful when buying used smart TVs, as they could have been compromised or tampered with.
- Research the vendor’s device security measures and update frequency before you make a purchase to see if the vendor provides timely security updates.
- Install updates as soon as they become available and, if available, enable automatic updates.