6

With the proliferation of smart TVs, we can now browse the web, download movies and stream videos on a TV. A smart TV is essentially a computer. However, unlike a computer, a smart TV comes with an OS pre-installed by the manufacturer. We do not have total control over its security. As such, it is vital to choose a smart TV that has security features to defend itself from hackers.

I am not looking for a specific recommendation, but seeking advice from those who understand the inner workings of smart TV OSes to give valuable advice on what security features to look out for when buying a smart TV. And what are the things to avoid.

Anders
  • 64,406
  • 24
  • 178
  • 215
Question Overflow
  • 5,220
  • 6
  • 27
  • 48
  • 3
    The most important would be a guaranteed 5 year upgrade period from the manufacturer for patching any exploitable vulnerability in the smart TV's operating system. A little something you can't get for your Android or iThing fondle slabs. – Fiasco Labs Mar 19 '16 at 04:39
  • 5
    The best thing you could buy for your smart TV would be a firewall to keep it off the internet until you really need it online. Wireshark traces of smart TV communications have revealed an amazing amount of detail regarding your watching habits. (Not that your cable box isn't also feeding your cable provider with pure advertiser gold.) – John Deters Mar 19 '16 at 05:33
  • 3
    Not being "smart" would be a great security feature. – André Borie Mar 23 '16 at 01:54
  • @AndréBorie ... but a poor functional one. Most technical devices have to be on a small line between security and comfort / usability / functionality. If a device is very secure, but offers no features, not many users will buy it. If a device is very insecure, but has a lot of features, not many users (but probably more than the other group........) will buy it either. Security means dealing with risks, but in order to use a device, it has to be confronted with those risks. – hamena314 May 24 '16 at 13:33
  • any "smart" device is only as good as the developers developing for it. As such you can't trust them. You must accept a certain amount of risk. Be careful, always. Otherwise this is FAR to broad a question to answer because it's a system you don't have total control over. – Robert Mennell May 24 '16 at 21:17
  • 1
    @hamena314 a TV doesn't need to be smart. It adds a big security liability while providing little value as most people will just plug in a different device (set-top box, game console, computer, etc) rather than using the (often crappy and slow) software of the TV. Unless TV manufacturers embed a general-purpose computer in there (that can actually run good software and be updated independently of the manufacturer) these TVs will still be crap and more of a security nightmare than a useful device. – André Borie May 25 '16 at 03:48

2 Answers2

1

If you don't want the TV to see you you can easily implement a mechanical lens cover. From Band-Aids to postage stamps, stickers or OEM-looking blackout stickers, this is the only way to positively know that you're not being filmed.

andDevW
  • 217
  • 1
  • 11
0

Many security risks have been posted about Smart TVs. Some included browser based attacks, some allowed attackers to upload malware, but at the end of the day it is not the Smart TV that is the problem, it is what the TV is RUNNING as an operating system that is the problem.

I don't believe there is a catch all answer, it will be dependent on what TV you purchase. Let's have a look at "Android TV" which is used by Sony's Bravia. The versions of Android used are constantly under attack.

So what can you do with Android TV? Well you can check your Facebook, Twitter, and other social media accounts which means that at some point in time, credentials are being taken from you, processed on your TV, then sent to those sites. Browsing? Well that can lead to purchasing something via Credit Cards, etc. There would be "storage" concerns (credentials, pictures, cache), leveraging your TV to perhaps perform attacks against other computers, connection concerns - are they done via SSL? How does my TV's browser store certificates, can someone upload malicious certificates?

The answers to me would align with any normal computer, and although there is little information available about the security behind Smart TVs, the likelihood of someone stumbling upon your TV on the Internet is highly unlikely if you are at home. You would need to FORCE port forwarding/DMZ/etc. This does not include any potential client side (browser) attacks, but my best guesstimate is, the attacks are similar to that of a system being used to do daily browsing, etc.

munkeyoto
  • 8,682
  • 16
  • 31