The New Frontier For Hackers: Smart TVs

Smart TVs are lacking the fundamental security features compared to more established devices like smartphones and computers, The International Business Times reports. This makes them more vulnerable to cyber attacks. Televisions and PCs have their share of cyber attacks as well, but unlike televisions and PCs, a cyber attack on a smart TV will not be as detectable and perhaps, not as preventable.

The main difference in security between smart TVs and other devices is that they don’t require authentication to obtain access. This becomes a huge problem in the business world, especially because smart TVs are commonly used in business board rooms.

Board meeting rooms such as these will often use smart TVs for presentations [image via]
Board meeting rooms such as these will often use smart TVs for presentations [image via]
Chief research officer of Tolaga research, Phil Marshall spoke on this issue,”Many of the solutions aren’t even adapting the best practices that are already known in the IT world. The ecosystem is fragmented, and there is an emphasis on getting the solution to market quickly.”

Craig Young, the computer security researcher of Tripwire said, said that some smart TVs don’t provide details on who is actually controlling the television, also according to IBT. This makes it significantly harder to track hackers who may have compromised the smart TV during business meetings from a remote location. “If someone in the board room is doing a presentation, that can lead to some embarrassing situations or some unexpected situations,” Young said.

Smart TVs are also more vulnerable to malicious software. A threat researcher at Symantec, Candid Wueest, researched an Android smart TV – one of the main brands used by businesses; companies also commonly use Tizen, WebOS 2.0, and Firefox OS – to figure out the potential threats of smart TV hacking for companies, the Symantec blog reports. What he found from researching this infected smart TV was that the malicious software could be very profitable for hackers. Wueest’s research lists some of these potential benefits of installing malware on a smart TV for hackers,

  • Botnet — Smart TVs can be registered to botnets and distribute denial-of-service (DDoS). This is more likely to happen on a smart TV connected to a router with a default password.
  • Data theft — App stores like Google Play make it difficult for malware hackers to steal personal information on any other Android device. However, the standard used for other devices is not quite up to standard yet for Smart TVs.
  • Cryptocurrency mining — Crypto currencies, including Bitcoins, are also vulnerable for theft by hacking miners. A hijacked smart TV wouldn’t bring much currency alone, but a large-scale scheme of smart TV hackers could turn a more effective profit.
  • Ransom–Smart TV holder could simply extort business owners by holding their personal company information and data. The threat of leaking such information could be enough to make some companies pay out of pocket voluntarily.

Wueest claims that hackers operate using a “man-in-the-middle” (MitM) attack. Veracode describes man-in-the-middle attacks as cyber attacks where a malicious actor hacks themselves into a conversation between two parties while impersonating all parties involved. In effect, they gain access to private information between the two parties.

An MitM attack also enables hackers to send and receive data meant for someone else without either outside party knowing. These malicious cyber attacks can be carried out by Wi-Fi or DNS server requests. It could even happen by simply downloading a credible app and instead getting redirected to malicious software on a smart TV.

Some of the many apps available on smart TVs that could contain malware. [Image via Getty Images]
Some of the many apps available on smart TVs that could contain malware. [Image via Getty Images]
Some smart TV models do not use Secure Socket Layer (SSL) encryption. This security technology establishes a cohesive link between the server and client.

It is imperative for smart devices (i.e. smart phones, computers, tablets) to have the Secure Socket Layer enabled to protect credit card numbers and allow other security details to be transmitted securely.

“Smart TVs don’t run antivirus software either,” Young of Tripwire says, “but whether running security software on the TV is going to mean your Netflix is going to become choppy. That would be a big deal breaker.”

Do you agree with security researcher Young? Should smart TV users invest in more anti-virus software? Or perhaps we haven’t experienced enough malware attacks on smart TVs like we do on other devices yet?

[Image via Getty Images]