Pinterest Stumbleupon Whatsapp
Ads by Google

The humble television is the latest in a long line of devices to receive “smart” enhancements that make it operate like a stripped-down computer rather than a simple display device. Features like a web browser and social network support can add convenience, but they also introduce potential security flaws. Here are three ways a hacker might infiltrate your home television.

JavaScript / HTML5 Flaws

The majority of smart televisions sold today, no matter their underlying operating system, can run JavaScript and/or HTML. This is no surprise, as compatibility with such standards is necessary for any modern device that wants to serve as a portal to the Internet. Unfortunately, these standards are vulnerable to attack.

In late 2013, for example, researchers at the Black Hat USA conference demonstrated a variety of attacks against Samsung’s SmartTV operating system. These attacks could steal local user credentials, read the browser history and cache, or tamper with and crash the TV’s built-in Skype app. And this wasn’t the first report; in late 2012 another pair of researchers posted a video showing they had learned to remotely take control of a Samsung television, though they did not explain how.

These problems are not surprising. Any device that runs popular web APIs will be vulnerable to exploits targeting them, and smart TVs are no exception. Samsung, to its credit, patched many of the problems when they appeared, but the existence of such wide-ranging issues shows smart televisions have become a new frontier in Internet security.

Android Ailments

While some major television makers have designed their own operating system, others rely on Android. Many “smart TV” add-on boxes Android TV Boxes: What Are They, And What Can They Do? Android TV Boxes: What Are They, And What Can They Do? Companies like Apple, Roku and Western Digital have already capitalized on this with their set-top boxes, but now a new wave of Android options has hit the market. Typically available for between $60 and $100,... Read More use Android, as well; Amazon has a long list of products running various versions of the OS.

These devices are vulnerable to many of the issues that haunt Android smartphones. Google’s operating system is the most targeted mobile OS in the world, so there’s no shortage of malware for users to avoid. Potential threats range from simple ad injectors that plague users with unwanted content to full-blown Trojans that can follow your every move and log passwords that you enter through your television or Android smart TV box.

Ads by Google

androidtvbox

The bad news is that Android has inherited the curse of Windows. Everyone uses it, so malware targets it in hopes of reaching a broad pool of potential victims. On the plus side, though, there are many Android security apps available and the tricks you’d normally use to help secure your smartphone What You Really Need To Know About Smartphone Security What You Really Need To Know About Smartphone Security Read More will work with an Android smart TV, as well. Unlike users of a custom TV operating system, who are at the mercy of manufacturer updates, Android users can take a pro-active approach.

The Man In The Middle

Hybrid Broadcast Broadband, an emerging industry standard for television, promises added convenience. Users can view programs that have already played, for example, and can access interactive content like polls and shopping apps. In short, HbbTV is the next evolution for set-top boxes, and it’s gradually seeing adoption across the world with Europe as the leading market.

There is, however, a problem with the standard’s security. Transmissions sent via HbbTV do not require a verified origin, which makes them vulnerable to man-in the-middle attacks. Malicious data injected into the stream can easily pose a whatever source it’d like. To make matters worse, this standard is compatible with over-the-air transmission. An OTA HbbTV single is like a giant, unsecured access point.

antennas

In theory, then, a hacker with a transmission source could inject whatever data they’d like OTA viewers to receive. This could include not just broadcast data but data relating to television functions or even the function of devices connected to the TV.

HbbTV is not yet broadly used. The consortium behind the standard has used this as justification for lax security, stating any attack “would cost too much and not cover enough people” to be effective. This does not deny the underlying problem, however, and doesn’t change the fact such an attack will become more tempting as HbbTV sees broader use.

Should You Be Worried?

All of these potential threats are tempered by the fact no known attacks have taken place “in the wild.” Researchers have shown it can be done, but users have not yet been targeted – to anyone’s knowledge, at least.

This means your smart TV probably won’t be infected tomorrow. On the other hand, there was once a time when smartphone owners did not fear malware; now new threats appear every day. The first few people to download an SMS virus were statistically unlikely to be victims, but that knowledge didn’t help them when they received a $1,000 bill from their cellular provider.

There are some steps you can take to make yourself less vulnerable, though, and all of them are simple.

Such tips may seem ineffective or inconvenient, but they’re the only source of defense in this frontier. We’re unlikely to see antivirus and firewall functions built into smart TVs until in-the-wild attacks occur.

What do you think of television security? Is it a legitimate problem, or not worth consideration? Let us know in the comments.

Image Credit: Wikimedia/Paul & Aline Burland

  1. hamed
    January 7, 2015 at 11:49 am

    Hi Matt
    can you give me some references of your article.
    thanks

  2. hamed
    January 6, 2015 at 12:52 pm

    Hi Matt
    can you give me some references about this article?
    thanks
    Hamed

  3. hamed
    January 6, 2015 at 11:57 am

    Hi Matt
    can you give me some references about this article?
    thanks
    Hamed

  4. Aibek E
    July 11, 2014 at 11:05 am

    @dragonmouth, I am not sure if you can find a high quality TV now without Smart features. It's like asking for a high end mobile phone that is not a smartphone. There are none!

    And yeah, if someone gets access to the software of your TV they should be able to access the microphone, camera and other features that come with it. TV is essentially a desctop computer and subject to same security holes as the operating system hat powers it.

    Aibek

  5. dragonmouth
    July 3, 2014 at 3:50 pm

    "Disconnect your TV from the Internet if you don’t use its online features"
    If you are going to do that, save yourself some money and buy a dumb TV instead.

    • Matt S
      July 3, 2014 at 9:03 pm

      I would say as much, but it turns out a lot of high-quality televisions don't come without smart features. So, if you want a really nice set (in terms of image quality), you're likely to end up with them whether you want them or not.

    • dragonmouth
      July 3, 2014 at 11:50 pm

      "I would say as much, but it turns out a lot of high-quality televisions don’t come without smart features."
      OTOH, there a some high-quality TVs that come without smart features. :) Smart features are not a priority for me, expecially since, as your article points, they can cause problems.

      As we have seen with cameras and microphones, once turned off, they can be turned on remotely by hackers. Can the same be done to a smart TV?

Leave a Reply

Your email address will not be published. Required fields are marked *