The Vulnerabilities of Smart T.V.s

March 16, 2020

Since the 1980s, programmers have been working to develop intelligent television receivers as direct-broadcast satellites have increased.[1] Nevertheless, by the late 2000s, smart T.V.s took the world by storm. According to database company Statista, there is a projected growth of the number of smart televisions (T.V.s) expecting to be around 119 million by 2022, representing 58.3 percent of all connected T.V. users.[2] Yet, what does this signify? Increased viewers and access to services like Netflix, Chromecast, and other streaming services, increased tracking of user habits, eavesdropping on conversations, and hacking user networks.

 

The November 2019 “Oregon FBI (Federal Bureau of Investigation) Tech Tuesday: Securing Smart T.V.s” press release highlights major concerns with smart T.V.s. With built-in microphones and cameras, users run the risk of being watched or listened to by T.V. manufactures and app developers.[3] In 2015, T.V. provider Samsung was under fire for their “always-on voice detection privacy policy” which stated that “personal or other sensitive information” would be the information “captured and transmitted to a third party” application.[4] The provider was also said to be in violation of wiretapping laws and a 2018 consumer report noted that “a relatively unsophisticated hacker could change channels, play offensive content, or crank up the volume, which might be deeply unsettling to someone who didn’t understand what was happening”.[5] Most smart T.V.s require users to press a microphone button to give the T.V. commands.  Additionally, hackers can control user devices if it is unsecure. Other smart T.V. brands have violated privacy terms as well. Vizio failed to disclose when and how it collects user information, additionally, transmitted data was unencrypted.[6] Vizio software recorded viewing history without the T.V. owner’s explicit consent. L.G. and Sony T.V.s also tracked users yet have since updated their software to include not collecting user data when they opt-out.

 

Hackers can hack users T.V.s, yet how are they accomplishing this? Through the internet. Smart T.V.s are connected to the internet and can be hacked, just like any device connected to the internet. Many smart T.V.s have the same abilities as a computer and phones, including browsing the web and downloading apps. The T.V.s carry data in and out. Hackers can bug a T.V. and microphones with listening software or even give T.V.s a virus. Hackers can change channels, lower the volume, or turn on T.V.s without a user knowing.[7] If hackers can infiltrate any system of manufacturers or developers, they can gain access to user networks through routers and can even access personal information. Aside from the FBI, Matt Tait, cybersecurity expert and former analyst at GCHQ, the British signals intelligence service, believes keeping devices updated with the latest patch is essential. Nonetheless, he also states unplugging the device from a network is also “a simple solution”.[8] 

 

Even though plugging out a device may be a solution, the world is far too innovative for such a solution. Smart T.V.s are only advancing, along with other Internet of Things (IoT) devices. In user and business best interest, it is necessary to understand just how damaging smart T.V.s can become. Hackers may not need to physically take control of the device if they have access to one transmitter; hackers and possible terrorists have accomplished this before. In 2015 11 channels were blacked out in France on T.V. network TV5Monde. Shortly after, their Facebook page was defaced with pro-ISIS imagery.[9] The attack looked like a technical outage to the networks (Information Technology) I.T.   department. Yet, the attack shut down email servers as well and may have been planned for weeks.[10] The attack was a result of a compromised network. Hackers gained unauthorized access with the possibility of malware injected into the systems through a “USB flash drive or a clicked e-mail link”.[11] Rouge T.V. signals can give hackers an advantage and the ability to enter malicious code, which could connect to a broader range of T.V.s that may be on the same network.

 

Smart T.V.s may not seem like a threat, yet smart T.V.s are an ongoing threat that can be used for spying. In early March 2017, WikiLeaks, international non-profit organization that publishes news leaks and classified media, released 8,761 documents claiming that the U.S. Central Intelligence Agency (CIA) and MI5, United Kingdom's domestic counterintelligence and security agency, uses malware and exploits to hack devices such as phones, computers, and T.V.s. “Year Zero” is considered to be a specific hacking program in which company products, including Samsung T.V.s, are turned into covert microphones.[12] “Weeping Angel” also lays out a plan to instruct spies to install software onto smart T.V.s, turning the T.V. into a listening device.[13] Even if a T.V. appeared to be off, it could still record and listen to conversations as the attack would suppress most indicator lights on the T.V. For example, a blue LED on the back of a T.V. could remain on without detection.[14]  The CIA is a U.S. based government agency, meant to safeguard U.S. national security. MI5 is an intelligence agency based in the United Kingdom, also meant to safeguard its people. If the CIA and MI5 are capable of devising such plans to spy on individuals, other countries and adversaries such as China and Russia must have the same idea as well.

 

Looking deeper into this issue, the threat of smart T.V.s is dangerous; users and businesses must be aware of smart T.V. risks. Cybercriminals, terrorists, and hackers can gain the capability to cause harm in the technological realm if they have not done it already. Although smart T.V.s are equipped with complex software, unsecured internet connections and integrated sensors/features allow hackers to compromise T.V.s. Criminals can target employment/workplaces, hospitals/medical environments, and homes, which should be protected spaces.

 

Criminals targeting a workplace setting raises a concern for internal and external threats. Bad actors who work internally within the organization can use smart T.V. technology to their advantage. External threats are hackers that can spy on or steal information by listening to conversations and meetings. If a smart T.V. is hacked in a conference room, hackers can gain information from sensitive meetings or intellectual property that could be exploited. Additionally, criminals can take over an entire network past the T.V., releasing a Denial of Service (DoS) or Ransomware attack, which consists of making the network unavailable either temporarily or indefinitely threatening to publish data or block access to data unless a ransom is paid, respectively.

 

If criminals target medical environments, patients and their data are at risk. Since hospitals are using smart T.V. technology for more often, this may give criminals an advantage to spy on high profile patients such as a member of the U.S. cabinet. Although criminals may use a T.V. to spy on patients, they can also infiltrate the network and tamper with the Internet of Things (IoT) machines. The patient can become directly affected if life support is turned off or if a false image of cancer is developed.

 

In 2017, the FBI predicted that there would be an estimated 20 to 50 billion increase with the number of IoT devices.[15] The International Data Corporation (IDC) predicted that there would be at least 41.6 billion connected IoT devices by 2025.[16] Smart T.V.s are not going anywhere but up. As T.V.s continue to improve across the technological landscape, users and businesses must take precautions while using smart T.V.s. With several sources, including the FBI, CTG recommends that all users should be familiar with the features of their smart T.V. provides. It is best to do a basic internet search with the T.V. model number and the words “microphone,” “camera,” and “privacy”. Change all passwords from the factory/default security settings. If there is no option to turn off the T.V. camera, the camera can be covered with black tape. T.V. manufacturer and the streaming services are required to provide privacy policies to the user. Users can confirm what data is collected, how the data is stored, and what the company may do with the data. Additionally, it is recommended that T.V. providers do more research to ensure customer privacy. Smart T.V. devices such as Samsung T.V., L.G. Smart T.V., Sony Android T.V., Apple T.V., and Fire T.V., are manually activated devices, which follows the process of recording and transmitting audio only when manually switched on. Although these devices should stop recording when a remote button is released, hackers could still bypass the manual system, especially if a T.V. is left on. Manufacturers must emphasize user awareness, their control over the device, and features that are consent-based. Aside from T.V.s it is also recommended that consumers protect their entire network and router as it is an essential part of using the T.V. in an environment. Users must also change the router name from the default, change preset passwords, update router patches, and turn off remote access features.  

________________________________________________________________________________________

The Counterterrorism Group (CTG)

[1] Mitchell Stephens, History of Television, New York University’s (NYU) Grolier Encyclopedia, https://www.nyu.edu/classes/stephens/History%20of%20Television%20page.htm

[2] Statista Research Department, Number of smart TV users in the United States 2016-2022, Statista, February 19, 2020, https://www.statista.com/statistics/718737/number-of-smart-tv-users-in-the-us/

[3] Beth Anne Steele, Oregon FBI Tech Tuesday: Securing Smart TVs, FBI Portland, November 26, 2019, https://www.fbi.gov/contact-us/field-offices/portland/news/press-releases/tech-tuesdaysmart-tvs/?=portland-field-office

[4] Nicole Nguyen, If you have a smart TV, take a closer look at your privacy settings, CNBC, March 9, 2017, https://www.cnbc.com/2017/03/09/if-you-have-a-smart-tv-take-a-closer-look-at-your-privacy-settings.html 

[5] Samsung and Roku Smart TVs Vulnerable to Hacking, Consumer Reports Finds, Consumer Reports, February 7, 2018, https://www.consumerreports.org/televisions/samsung-roku-smart-tvs-vulnerable-to-hacking-consumer-reports-finds/  

[6] Ibid, Nicole Nguyen.

[7] Ibid, Beth Anne Steele.

[8] Josh Campbell, That smart TV you just bought may be spying on you, FBI warns, CNN, December 3, 2019, https://www.cnn.com/2019/12/02/politics/smart-tv-fbi-warning-cyber-monday/index.html  

[9] Sam Machkovech, French TV network blames “an Islamist group” for 11-station blackout, ARS Technica, April 9, 2015, https://arstechnica.com/information-technology/2015/04/french-tv-network-blames-an-islamist-group-for-11-station-blackout/

[10] Ibid.

[11] Ibid.

[12] Press Release, Wiki Leaks: Vault 7: CIA Hacking Tools Revealed, March 7, 2017, https://wikileaks.org/ciav7p1/ 

[13] Ibid.

[14] Ibid, Nicole Nguyen.

[15] Common Internet of Things Devices May Expose Consumers to Cyber Exploitation, FBI, October 17, 2017, https://www.ic3.gov/media/2017/171017-1.aspx 

[16] The Growth in Connected IoT Devices Is Expected to Generate 79.4ZB of Data in 2025, According to a New IDC Forecast, International Data Corporation (IDC), June 18, 2019, https://www.idc.com/getdoc.jsp?containerId=prUS45213219  

Share on Facebook
Share on Twitter
Please reload

Featured Posts

Use of Rental Vehicles by Terrorists Continues to be A Major Concern Going into 2019

January 5, 2019

1/1
Please reload

Recent Posts
Please reload

Archive
Please reload

Search By Tags