Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The next wave of cybercrime will come through your smart TV

Jeremy Kirk | Jan. 4, 2016
Always on and vulnerable, smart TVs are waiting to be attacked.

Wueest has also noted many other issues with smart TVs revolving around software updates. Some models do not use encryption known as SSL/TLS (Secure Sockets Layer/Transport Layer Security) when downloading updates.

That would make it possible to trick a TV into downloading malicious firmware, which is low-level code that bridges a computer’s hardware and operating system at startup. Some models of smart TVs don't even verify the integrity of the downloaded firmware.

Security for smart TVs "is more sprinkled on at the end as an afterthought," Wueest said in a phone interview from Switzerland.

All of these issues pose vexing problems, particularly as smart TVs become more integrated with commerce and people increasingly enter payment card details into their TVs.

"My wife likes to do Black Friday shopping on the TV," said Scott Wu, co-founder of 0xID, a Seattle-based company that specializes in mobile device security. "You are closely tied to your financial information on your TV."

Smart TVs don't run antivirus software, and it's questionable whether that would be a practical solution to stopping cyberattacks.

While antivirus software could work, it also could degrade performance, and the question becomes "whether running security software on the TV is going to mean your Netflix is going to become choppy," Young said. "That would be a big deal breaker."

At least for Android, Wu said that its permissions model limits what apps can do without explicit approval from a user, blunting the capabilities of a malicious app on a smart TV. But users might just mindlessly click away warnings to continue watching TV.

Young said the issues around smart TVs are the same ones affecting a whole range of devices that are now being networked-enabled, the so-called Internet of things, that experts worry can be abused.

Some companies are addressing the concerns with new products designed to detect anomalies on networks rather than full-scale antivirus software. For example, F-Secure's Sense product and one from Dojo-Labs monitor home network traffic flowing to many devices for signs of trouble.

"It's clear that people in the industry are thinking about this problem," Young said.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.