TV takeover, privacy threats, botnet concerns and Wi-Fi network compromise are all big concerns when it comes to connected TVs.

Black Friday and Cyber Monday sales of smart TVs are likely prodigious this Thanksgiving weekend – but consumers need to be aware of the hole they can punch in home cyber-defenses.

That’s the word from the FBI, which warned that smart TVs, which hook up to the internet to allow users to access apps and stream Netflix and other video services, can be gateways for hackers.

“Hackers can take control of your unsecured TV,” according to the notice. “At the low end of the risk spectrum, they can change channels, play with the volume, and show your kids inappropriate videos. In a worst-case scenario, they can turn on your bedroom TV’s camera and microphone and silently cyberstalk you.”

image.jpg

Smart TVs also present other security issues, such as the ability for hackers to compromise them to infiltrate home Wi-Fi setups and penetrate other devices on the network.

“A bad cyber-actor may not be able to access your locked-down computer directly, but it is possible that your unsecured TV can give him or her an easy way in the backdoor through your router,” the bureau said in its notice, issued ahead of Black Friday and Cyber Monday.

While the FBI didn’t directly warn about botnets, it should be noted that Internet of Things (IoT) devices like smart TVs are popular targets for botherders, according to security researchers.

“Many cyberattacks, like the Mirai malware and the Dyn attacks, infect a network of computers, including smart connected devices such as home appliances, security cameras, baby monitors, air conditioning/heating controls, televisions, etc., and turn them all into compromised servers,” wrote Alan Grau, vice president of IoT, Embedded Solutions at Sectigo, who also outlined concerns in a recent Threatpost webinar. “These compromised servers then act as nodes in an attack and together create a botnet. They can participate in a variety of coordinated attacks, infecting other devices and expanding the network of bots, or participating in denial-of-service attacks.”

The feds also warned of the potential “risk that your TV manufacturer and app developers may be listening and watching you,” noting that newer TVs with built-in cameras allow video-chatting. Also, some models have facial recognition, “so the TV knows who is watching and can suggest programming appropriately,” according to the notice, which also potentially opens up privacy concerns.

“If you can’t turn off a camera but want to, a simple piece of black tape over the camera eye is a back-to-basics option,” the FBI noted. “Check the privacy policy for the TV manufacturer and the streaming services you use. Confirm what data they collect, how they store that data, and what they do with it.”

Article sourced from Threatpost. Full article can be found here.

Leave a Reply