Smart TVs, lacking in security features when compared to smartphone and PC, could be vulnerable to cyberattacks. While there have been numerous cyberattacks on phones and computers, it would not take hackers too long to find out the flaws to pose an attack.
The smart TV with USB ports, operating system and network capabilities are not too different from the smartphones. But unlike smartphones and other smart devices, the smart TVs don't require authentication to obtain access.
Apart from being sold as a commercial product, smart TVs are also widely used in business board rooms. Research and Markets firm forecasts the global smart TV market to grow at a Compound Annual Growth Rate (CAGR) of 20.37% over the period 2014-2019 in terms of revenue, whereas the market is expected to grow at a CAGR of 8.10%.
Speaking to CSO Online magazine Phil Marshall, the chief research officer for Tolaga Research said, "Many of the solutions aren't even adapting the best practices that are already known in the IT world. The ecosystem is fragmented, and there is an emphasis on getting the solution to market quickly."
Craig Young, the computer security researcher at Tripwire said that some of the models of these smart TVs don't provide details if it is being controlled by the person who is sending commands over the network it is connected to. This means hackers could use smart TVs to discover what is happening in company's meeting room. "If someone in the board room is doing a presentation, that can lead to some embarrassing situations or some unexpected situations," Young said.
Another way to gain access to the TVs is by installing malicious software. Candid Wueest, the threat researcher at Symantec has recently managed to get his own Android powered TV infected with ransomware malware. He claims that infecting a TV with this malicious software could turn out quite profitable for hackers.
Wueest says that malware could be installed on a TV by carrying out a man-in-the-middle (MitM) attack, provided the hacker is on the same network path to carry out an attack. This can be also done through Wi-Fi password or via DNS requests.
He said that some TV models do not use SSL (Secure Sockets Layer) encryption, a security technology to establish encryption between the server and the client. This technology allows credit card numbers, other security details and log in credentials to be transmitted securely.
So what happens is when a user download apps on the TV, the hacker can redirect it to a different server, due to which instead of an real app, a malicious software gets downloaded. Another way attackers can hack the TV by exploiting software vulnerabilities.
Another key point is the smart TVs don't run antivirus software but Craig Young says that "whether running security software on the TV is going to mean your Netflix is going to become choppy. That would be a big deal breaker."