content/en-global/images/repository/isc/2017-images/ksy-21-is-your-smart-tv-spying-on-you.jpg

With microphones making their way into all our technology, you might have a lingering thought, “Is my smart TV spying on me?” If you've paid attention to all the WikiLeaks scandals the past few years, you probably already know that your smart TV may be spying on you. But you may not realize the spying is carried out by more than big government and cybercriminals. It's also alive and well among manufacturers, and devices you assume are secure may be susceptible.

To make the consumer experience more convenient, TV manufacturers are putting tech like voice commands and video conferencing into devices. Unfortunately, cameras, microphones, and internet access give unwanted parties open access to your private life.

Certain notable parties have been known to abuse these sensitive data-gathering tools:

  • Governments — for widespread intel gathering and covert operations.
  • Cybercriminals — to capture and misuse valuable personal data, usually for profit.
  • Device manufacturers — for product development and selling data to advertisers.

Some of these practices are completely legal. However, the ethics of this monitoring are hard to approve of. Most spying activity occurs without full user awareness and consent, especially in criminal uses. Whether explicitly criminal or morally questionable, you should know the risks you’re facing by owning a smart TV.

Examples of Smart TV Spying Threats

As internet-equipped tech spreads to more households, new emerging spy methods are turning the concept of privacy into a thing of the past. Some threats are being discovered in cybersecurity labs, but others are revealed only because they’ve already been exploited.

These capabilities are certainly unnerving, but the most likely scenario is that smart TV manufacturers are monitoring viewing habits and selling the information to marketers. In other words, the spymaster is often the TV manufacturer.

Selling Consumer Viewing Habits to Advertisers

For example, Vizio was fined $2.2 million by the Federal Trade Commission in February 2017 for tracking what their TV owners (identified by IP address) were watching and then selling that information to advertisers. This Vizio TV spying case is surely not the only one; other TV manufacturers also track viewing habits but haven't been caught selling it to marketers.

Set-Top Box Default Password and Backdoor Breaches

However, data collection isn't always the fault of manufacturers. TV set-top boxes and Wi-Fi routers can be hacked with relative ease. In 2013, for example, the "Linux/Flasher.A" bot was discovered after it collected login credentials from smart TVs, tablets, smartphones, and PCs. Infiltration was fairly easy because older routers were poorly secured.

At the time, cable companies often used the same passwords for all the boxes they provided, and cable subscribers couldn't change them easily. Therefore, anyone with the password for one router or set-top box could infiltrate many others. To make matters worse, many pieces of equipment had built-in backdoors. This ease of access only gives more incentive to attempt smart TV hacking.

IoT Botnets

Not too long ago, a botnet named Mirai posed a major threatby turning Internet of Things (IoT) devices into zombies — botnet hosts — that enabled attackers to use the resources of these devices to stage Distributed Denial-of-Service (DDoS) attacks, causing widescale disruption across the internet. Botnet susceptible IoT devices can include any hardware or appliances made “smart” by computer processing and internet connectivity. As such, smart TVs can be a victim just as much as smart speakers, phones, and even thermostats.

The threat of DDoS attacks from Mirai wasn’t the only outcome of this botnet. To this day, there are fears that the Hajime botnet that supposedly combats it could also be used for cyberattacks. Without malware protection, many devices are exposed to a botnet breach.

CovertBand Sound-based Location Tracking

Onboard microphones in smart TVs and other devices can be manipulated as well. In 2017, researchers at the University of Washington showed how software called CovertBand could use a smart device's sound system to track the movement of people in a room. It works by hiding nearly undetectable "chirp" signals in music, and those signals bounce off human bodies and act like sonar signals to device microphones. The software could detect multiple people within approximately 20 feet of the device and was accurate to within seven inches.

Radio Signal Hijacks

Another hack demonstrated in the spring of 2017 uses radio signals to exploit known weaknesses in the web browsers running on smart TVs. Hackers exploit security flaws in TVs’ web browsers and then use an inexpensive transmitter to embed code into a rogue TV signal. When that signal is broadcast, hackers can take over the TVs in that area. Once hackers control the TV, they can control other devices and monitor activities in the home. The method uses security flaws in the web browsers of the TVs.

Eavesdropping on Your Streaming Habits

One of the latest spying methods uses a neural network and a new algorithm developed jointly by researchers at Tel Aviv University and Cornell University to analyze patterns in data streams from encrypted videos, such as those from Netflix, Amazon, and YouTube, to determine what you're watching. Hacking smart TV devices isn’t even necessary — all the hacker needs is access to your Wi-Fi network.

Here’s how it works: video streams typically are transmitted in segments, called bursts. The bursts are compressed using variable bit-rate compression. So, bursts of the same length have different quantities of data. Measuring the bits per segment length creates a digital fingerprint that can be matched to other, selected videos once their pattern is known.

This new method requires training the neural net using a library of prints that a cybercriminal may be following to compare your leaky data to that of those videos. It's similar to comparing fingerprints, but it has 99% accuracy once trained.

Weeping Angel Government Snooping

These tools and others could be used by governments for spying. WikiLeaks publicized such a plan by the UK and U.S. in April 2017. Code named Weeping Angel, it specifically targets Samsung's F8000 Smart TVs, allowing them to record audio through their built-in microphones. Key features include a fake "off" mode and a Wi-Fi reconnect to convince users the TV is turned off, even when it's still recording. Plans also discussed strategies to use similar methods to record video and to use the TV's Wi-Fi to transmit that data.

Smart TV Manufacturer Efforts to Improve Privacy

In perspective, it might seem that all the privacy protection falls on your shoulders as a user. Fortunately, TV and cable box manufacturers are wising up. Routers manufactured in the past few years are generally more secure than their older counterparts.

That said, the Federal Communications Commission dropped plans over three years ago to require cable providers to unlock their boxes for third-party developers. If the plan had been approved, cable consumers would have been able to choose their set-top boxes for more customized functionality and greater security. So, it’s wise to take your proactive effort for the sake of your privacy and safety.

How to Stop Your Smart TV From Spying on You

Unplugging from the internet is the most effective way to eliminate cybersecurity risks, but it's highly impractical in this modern era.

To help you protect your privacy, we can offer guidance on how to prevent your smart TV from spying on you. Initially, you’ll want to check each of your television and internet devices for security and privacy settings. The following devices in your home might have settings you can access and change:

  • Streaming sticks and streaming boxes
  • Smart televisions
  • Set-top cable boxes
  • Internet router

You can also check for any hardware features that are built into your devices. Being aware of any microphones or cameras helps you to be extra thorough as you go through your settings. Take an extra step to research your device models online, as other users may have discovered hidden cameras or microphones.

Beyond these basics, you can take a few more steps to keep your home private. Whether setting your TV up or being more conscious of your TV use, be sure to do the following.

7 Tips to prevent your Smart TV from spying on you

  1. Check for software or firmware updates and install them immediately. Most users don’t tend to update televisions and other IoT devices like they do with mobile devices and traditional computers. However, system updates often bring essential security fixes. Hackers exploit this behavior and probe your devices for unpatched vulnerabilities.
  2. Consider disabling native internet on your smart TV. Televisions usually have a limited support cycle, meaning security patches stop coming and leave you open to attack. Instead, turn off the built-in Wi-Fi radio and install your choice of streaming box or stick. Alternatively, cast from your device to a dongle attached to your TV to extend the protection offered by your devices' VPN and other security applications to your TV.
  3. Disable or limit always-on access by microphones or cameras. If you decide to keep your TV connected to the internet, you might want to limit how much access it has. Deactivate voice-activated controls if you don’t use them. They are always listening for command prompts, which leaves you at risk of accidentally activating recording.
  4. Always read all terms before accepting any agreements. Language buried in the terms of use may allow these manufacturers to gather data for product development and advertising purposes. While diagnostic feedback is normal, avoid accepting terms like those that prevent access to TV features unless you share your data with third parties.
  5. Do not permit data gathering if you feel uncomfortable. Many companies collect anonymized diagnostic data meant to protect you while improving their services. However, any sensitive data gathered and stored from a massive user base creates an optimal target for hackers. If it is not properly anonymized, encrypted, or otherwise protected, your private data could be exposed in a company data breach.
  6. Use opaque black tape to cover cameras. If unused or it cannot be disabled, you’ll want to prevent unwanted eyes in your home. This crude but effective solution is used by the FBI across many camera-enabled devices. You can also purchase a webcam cover slide as a more elegant solution if you’d like to only cover it when not in use.
  7. Change any passwords when possible. Your devices may come with default backdoor passwords for factory setup, which tends to be revealed online for easy access by hackers. Update default passwords to be strong and unique from any other passwords you use. Long passwords using a variety of character types can significantly improve your security. Use a password manager to help you remember and create your new complex passwords.

Also, you might wonder, “do smart TVs need antivirus protection?” The short answer is no, not for the device itself. However, smart TVs are just one possible breach point in the larger Internet of Things. So, to be safe, you’ll want to protect yourself against malware. Especially for your frequently used internet devices (such as your laptop or smart phone). With this in mind, it’s best to get an antivirus software suite to protect all these devices, as they also keep botnets and other malicious breaches off your devices as well.

For future purchases of television devices, research to find those with settings you can easily change. Because in a market where convenience features weaken your security, it’s ideal to get a product that gives you the power to protect yourself.

Related articles:

Smart TV Spying and How to Protect Yourself

Kaspersky Logo