Aaron Jentzen | November 14, 2018

5 Security Tips for Smart TVs

WombatProofpoint_Blog_SmartTv_November2018_B

As smart TVs become increasingly prevalent, users need to be aware of the security and privacy challenges they present. Even those who employ good security habits with their smartphones, laptops, and tablets may not exercise the same caution when it comes to the entertainment device in the heart of their home.

Internet-connected smart TVs offer appealing features such as voice recognition, tailored content recommendations, access to cloud services, and interaction with social media. But they also collect large amounts of user information, starting with viewing habits. “That viewing information can be combined with other consumer information and used for targeted advertising, not only on your TV but also on mobile phones and computers,” according to Consumer Reports. Determining what information is being gathered — and potentially shared with third parties — isn’t easy.

Given smart TVs’ complexity, broad connectivity, and widespread data gathering, users should be on their guard. But when Consumer Reports surveyed 38,000 smart-TV owners, only 51% said they were “at least somewhat worried” about privacy, and 62% said they were “at least somewhat worried about the sets’ security practices.”

What Are the Risks?

Security researchers, consumer advocates, and the media have frequently raised concerns about smart TVs’ security vulnerabilities and the data they collect. One example comes from the 2017 WikiLeaks release of (alleged) CIA documents detailing tools and techniques for compromising a variety of devices. One of the hacking programs was intended to take control of the microphones in some smart TVs to surreptitiously record nearby conversations.

Surveillance concerns aside, smart TVs are likely to share a network with devices used for work tasks. For our 2018 User Risk Report, we surveyed 6,000 working adults across six countries — the US, UK, France, Germany, Italy, and Australia — about their personal cybersecurity habits. When asked about the types of devices used on their home networks, 41% of respondents said they have a smart TV — making them the most common connected devices after smartphones, computers, and tablets.

Our survey also found that these home WiFi networks are often entirely unprotected, which makes the well-documented vulnerabilities of smart TVs and Internet of Things (IoT) devices all the more concerning. Among other risks, an easily accessed home network opens the door for attackers to compromise remote workers and their employers’ sensitive information.

color_bar.png

Discover the eye-opening cybersecurity habits of working adults in our User Risk Report.

Download the User Risk Report

color_bar.png

5 Security and Privacy Tips for Smart TVs

Smart TVs aren’t necessarily “bad,” and they certainly aren’t going away any time soon. But it’s important to remember that they’re essentially specialized connected computers, and they deserve just as much care and awareness as would a laptop or smartphone. The following five tips can help you practice better security behaviors with your smart TV.

  1. Turn off the WiFi. Disconnecting a smart TV from the internet limits its functionality — it’s basically a “dumb” TV — but it also limits the data leaking out of your living room. Connecting it to a separate streaming box or dongle carries some risks, but these devices “at least give you a little more control, or at the very least act the way you’d expect them to,” according Brian Barrett, Wired’s security news editor.
  2. Review the privacy settings. In the rush to set up a TV, it’s tempting to leave default settings in place and click “agree” when it comes to privacy and data collection policies. How to find and change these settings depends on the TV; you may need to consult the manual or contact customer support. Consumer Reports offers this general advice: “Reset the TV to factory settings. Then, as you go through the setup process, say yes to the most basic privacy policies and terms of service but don’t agree to the collection of viewing data.”
  3. Keep software/firmware updated. Nobody enjoys waiting for a device to update, but your TV needs timely security patches, just like your smartphone or computer. In fact, the CIA documents released by WikiLeaks included a smart TV exploit that “worked as long as the target hadn’t upgraded the firmware,” according to security researcher Brian Krebs. Your TV may allow you to enable automatic updates.
  4. Cover the camera when not in use. If your TV has a built-in camera, you should make conscious decisions about when (and when not) to use it. Even if your TV isn’t compromised by a hacker, covering the camera helps you avoid accidentally broadcasting your living room.
  5. Mind the microphone. Unless you really “need” it, consider turning off any voice recognition features on your TV. At the very least, review the microphone privacy settings and limit access as much as possible.

For additional advice applicable to smart TVs, check out our IoT Q&A and Security Checklist infographic.

Subscribe to Our Blog

2018 State of the Phish Report  Protect your organization from phishing attacks. Download Now
2018 Beyond the Phish Report  Protect your organization from threats including and beyond phishing. Download Now