If you just bought a smart TV on Black Friday or plan to buy one for Cyber Monday, the FBI wants you to know a few things.
Smart TVs are like regular television sets but with an internet connection. With the advent and growth of Netflix, Hulu and other streaming services, most saw internet-connected televisions as a cord-cutter’s dream. But like anything that connects to the internet, it opens up smart TVs to security vulnerabilities and hackers. Not only that, many smart TVs come with a camera and a microphone. But as is the case with most other internet-connected devices, manufacturers often don’t put security as a priority.
That’s the key takeaway from the FBI’s Portland field office, which just ahead of some of the biggest shopping days of the year posted a warning on its website about the risks that smart TVs pose.
“Beyond the risk that your TV manufacturer and app developers may be listening and watching you, that television can also be a gateway for hackers to come into your home. A bad cyber actor may not be able to access your locked-down computer directly, but it is possible that your unsecured TV can give him or her an easy way in the backdoor through your router,” wrote the FBI.
The FBI warned that hackers can take control of your unsecured smart TV and in worst cases, take control of the camera and microphone to watch and listen in.
Active attacks and exploits against smart TVs are rare, but not unheard of. Because every smart TV comes with their manufacturer’s own software and are at the mercy of their often unreliable and irregular security patching schedule, some devices are more vulnerable than others. Earlier this year, hackers showed it was possible to hijack Google’s Chromecast streaming stick and broadcast random videos to thousands of victims.
In fact, some of the biggest exploits targeting smart TVs in recent years were developed by the Central Intelligence Agency, but were stolen. The files were later published online by WikiLeaks.
But as much as the FBI’s warning is responding to genuine fears, arguably one of the bigger issues that should cause as much if not greater concerns are how much tracking data is collected on smart TV owners.
The Washington Post earlier this year found that some of the most popular smart TV makers — including Samsung and LG — collect tons of information about what users are watching in order to help advertisers better target ads against their viewers and to suggest what to watch next, for example. The TV tracking problem became so problematic a few years ago that smart TV maker Vizio had to pay $2.2 million in fines after it was caught secretly collecting customer viewing data. Earlier this year, a separate class action suit related to the tracking again Vizio was allowed to go ahead.
As convenient as it might be, the most secure smart TV might be one that isn’t connected to the internet at all.