TV Smart: an open door for cyber attackers

Cyber attackers are usually stimulated by possible financial gains. This means that they will have information they can sell, data they can use to blackmail people, hardware they can divert, or the computing power they can harness. Smart TVs offer all these opportunities, which makes them ideal targets for potential attacks.

However, its open-source character and immense popularity, along with the imperfect process of checking Google Play applications, have made SMART TV’s platform and users an attractive target. With the expansion of Android in the Internet of Things (IoT) area, the risks are clearly outweighing touchscreen mobile devices

ESET says that smart TVs are vulnerable in the following ways:

1. Malware 

TVs can fall prey to ransomware like Simplocker, which includes threats that instruct victims to pay money to recover access to their devices. 

Many users may also install software from outside the Google Play store for Android TV, which could be potentially hazardous. In these cases, cybercriminals leverage the elevated permissions to steal information from accounts in other apps, execute a key logger, or neutralise the system’s security safeguards. 

2. Poor configuration 

Misconfiguring a smart TV could leave it open to all sorts of threats. Vendors modifying the underlying operating system to add new functionalities as well as customer oversight could be at fault. Misconfiguration ranges from keeping ports open and using insecure protocols to enabling debugging mechanisms, relying on poor or default passwords (or no passwords at all), or using unneeded services. 

3. Vulnerabilities 

Other vulnerabilities include flaws that make it possible to control TV models remotely using public APIs or allow attackers to run arbitrary commands on the system. Built-in voice assistants and links to a variety of Internet of Things (IoT) sensors can open more potential attack vectors. Because smart TVs are hubs for endless sensors and vehicles for sensitive information, they are enormously attractive to cybercriminals. 

4. Physical attacks through USB ports 

USB ports in TVs can be used to run malicious scripts or to exploit vulnerabilities. This can be done quickly and easily by using gadgets such as Bash Bunny, and they are also not particularly complicated or expensive to create from scratch. 

5. Social engineering 

Social engineering remains at the heart of many campaigns aimed at stealing personal information, distributing malware, or exploiting security loopholes. Nearly all (if not all) smart TVs are now fitted with an email client and web browser, allowing for risks such as phishing to still be viable through a TV screen. 

Smart TVs that are not connected to an email account and a web browser are not very available on the market, which is why devices are not exempt from risks, such as phishing and other types of online fraud, which are usually associated only with computers and smartphones.

As smart TVs acquire more and more functions, the amount and sensitivity of the data they manage is becoming more attractive to cybercriminals. Televisions can be misused to spy on users with cameras and microphones or can act as starting points for attacks on other devices in home and corporate networks.

While cybercriminals can hack into a smart TV a variety of ways, there are plenty of ways that consumers can prevent this from happening. These include protecting router credentials, properly configuring smart TVs, always installing the latest updates, and streaming with caution. 

Sursa: blog.eset.ro

High quality IT services. Do you need details? Contact us!