According to a report released by NCC group, smart TVs are rapidly becoming a popular way for hackers to make their way into the personal networks of regular consumers without their knowledge, relying on a variety of factors to keep themselves hidden on devices which are quickly becoming the new Wild West of Internet security.
If you’ll remember our report just a month ago, we discussed a new bug that allowed hackers to gain access to web-connected Phillips TVs that were hooked up to local Wi-Fi networks. This is the same type of low-strength system architecture hackers like preying on the most, where they can encounter as few road blocks as possible while still gaining access to vital parts of a network that would otherwise be closed off through classic channels like mobile or desktop solutions.
As well as granting access to all computers, laptops, phones, and tablets hooked up to the same network, these TVs become a central hub that thieves and malware developers can hide on without the users becoming any the wiser.
Overall Smart TVs have relatively small processors which aren’t capable of serious CPU or GPU output, which makes them understandably a bit slow to begin with. Unlike personal computers that we use every day to work and communicate with friends, no one thinks twice if their Smart TV is acting “a little slow”, because as anyone who’s actually used one knows, they’re already pretty choppy as it is.
This allows malicious malware distributors to hide in plain sight, using offerings in the space from LG or Samsung as hubs to track data and collect information off of any standard consumer wireless access points.
“Installing the bugging software requires physical access to the device, which is how we did it, or by installing a malicious app,” said Felix Ingram, principal consultant at NCC Group. “Malicious apps could be downloaded from the manufacturer’s app store. The TV does have the option for auto-updating, so releasing a legitimate app, then releasing a malicious update, is another attack vector.”
Many TVs these days are being outfitted with many of the same listening/recording gadgets and gizmos as your standard laptop, including high-resolution cameras installed in the bezels, and microphones capable of picking up voice commands (or common conversations) from more than 25ft away.
The demo by NCC showed that a TV could hold a supposedly indefinite amount of audio captured from onboard listening modules, originally designed to give users the option to control their TVs with voice rather than a standard remote.
Several higher-end models from LG also offer the ability to link your smartphone to the television itself, opening up a whole new range of questions about security that haven’t been answered in the most timely of manners by the people who should have had this stuff figured out before they put their latest model out on the showfloor of the local Best Buy.
Members of the NCC Group also cautioned that unlike standard devices, Smart TVs can be far more difficult to update across all platforms in unison, as dozens of different models can all utilize a number of different OS quirks to offer their customers a specific experience they wouldn’t get with a competing product.