Smart TVs are not being targeted by hackers right now, but a researcher at Symantec has noted that cyber-criminals have a wide range of options if they wish to breach the average Smart TV.
Candid Wueest found that Smart TVs are as, if not more, vulnerable than other connected devices leaving them open to everything from data theft to ransomware attacks. In a blog post he noted the televisions can be accessed via Man-in-the-Middle (MitM) attacks, exploits, via their updates and when the user downloads an app.
The MitM problem arises as not all TVs use SSL encryption nor do they all thoroughly verify certificates enabling communications between the TV and a host to be intercepted and compromised. Exploits are likely to be implemented when the user visits a malicious site using the onboard browser, Wueest said. Another soft spot in the TV's defense is created by when manufacturers are slow to deliver software updates, he said noting the TV tested used a version of Android was still susceptible to the Stagefright bug, which had been patched by Google many months earlier. Adding to the problem, some firmware is delivered from non-SSL sites, which can be intercepted and blocked so the TV is never updated and thus always vulnerable.
After cataloging the various vulnerabilities, Wueest used a MitM-style attack to invade her TV's game portal and plant ransomware.
“As expected, the threat worked and locked the TV after a few seconds, displayed the dreaded ransom note on the screen, and made the TV unusable,” he said.
Cleaning out malicious software can be difficult and the manufacturers customer support staff may not be prepared to deal with such a situation.
On the bright side, Wueest noted that widespread attacks against Smart TVs are not taking place in the wild. he also suggested Smart TV owners take the same safety steps with their TV as they do with any computer or connected device.