With microphones making their way into all our technology, you might have a lingering thought, “Is my smart TV spying on me?” If you've paid attention to all the WikiLeaks scandals the past few years, you probably already know that your smart TV may be spying on you. But you may not realize the spying is carried out by more than big government and cybercriminals. It's also alive and well among manufacturers, and devices you assume are secure may be susceptible.
To make the consumer experience more convenient, TV manufacturers are putting tech like voice commands and video conferencing into devices. Unfortunately, cameras, microphones, and internet access give unwanted parties open access to your private life.
Certain notable parties have been known to abuse these sensitive data-gathering tools:
Some of these practices are completely legal. However, the ethics of this monitoring are hard to approve of. Most spying activity occurs without full user awareness and consent, especially in criminal uses. Whether explicitly criminal or morally questionable, you should know the risks you’re facing by owning a smart TV.
As internet-equipped tech spreads to more households, new emerging spy methods are turning the concept of privacy into a thing of the past. Some threats are being discovered in cybersecurity labs, but others are revealed only because they’ve already been exploited.
These capabilities are certainly unnerving, but the most likely scenario is that smart TV manufacturers are monitoring viewing habits and selling the information to marketers. In other words, the spy is often the TV manufacturer.
For example, Vizio was fined $2.2 million by the Federal Trade Commission in February 2017 for tracking what their TV owners (identified by IP address) were watching and then selling that information to advertisers. This Vizio TV spying case is surely not the only one; other TV manufacturers also track viewing habits but haven't been caught selling it to marketers.
However, data collection isn't always the fault of manufacturers. TV set-top boxes and Wi-Fi routers can be hacked with relative ease. In 2013, for example, the "Linux/Flasher.A" bot was discovered after it collected login credentials from smart TVs, tablets, smartphones, and PCs. Infiltration was fairly easy because older routers were poorly secured.
At the time, cable companies often used the same passwords for all the boxes they provided, and cable subscribers couldn't change them easily. Therefore, anyone with the password for one router or set-top box could infiltrate many others. To make matters worse, many pieces of equipment had built-in backdoors. This ease of access only gives more incentive to attempt smart TV hacking.
Not too long ago, a botnet named Mirai posed a major threatby turning Internet of Things (IoT) devices into zombies — botnet hosts — that enabled attackers to use the resources of these devices to stage Distributed Denial-of-Service (DDoS) attacks, causing widescale disruption across the internet. Botnet susceptible IoT devices can include any hardware or appliances made “smart” by computer processing and internet connectivity. As such, smart TVs can be a victim just as much as smart speakers, phones, and even thermostats.
The threat of DDoS attacks from Mirai wasn’t the only outcome of this botnet. To this day, there are fears that the Hajime botnet that supposedly combats it could also be used for cyberattacks. Without malware protection, many devices are exposed to a botnet breach.
Onboard microphones in smart TVs and other devices can be manipulated as well. In 2017, researchers at the University of Washington showed how software called CovertBand could use a smart device's sound system to track the movement of people in a room. It works by hiding nearly undetectable "chirp" signals in music, and those signals bounce off human bodies and act like sonar signals to device microphones. The software could detect multiple people within approximately 20 feet of the device and was accurate to within seven inches.
Another hack demonstrated in the spring of 2017 uses radio signals to exploit known weaknesses in the web browsers running on smart TVs. Hackers exploit security flaws in TVs’ web browsers and then use an inexpensive transmitter to embed code into a rogue TV signal. When that signal is broadcast, hackers can take over the TVs in that area. Once hackers control the TV, they can control other devices and monitor activities in the home. The method uses security flaws in the web browsers of the TVs.
One of the latest spying methods uses a neural network and a new algorithm developed jointly by researchers at Tel Aviv University and Cornell University to analyze patterns in data streams from encrypted videos, such as those from Netflix, Amazon, and YouTube, to determine what you're watching. Hacking smart TV devices isn’t even necessary — all the hacker needs is access to your Wi-Fi network.
Here’s how it works: video streams typically are transmitted in segments, called bursts. The bursts are compressed using variable bit-rate compression. So, bursts of the same length have different quantities of data. Measuring the bits per segment length creates a digital fingerprint that can be matched to other, selected videos once their pattern is known.
This new method requires training the neural net using a library of prints that a cybercriminal may be following to compare your leaky data to that of those videos. It's similar to comparing fingerprints, but it has 99% accuracy once trained.
These tools and others could be used by governments for spying. WikiLeaks publicized such a plan by the UK and U.S. in April 2017. Code named Weeping Angel, it specifically targets Samsung's F8000 Smart TVs, allowing them to record audio through their built-in microphones. Key features include a fake "off" mode and a Wi-Fi reconnect to convince users the TV is turned off, even when it's still recording. Plans also discussed strategies to use similar methods to record video and to use the TV's Wi-Fi to transmit that data.
In perspective, it might seem that all the privacy protection falls on your shoulders as a user. Fortunately, TV and cable box manufacturers are wising up. Routers manufactured in the past few years are generally more secure than their older counterparts.
That said, the Federal Communications Commission dropped plans over three years ago to require cable providers to unlock their boxes for third-party developers. If the plan had been approved, cable consumers would have been able to choose their set-top boxes for more customized functionality and greater security. So, it’s wise to take your proactive effort for the sake of your privacy and safety.
Unplugging from the internet is the most effective way to eliminate cybersecurity risks, but it's highly impractical in this modern era.
To help you protect your privacy, we can offer guidance on how to prevent your smart TV from spying on you. Initially, you’ll want to check each of your television and internet devices for security and privacy settings. The following devices in your home might have settings you can access and change:
You can also check for any hardware features that are built into your devices. Being aware of any microphones or cameras helps you to be extra thorough as you go through your settings. Take an extra step to research your device models online, as other users may have discovered hidden cameras or microphones.
Beyond these basics, you can take a few more steps to keep your home private. Whether setting your TV up or being more conscious of your TV use, be sure to do the following.
Also, you might wonder, “do smart TVs need antivirus protection?” The short answer is no, not for the device itself. However, smart TVs are just one possible breach point in the larger Internet of Things. So, to be safe, you’ll want to protect yourself against malware. Especially for your frequently used internet devices (such as your laptop or smart phone). With this in mind, it’s best to get an antivirus software suite to protect all these devices, as they also keep botnets and other malicious breaches off your devices as well.
For future purchases of television devices, research to find those with settings you can easily change. Because in a market where convenience features weaken your security, it’s ideal to get a product that gives you the power to protect yourself.