Onegini Updates

Smart TVs Pave the Way for the Next Cybercrime Wave

Posted on April 7, 2016 by Vladimir Ghilien

Smart TVs start getting into more and more houses nowadays. The tricky thing here is that they are hewing a new door for cybercriminals’ attacks, as the gadgets’ security defenses frequently are far from the levels of those in desktop computers and smartphones.

Running such mobile OS’s, like Android, smart TVs represent an easy target for hackers because of the way manufacturers prefer convenience for users over security. This trade-off may have grave consequences in the future. Smart TVs are more, than just consumer electronics, as the gadgets are commonly used in corporate board halls. Their sales are forecast to increase over 20% a year through to 2019. Although attacks on smart TVs aren’t yet prevalent, security specialists claim it’s simply a matter of time before hackers take note of the aforementioned weaknesses.

Tolaga Research’s chief research officer Phil Marshall claims that a lot of solutions don’t adapt the best practices known well in the IT world. He noted that the ecosystem is fragmented, so the solution should be delivered to the market fast.

smart-tv.png

Basically, Smart TV is a computer that has USB ports, an operating system, and networking features that don’t differ from those of smartphones. However, unlike mobile gadgets and computers, smart TVs frequently don’t demand authentication at all. Generally, if you are in the same room with a smart TV, you are going to be referred to as the TV’s owner at all times. Some models just don’t confirm, if the person sending commands over the net is the same individual that is able to physically control the gadget.

In other words, there are serious chances that an attacker can remotely make a smart TV show something much more sensitive and private, than the sales figures and graphs from the last staff meeting. So, in case such incident happens, the person conducting a presentation may get into an unexpected situation, at the very least, or even in a truly embarrassing one.

Lots of major manufacturers, including Sony, Samsung, and LG among others, have created app stores for smart TVs. This model has been pioneered for smartphones by Apple. However, users may as well be tricked into downloading malicious applications from third-party app stores, via a method of attacking smartphones that may as well be utilized against smart TVs.

Symantec’s threat researcher Candid Wueest intentionally infected his brand-new TV running on Android OS with ransomware, malware encrypting files and demanding paying a ransom in bitcoin. His experiment was somewhat rigged: he modified the settings of the DNS (Domain Name System) on his own router in a counterfeit man-in-the-middle attack and made the TV download the malicious application from a doubtful source. However, he claims that such an attack easily falls within the attackers’ capabilities.

Wueest as well has outlined a number of other problems with smart TVs related to software updates. Certain models don’t use the SSL/TLS encryption during updates’ download. This lack makes possible tricking a TV into downloading malware, which essentially is a low-level code bridging a computer’s operating system and hardware at startup. Some smart TV models don’t even verify the downloaded firmware’s integrity. According to Wueest, In smart TVs, security is addressed at the end, more like an afterthought.

tv-is-watching-you.png

All of the aforementioned flaws represent annoying problems, in particular as smart TVs more and more integrate with commerce and consumers increasingly introduce credit card data into their TV sets. This specifically goes to those, who love doing Black Friday shopping on their TVs, as they are closely tied to their financial data on their gadgets.

There is no antiviral software for smart TVs and it is questionable if making them would be a productive solution to halting cyber-attacks. And although antiviruses could make it work, they as well might impair performance, so the focus will shift to solving problems, like “will running an antivirus on the smart TV give hard time to Netflix and other services?” In other words, this can break a lot of advantageous deals.

However, speaking of Android OS, its model of permissions restricts applications’ actions without direct user’s approval, dulling malicious app’s capabilities on a smart TV. However, users could mindlessly close warnings to continue watching their favorite TV programs. According to Young, the problems with smart TVs are just the same that affect a whole array of network gadgets. Because of this, experts are seriously concerned that the Internet of things may be abused.

Certain organizations are addressing these concerns with new solutions meant to identify network anomalies. They prefer such solutions better, than full-scale antiviral software.

Topics: Security, IT