Skip to main content

Are Smart TV Designs Taking Home Security for Granted

Millions of smart TVs from Samsung and some streaming devices from Roku recently were found to be vulnerable to cyberattacks, allowing intruders to take control and remotely change channels and volume settings, among other things, according to Consumer Reports research.
Vulnerabilities were discovered not only in Samsung televisions, but also in TVs from TCL and other brands that sell sets compatible with the Roku TV smart-TV platform and streaming video devices such as Roku Ultra, according to the report.
Further, the affected televisions and devices collect a wide range of personal data, Consumer Reports noted, and users who choose to limit that data collection would risk limiting the functionality of the TV.
The report is based on a wide ranging security and privacy review of major brands, including Vizio, LG and Sony.
This review was the first conducted as part of Consumer Reports' new Digital Standard, which is an effort among several nonprofits, including theCyber Independent Testing Lab and Aspiration, to help set standards for the way electronics makers handle digital rights, cybersecurity and privacy issues.
The vulnerability Consumer Reports detected in Samsung TVs did not allow testers to extract data from the affected device or monitor what was playing, said spokesperson James McQueen.
Televisions from other makers using the Roku TV platform also were vulnerable to attack, he told TechNewsWorld.
This is not the first time an unsecured API has been found to be problematic, McQueen said, noting that this issue has been discussed in forums since 2015.
Further legislative action is needed to protect the integrity of consumer data, according toConsumers Union, the advocacy arm of Consumer Reports .
"Congress needs to pass data security standards for connected products, and federal regulators need to step up and hold companies accountable for privacy, security and safety of these products," argued Justin Brookman, director of consumer privacy and technology policy at Consumers Union.

Industry Pushback

Protecting consumer data is one of our top priorities," Samsung said in a statement provided to TechNewsWorld by spokesperson Zach Dugan. "Samsung's privacy practices are specifically designed to keep the personal information of consumers secure."
Samsung's Smart TVs include "a number of features that combine data security with the best possible user experience," the company said.
Before it collects any information on consumers, Samsung always asks for their consent, according to the statement, and it makes "every effort to ensure that data is handled with the utmost care."
Samsung has reached out to Consumer Reports and is looking into the specific points made regarding its smart televisions, it said.
The Consumer Reports findings are a "mischaracterization of a feature," Gary Ellison, vice president for trust engineering at Roku, maintained in an online post.
Roku wanted "to assure our customers that there is no security risk," he added.
Roku allows third-party developers to create remote controls, Ellison pointed out.
The technology is derived from an open interface that the company designed and published itself, and there is no risk to consumers or to the Roku platform using the API, he explained. Consumers can turn off the feature by clicking Settings>System>Advanced System Settings>External Control>Disabled.
As for the Automated Content Recognition, Roku ensures that consumers have to opt in to get the feature, Ellison said, and it is not on by default. Consumers can undo the feature by clicking on Settings>Privacy>Smart TV experience>Use info from TV inputs.

Mounting Concerns

Security has been a growing concern with the increased use of smart television and video streaming devices, observed Brett Sappington, director of research at Parks Associates.
"For many years, there was no reason to hack a television or a smart streaming media player," he told TechNewsWorld.
It was only with the advent of subscription-based video services and transactional video that you started to see financial data, like credit card numbers, get stored online, Sappington noted.
Roku is at the top of the food chain among U.S. streaming video makers. The company controlled 37 percent of the domestic market as of the first quarter 2017, up from about one-third of the market in the same period in 2016, Parks reported last summer. In the global market, Roku is second to Apple, because Apple operates in market across the world with many devices.
Sixty-nine percent of new televisions sold have Internet functionality that helps them operate as smart entertainment devices, Consumer Reports noted, citing data from IHS Markit.
Adding security and privacy to the menu of consumer product issues it evaluates was a great move on the part of Consumer Reports, as the use of smart devices in the home is rapidly expanding, said Mark Nunnikhoven, vice president, cloud research at Trend Micro.
"The issue with the Samsung, Roku and other devices is a simple and, unfortunately, common one," he told TechNewsWorld. "An API that blindly trusts anyone calling it, or -- slightly better -- a broken authentication scheme."
Trend Micro has seen similar problems in other devices, Nunnikhoven said, most recently with smart speakers from Bose and Sonos, which compete against Google Home and Amazon Echo at the top end, targeting the audiophile market.
These devices were designed with the idea that the network they would connect to would be secure -- but home and corporate networks often are not secure, he pointed out. "I wouldn't consider this a hack, but a flawed design."
These issues don't pose a direct threat to consumer privacy, but they are symptomatic of a deeper issue, which is a failure to build security and privacy protocols into the fabric of the technology, Nunnikhoven said, and the entire tech community needs to do a better job of addressing that challenge. 
Labels:

Comments

Post a Comment

Popular posts from this blog

How To Track And Recover Your Stolen Phone Without Using Track Imei Service

What is IMEI Number? IMEI stands for International Mobile Equipment Identity Number. It is 15 digit unique number of Cell Phone. Usually the IMEI is number printed in the battery compartment.  You can display the IMEI number by pressing *#06# in your Mobile phone. What is the use of IMEI Number? IMEI number is identify the Mobile Device. It is used to deny the access of stolen mobile from accessing the Mobile services of a country. Using IMEI number we can trace the location of Mobile. Equipment Identity Register(EIR) When a phone is switched on, the IMEI number is transmitted and checked against a database in the network’s EIR.  The EIR has three categories namely the “white lists”, “grey lists” and “black lists”. if the IMEI number is in blacklist, the mobile can not use the mobile service. Stolen Mobile Block the Mobile When mobile is stolen, you can block the mobile from being used by thief using IMEI number. You have to contact your local ...
Post a Comment
Read more

What is comprehensive car insurance

After buying a car   you should consider the insurance cover that you should take. There are a number of factors that you should consider when choosing the type of insurance cover that is suitable for you. In the process of shopping for insurance cover for your car you might have come across comprehensive car insurance. What is comprehensive  car insurance? This insurance protects your car against risks such as being stolen or damage regardless of who is at fault.The only exception is when there was a collision the comprehensive cover cannot pay for collision. For instance if your car is involved in damaged by falling objects, theft, fire, animals, natural disaster and civil disturbance comprehensive cover will protect you against them. You should also check with your insurance agent so that you know which of the above damage is included in their  comprehensive car insurance  policy. Different insurances companies cover different perils in their comprehensi...
Post a Comment
Read more