Your smart TV probably watches you more closely than you watch it, and the FBI wants you to keep that in mind this holiday shopping season.
Smart TVs top many holiday wish lists. But like any internet-connected device, they can be a convenient portal for hackers, as the FBI's Portland field office pointed out in a warning to consumers last week.
"A bad cyber actor may not be able to access your locked-down computer directly, but it is possible that your unsecured TV can give him or her an easy way in the backdoor through your router," the agency said.
"Hackers can also take control of your unsecured TV. At the low end of the risk spectrum, they can change channels, play with the volume, and show your kids inappropriate videos. In a worst-case scenario, they can turn on your bedroom TV's camera and microphone and silently cyberstalk you."
Many smart TVs are equipped with cameras and microphones, which allow users to control them from the comfort of the couch. Those features also allow TV makers like Samsung, Roku and Vizio to track what you're up to and relay it to advertising partners, whether you're in a streaming app or browsing the web or kicking it old school with a DVD.
Automatic content recognition, in which the TV monitors itself and broadcasts it back to the TV maker as often as once a second, has become an industry standard; it's part of why the cost of TVs has fallen so much. Although watching TV is protected as a private activity under U.S. law, companies aren't always transparent with customers about when they're being tracked. The Federal Trade Commission fined Vizio $2.2 million in 2017 for not being forward with consumers about tracking software and ordered the rest of the industry to make it so that customers had to opt into tracking, but many of these agreements are still buried in fine print.
Americans spend an average of 3.5 hours a day in front of the TV according to eMarketer, a hefty chunk of time for an unwanted party to exploit. These kinds of attacks aren't common, but they're not impossible either, though the FBI did not include any statistics in its warning. A 2018 Consumer Reports investigation found that millions of popular smart TVs have hosts of security vulnerabilities that a relatively unskilled hacker could take advantage of. And this year at Defcon, the famed hacker conference, security researchers showed how smart TVs could be commandeered for darker purposes.
The FBI offered some suggestions for locking down your smart TV. To start, the agency suggests doing a basic search on your TV model and its features, using words like "microphone," "camera" and privacy. It also urged users not to depend on default security settings and to read privacy policies carefully.
"Know how to turn off the microphones, cameras, and collection of personal information if possible," the FBI recommended. "If you can't turn them off, consider whether you are willing to take the risk of buying that model or using that service."