Hackers could be Targeting Your Smart TV

Hackers Could Be Targeting Your Smart TV

Avast researchers have found a number of vulnerabilities in Smart TVs.

Security researchers at Avast have demonstrated a number of vulnerabilities and potential attacks against Vizio smart TVs, including data that displays a person's viewing habits.

Under the wide umbrella of the Internet of things and smart homes, Avast began to pull apart the security of a Vizio smart TV and found that it was susceptible to man-in-the-middle attacks due to HTTPS certificates that were not being validated.

Avast discovered that the TV was constantly accessing tcinteractive.tv, a website run by a company named Cognitive Networks. The service appears to gather a time stamp that reports what someone is watching and when, and then sends that data to the content provider or advertisers. Avast even discovered that the TV would accept a forged certificated when connecting to the site, as it does not fully validate the HTTPS certificate. Instead, it just validates the checksum at the end of the data being transferred.

Essentially, the HTTPS certificate is what makes a connection secure, validating the information and telling the sender what a site actually is. Without it, a hacker could potentially steal the information. Carrying out a man-in-the-middle attack in which it impersonated the tvinteractive.tv with forged HTTPS credentials, Avast was able to crack the data that was being sent and view it.

"This data is the fingerprint of what you're watching being sent through the Internet to Cognitive Networks. This data is sent regardless of whether you agree to the privacy policy and terms of service when first configuring your TV," the researchers said.  

Avast has dubbed its discovery as a possible attack vector into a person's home network. It's just the latest evidence that shows how a smart TV can make your local network vulnerable, and Avast claims that it could be a possible means to display content remotely on someone else's TV. "Further investigation is needed to demonstrate a proof of concept, however, this appears to be a potential attack vector for remotely displaying unwanted material on a person's TV," the researchers said.

Vizio has patched these vulnerabilities and says the update will install automatically, but there is no still no report on whether this update has been successfully delivered to all TV owners yet.

About the Author

Sydny Shepard is the Executive Editor of Campus Security & Life Safety.

Featured

Featured Cybersecurity

Webinars

New Products

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions. 3

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction. 3