Pluralsight blog Where devs, IT admins & creative pros go for news, tips, videos and more.
Pluralsight + Digital-Tutors - 3,000 tech & creative courses - starting at $29/month Get it now →
December 1, 2012

How To Protect Your Internet TV From Malware and Hackers

By How to Protect Your Internet TV

NPD In-Stat has predicted that by 2016, 100 million TVs will be connected to the World Wide Web.

That is just in Western Europe and North America. The global number would be much higher. This means that a lot of people will be able to stream both their traditional television and Internet content on their TVs.

This is brought about by the changes in the TV viewing behavior of today’s viewers.  A 2011 Nielsen’s report found that more than 6 out of every 10 people surf the World Wide Web or check their e-mails while watching TV.

Indeed, having more than 100 million TVs worldwide connected to the Internet is a major development and a big step towards more interactive TV content.  Moreover, a GfK Group research revealed that close to 3 out of every 10 buyers in the United States are looking for TVs with internet connectivity.

However, many security experts have also predicted that along with this recent development are hacks and malware attacks. This trend is similar to what we are seeing with Android-run smartphones and tablets now.

In fact, Mocana, a start-up security firm based in San Francisco, California, discovered several security flaws and vulnerabilities of Internet TV.

What Are These Flaws?

Mocana found that the Internet connection TV’s interface does not confirm a script’s integrity before it is run.  This results in giving a would-be attacker the chance to intercept transmissions from the TV to the user’s network using several hijacking techniques.

Similar to smartphones and PCs

TheHackerNews.com wrote that a possible hacking attack on an Internet-enabled TV would be similar to attacks on PCs and smartphones.  Hackers may choose from anything on your TV such as IP addresses, always-on interfaces, storage, CPUs and operating systems to carry out an attack on your TV.

Roger Grimes at PCWorld sounded the alarm with his experience hacking a first generation IP TV set top box.  They were able to find two vulnerabilities that allowed them to take control of the box.  Grimes wrote that they were able to steal customer information stored in the box, get porn movies and force another channel to show porn.

The Mocana report found that it is possible:

  • To perform a denial of service on the TV, limit or extend its functionality, get saved passwords and redirect Internet traffic because of the lack of encryption and failure to confirm script integrity;
  • To remove the parental lock on the TV even with just a read-only access;
  • To get unencrypted third-party developer keys.  Yes, that means that developer keys are in plain text;
  • To see the Master Lock password in the scripts in plain text;
  • To have a malicious script run periodically by writing into NVRAM.
  • To get a new way to phish.  Hackers can present you with a fake credit card form or intercept Internet traffic so that you think that a bogus banking site they serve up is legitimate.  In both cases, you unwittingly fill out the forms and give the attackers your financial information;
  • To monitor your TV viewing habits and Internet usage without you knowing.

It’s a Numbers Game

Remember that distributing malware and viruses is basically a numbers game for the attackers and criminals.  Not everyone will use their Internet TVs to bank, nor will everybody store their personal information on their connected TVs so attackers usually cast a wide net in order to victimize someone.  With the 100-million figure in just four years, hacking Internet TV just might be attractive enough for some malicious programmers to get into.

What Security Measures Can We Apply?

Wait. The rush to connect TVs to the Internet is giving manufacturers not enough time to test out their products and make it more secure.  In fact, Mocana revealed that the vulnerabilities they found in their study are the mistakes made by an inexperienced designer when connecting the TV to the Internet on the first try.

What’s more, because these are relatively new technologies, even security companies are still grappling with how they could make Internet TVs more secure.  Without knowing just how vulnerable these TVs are, you would not be able to come up with a comprehensive software to adequately protect these systems.

So if you have a perfectly functioning TV at home, you might want to wait a few months before getting an Internet TV.

Secure your Wi-Fi network

If you are going to use a Wi-Fi network to connect your Internet TV to, then consider securing the network first before doing so.  Use WPA or WPA2 encryption, use stronger Wi-Fi passwords, set up a firewall to prevent hackers from accessing your PC and TV, limit MAC addresses to devices you actually use, and carry out other steps to secure your Wi-Fi connection.

Be careful in downloading apps and widgets

Internet TV, much like tablets and smartphones, will be using apps and widgets.  Be careful when downloading these.  Be sure that the widgets and apps you download come from reputable developers.  If you have an official app market or app store for your Internet TV, it would make sense to limit your downloads from these sites.

Patch as soon as an update comes out

Your Internet TV will be using an operating system that, over time, might become vulnerable to hacking.  Make sure to patch your firmware as soon as the manufacturer makes an update available.

Stay on top of security risks

When it comes to security, it always helps to stay informed.  Every day, new threats, malware and viruses are being created and distributed that are targeting all connected devices, not just your Internet TV.  So be sure that you know when an attack is detected so that you could perform checks and take necessary action.

Stay on top of solutions that make hacking difficult

Internet connected TVs have been around since 2010, and it is only in June 2012, almost two years later, that the first anti-virus software for Internet TV made its debut.  And we’re not talking about the usual suspects here such as McAffee, Kaspersky and F-secure.  The first (and perhaps only) antivirus software for Internet TVs comes from SophosLabs and Ocean Blue Software.  Indeed, it helps to be updated when similar antivirus and anti-malware solutions crop up for your Internet TV.

The threat of viruses and malware on your TV might seem to be a distant possibility, but it is a possibility.  It is time to stop thinking of Internet TVs as just TVs and start thinking of them as computers that have the capability to download something from the Internet, hence they are vulnerable to be infected with viruses and malware.  Only then can you be aware of the dangers and take necessary action to protect yourself and your Internet connected TV from attacks.

About the Author

Michael Gabriel Sumastre is a skilled technical blogger and writer with more than seven years of professional experience in Web content creation, SEO and research paper writing. He has written more than a thousand articles related to tech and gadgets, cloud computing, IT management, SEO, SEM and software solutions. He ghostwrites books / e-books and has a Bachelor of Science degree in computer science. Michael is also an expert in webmastering and loves to ride his sportsbike. He maintains his portfolio and personal blog at TheFinestWriter.com

Author's Website: http://www.thefinestwriter.com


Discussion