Why smart TVs know too much

Smart TVs are becoming increasingly prevalent. Statistics compiled by GfK for the GFU, a German consumer electronics trade association, reveal that more than 15 million were sold across ten European countries in 2014, up by 18.5 per cent year on year.

 

These television sets offer real benefits to businesses, as well as consumers. They can help to reduce travel costs – and slash a company’s carbon footprint – by making high-quality videoconferencing an affordable reality, they allow you to display presentations without the hassle of setting up a projector, and they can be used to show off your corporate branding, advertising and more.

 

But it’s not all good news. As well as boasting plenty of beneficial features, some smart TVs could pose a significant security threat to your business. Put simply, they could be too smart for their own good.

Some smart TVs are “extremely chatty”

It seems Samsung smart TVs are a particular security risk. Earlier this year, concerns were raised about Samsung’s voice activation feature, which effectively listens to what is being said and could share the information with the manufacturer, or even with third parties.

 

The issue provoked comparisons with George Orwell’s 1984 and its telescreens – which spied on citizens – and prompted Samsung to warn customers against discussing sensitive information in front of their smart TV if they are using voice activation (although the company stressed that this feature can be turned off).

 

However, it seems that Samsung’s smart televisions aren’t just nosy; they’re also serious gossips. Andrew Hay of security company OpenDNS described the TVs as “extremely chatty”, even when they are not in use. Speaking to IBTimes UK, he explained that the devices are effectively web servers or large screen computers that, if compromised, could give hackers access to swathes of corporate data that would otherwise have been kept under wraps.

 

Hay researched the OpenDNS ‘2015 Internet of Things in the Enterprise Report’, which revealed that the TVs contact Internet of Things (IoT) domains ten times in a row without receiving any input from the user, with a five-minute gap between each of these calls. They then stop communicating for 45 minutes, before starting afresh.

 

The research was based on trials of a typical 2014-15 Samsung smart TV running all the latest software. Concerningly, it discovered that one of the domains used by the television had an untrusted certificate, indicating it is at increased risk of a cyber attack.

 

Although Hay stressed that the study did not unturn anything “directly malicious”, he said the manner in which the TVs communicate with IoT domains “does not fit into any logical use case”.

 

“It is our opinion that the average user does not expect their smart TV to make incessant external calls to various services without any interaction,” he added. “The fact that a smart TV does so almost every minute it’s powered on – even without user interaction – is concerning, because it makes the use of these devices much easier to determine from outside a corporate network.”

What do smart TV risks mean for businesses?

Clearly, as smart TVs become more prevalent in the business world, the chances of a security breach occurring are heightened – and this threat becomes even greater once the TV is incorporated into a corporate network.

 

It could be possible, for instance, to remotely access the built-in webcam to take pictures of a company’s boardroom, monitor both ends of a videoconference, listen in to potentially sensitive conversations and access data stored on USB sticks or PCs connected to the TV.

 

According to Hay, manufacturers like Samsung could make the defence that their smart TVs are designed for consumer use, and are therefore not intended for enterprise situations.

 

Will this dissuade companies from using smart TVs in the future? Their numerous benefits makes this unlikely, which means the potential for security breaches looks set to remain.

 

Our Market Reports combine our review of the prevailing conditions in the security recruitment market together with the results of our 2015 employer survey.