26 total posts
I would say not..
I would say not, I haven't owned one myself, but from what I gather, Smart TVs don't use open networks that allow just anyone to put up content like a Desktop or laptop computer does, chances are the TV itself uses streaming (which doesn't require video downloads), or the sources of these files are determined by your cable provider, they also would likely have their own operating system, much like a Playstation 3, Xbox 360 or Nintendo Wii would, and that would make them a less likely target for viruses or even hackers.
But it's always worth asking a manufacturer or cable provider these things, especially in matters of cyber security.
A Smart TV is technically a computer
So, technically, yes. It can be infected.
From a practical standpoint, though, I think you'll find that there are not going to be any anti-virus systems that run on the TV as-is. You would have to hack the TV yourself and install your own OS (probably some flavor of Linux) in order to load software that isn't written by the TV's manufacturer. I haven't looked, but I suspect that there are hacks published for many TVs on the market. Hobbyists enjoy hacking everything from digital cameras to digital picture frames. A TV would be right in their wheelhouse.
OTOH, while it is technically possible for your TV to get infected, I'm not sure what the bad guys would do with it. I don't think those TVs have a lot of computing power, nor much memory. The culprits might try to use it as an entry point past your hardware firewall (you are using a router with a firewall built in, right?) But, if your computers, phones and other devices are running virus software, then that doesn't gain them much. And, the TV market is fragmented enough that any target they aim for would be a pretty small population of devices. So, it's probably not worth their time.
A more lucrative target would probably be a DVR. Those are computers, too. Those machines wouldn't be called high-powered, but they would make for a nice zombie to send spam from. Again, you're not going to find any anti-virus system readily available that you can put on there to protect them. Those companies are very jealous of what goes on their systems. That's good news for virus protection, though. Because in protecting themselves from hobbyists they're also protecting themselves from virus writers.
To wrap up, the new TVs are technically at risk. But, from a practical point of view, at this point, I don't think it's worth spending any time worrying about.
You shouldn't need an anti-virus....
You are right to think that the smart tv is indeed running an operating system and is connected to the internet so therefore in theory it could be infected by a rogue application.
However it is unlikely to need any type of anti-virus and there are a few reasons for this.
1. The type of apps that are in the TV are pre-installed when the TV is purchased, or installed via authorised updates from LG therefore these would have already been checked to ensure no malicious coding is in the apps. For a virus to infect something it doesn't just need a web browser, it needs some form of OS platform to execute it's commands on and an ability to access certain bits to fool the end user - such as creating windows that look like web browsers, or keylogging. The only slight risk is with Java applications running on the TV as many of these are unlikely to be checked properly, however Java apps would struggle to get low enough access level into the TV's own programming to do any type of serious virus damage, at worst it may pop up a screen asking for your bank details, but at this stage alarm bells should normally be ringing as it should look very different to what you'd expect to see on your TV.
2. Most smart tv''s run on some kind of Unix based operating system, possibly even a variant of Linux. Unix based OS's are a lot more resilient to viruses than Windows OS (Windows is getting better with security). In Unix based OS's you have a root user login which really shouldn't be used all the time as these are administrator accounts with full access to everything, and then you have general accounts. If your TV is based on Unix you'll probably find that by default when using the Smart TV section you are logged in to just a normal user account which allows anything running within it all the access you need, whilst blocking out low level access to the TV, in the TV there wont be an option to login to the root account or anything, all this will be hid behind the scenes, and the only way into the root account will be when someone plugs a usb dongle into the USB service port with the right files on it (such as an update file or something), at all other times the TV will just operate in a non-administrator setting which will prevent any malicious software from accessing parts that they shouldn't be able to access. This is why viruses are a lot more rarer and cause less damage on Unix based OS's than Windows OS, also other than through Java a virus would have to be wrote specifically for the internal OS in that TV.
3. Worst case scenario - if a virus was to get into a TV the OS in a TV is so small it can be re-installed in a matter of minutes. You can always do a factory reset which would take a few minutes to re-install the entire Smart TV and remove it all together. Most TV's will probably start from fresh every time you turn on anyway as there is very little a smart TV would need to store anyway, it'll work very similar to a Linux Live CD - this wipes the machine on every reboot and only stores documents and settings and browser history/cookies. Inside Smart TV's they probably have a Kickstart EPROM similar to the way the Amiga's used to boot, and the only thing that will be allowed to re-write that will be the official update files from a USB device (unless you find a hacked one - of course using a hacked firmware then you are opening yourself up to the dangers of malicious code)
Also the chances of you finding an anti-virus for your TV is slim to none as the manufacturer would have to write one specifically for their OS that is in the TV, or one would need to be compiled for that TV.
Not Now...But Never Say Never
First let me say that anything involving technology is possible. In today's world of ever changing and evolving high tech systems no one can say with complete certainty that the infection of a Smart TV is impossible. Back in the 1960's the idea of a hand-held two-way communication device that could fit in the palm of your hand (today called the cell phone) was pure science fiction. Anyone remember the original Star Trek series communication device ("two to beam up - Kirk out")?
As others have said a virus and/or malware are for the most part specific to a computer OS (i.e. Windows, Mac, Linux). Of late however, there are indications that iOS and the Android platforms are becoming targets of interest. Having acknowledged the threat to those platforms one must remember what a virus or malware is designed to do....and that is...to exploit known vulnerabilities and/or create new ones for the purpose of obtaining information and/or redirection or monitoring of a computing system via input commands.
So ask yourself...as Smart TV's exist today (or in the foreseeable future) how much information of worth is stored (or capable of being stored) on them? What profit would one gain from being able to control the commands input via a TV remote control (given...at present...there is no information of worth to exploit)? Granted there are a few Smart TV's with built-in webcams so there's the possibility that code could be written to turn it on remotely to monitor your movements (voyeurism) or inventory your home. Here again we're dealing with a high degree of speculation versus real world documented events. The algorithms to accomplish what I just mentioned would have to be very sophisticated and hardly worth the time as the ROI would be zero to none as things are today.
In practicality, writing code to exploit a Smart TV (today) has little to no value for a would-be assailant. Engineering code to infect your computer or network via your TV is counter productive versus writing code to infect the more readily available and desirable computer hard drive (a more direct approach). A DVR would qualify as a more desirable target than your Smart TV as most have a considerable amount of hard drive space capable of hosting a malicious threat.
Now...having said there's nothing to worry about...let's not dismiss the possibility as completely absurd. Ocean Blue Software in collaboration with Sophos has developed a cloud based anti-malware system called "Neptune" designed to protect digital content on connected TV's. The question is whether or not the content providers and/or the set manufacturers will buy into the concept as a needed form of protection against today...what is a relatively an unverified threat. You can read more about Neptune via the following link:
In closing do you need an anti-virus specific for your Smart TV the answer would have to be IMO "no" at this juncture. Besides...who makes one and how would it be deployed? Do you need an antivirus to protect your computer ...the answer is a definite "Yes"!
I hope this brief writing along with opinions provided by other members has answered your question. If you have additional information (verification or documented occurrences) regarding your topic please post it. I think this is a very interesting subject that could stir substantial debate in the not so distant future.
Together Everyone Achieves More
I remember when Dish TV tried to say they never got viruses - but I was seeing "direct" evidence that the were indeed under attack. Most sets were connected by dial up at the time. The thing is, that because one standard operating system is in use by millions of viewers world wide, and connected to the internet; you have to ask yourself why a criminal WOULDN'T take advantage of that opportunity. Information is worth money, and if they just knew what you liked to watch they could sell that to the highest bidder! However, I'd suspect most of them would simply use it as another source for bot net zombies. With the regular bot nets under attack by law enforcement authorities, they will be looking for other sources that are numerous enough to become a likely target.
I had many Dish TV and Direct TV clients that had desktop units that acted just like a zombie farm, and would access the internet constantly, outside the normal data gathering by the satellite company. Many of these units just had to be replaced, because the perplexed support personnel were just not equipped to handle even the remotest chance of an actual Linux virus!! Neither company would admit whether they ever even tried putting a firewall on the dial-up connection! Now that many of these units are designed to work on your local home LAN, I suspect the problem will get even worse!
The kind of target a criminal will look for:
1. Standardized hardware/software/firmware so they only have to write certain code to attack millions of machines - or even billions in today's world market!
2. Would have a method of writing to a hard drive to influence the host OS. No problem with DVR set tops.
3. Perhaps even a method of flashing the firmware that controls the CPU in such devices not unlike many mobile devices.
4. A vulnerable application like Netflix(silverlight) or especially Skype - since many smart TVs use Skype with an on board camera for video VOIP. Crooks are already taking advantage of this for various schemes of surreptitious data gathering of consumer habits to just plain old personal ID theft!
I don't have a doubt that the criminals are already assessing how they can monetize this market, or have plans to do so in the very near future( if they haven't already)
You are gonna use your Smart TV for basic browsing and social networking..so an anti-virus is not needed.. Plus, I feel its a redundant consideration for TV manufacturers as well.
Seems we do. In the news, Samsung.
"It turns out that some smart TVs are a little too smart for their own good--and the good of users. Some specific models of Samsung TVs that have Wi-Fi and other advanced capabilities have a flaw that enables an attacker to take a variety of actions on the TV, including accessing potentially sensitive data, remote files and information, the drive image and eventually gain root access to the device.
The issue affects many Samsung TVs, and the researcher who discovered the problem found that he could remotely access the remote control for the TV, retrieve files located on any USB drive attached to the TV and even install malicious software on the TV. Samsung produces a line TVs that have a variety of advanced capabilities, including the ability install apps such as Pandora, Skype and others. The TVs can be controlled by voice commands and by apps running on some Samsung phones and tablets.
And now, they also can be controlled by attackers."
Whoa There Partner...There's More to Consider
Thanks for posting. I read the article and it appears the hack occured by accessing the TV over WiFi....here's the excert:
"To exploit Auriemma's vulnerabilities requires only that the devices are connected to a wi-fi network. As background, Auriemma explains that when the device receives a controller packet it displays message informing users that a new 'remote' has been detected, and prompts the user to 'allow' or 'deny' access. Included with this remote packet is a string field used for the name of device. Auriemma found that if he altered the name string to contain line feed and other invalid characters, the device would enter an endless loop."
The above excert tells me that in order to access the TV via WiFi one of three (3) things must occur:
1. The WiFi network is unprotected (very bad and the end-user should know better)
2. The attacker knows the SSID password
3. The attacker is using specific scanning gear to detect the network and generate random passwords to enter
The key here is that attacker must get on the network and hope (or know) that a smart TV is on it! After that the end- user must accept the malious Packet String to allow the attacker to infect the set. The article continues with...
"...users can avoid the situation altogether by hitting 'exit' when prompted to 'allow' or 'deny' the new remote device."
My point here is that although this incident may have occured it's not as simple as jusy saying..."my Smart TV got infected". Specific actions had to be intiated by the attacker and the end-user had to comply with a specific request. The action by the end-user goes back to Computing 101...you don't open emails and/or their attachments that are from someone you don't know or click on mysterious links....and in this case...you don't allow access to your Smart TV by consenting to access by or installation of a remote that's not in your hand!
So, let's not push the panic button just yet. As most in the forum will probably agree that the incident described was a direct result of "code being sent" which had to be accepted by the end-user versus a virus that typically infects an OS as a result of a "passive" action by the end-user (i.e. clicking on a link or opening and infected document).
To be clear 99.9% of TV apps (which when opened could also be viewed as a passive action) are most likely clean as they come directly from a legitinate source and are installed via upgrades to the firmware via USB download or OTA install from the set manufacturers support website.
I read it too.
This exploit is in its early form. Stayed tuned.
I'm sure you've read the issue that started all this but that's off topic and I'll just give the link.
Let's hope this maker closes up the gaps before the full extent of the issue is exploited.
About your items 1,2 and 3. If you look into WiFi security it's quite sad as the router makers still offer WEP and less security which is as good as no security. WPA and WPA2 is mildly better as it takes a savvy person to collect information and use it. For WPA2 you'll use the cloud cracker or that GPU cracker.
I'm sure everyone will downplay the issue here.
I see your point. Samsung's mis-step with one of it's devices could potentially cross-propagate with other devices under its development even though at present phones and smart tv's are viewed as two distinct products. However, given your premise another manufacturer that revolutionized the phone industry with the "APP" concept and is now probably employing some of that same technology in the development of a Smart TV could very well hasten the use of such a device to play havoc with a computer network. It's ironic that "APP" happens to be the first three letters in "Apple" or is it? Maybe Apple's idea to closely monitor APP development and deployment with such intense scrutiny isn't such a bad idea after all. We may all be safer for it in the long term.
To address your list...
which is of course quite accurate. I would easily say most of my clients fall into the category of falling for all three of you preconditions. This happens to them all the time with regular wifi enabled LANs. In fact many folks who want the smart TV capability don't actually own or want a computer, and are using the TV out of convenience to its features. These category of consumer are even less IT security minded than the usual PC user. When ROKU boxes first came out, I always wondered what vulnerabilities may come to light in that device category, as even more of those consumers are not interested in owning computers at all.
That's some bad news for Smart TV owners. If Sammy sets are so glitched, I am worried what would it be for other manufacturer's ....
Remember "Security by obscurity"?
We are only now beginning to see the cracks in these new systems. We hope there is a way to turn off the smart parts and get a nice display.
The maker that is getting the heat also has some other issues that I'd like to discuss some day. The fact their servers must stay up for the smart part to work is disturbing. Can you imagine if your PC stopped booting because Microsoft decided to shut down their web site?
What about smart DVD players, are they subject to hacking?
We just bought a Sony BluRay DVD player that's on an ethernet connection. Is this at risk also?
Not To Worry
The BluRay/DVD player itself is not an interactive device. The communication with a website is a link that is established when you insert a specially designed interactive disc with embedded code. The communication or interaction is closed loop in that you are only communicating with a predetermined site encoded into the disc. In short you can't access Cnet.com unless the link is coded into the disc. Remove the disc and you have no random access to the Internet. The only other communication your player has with the Internet when there is no disc loaded is direct to a firmware upgrade host. To be clear my explanation does not refer to a device like a PlayStation which does offer random access to the Internet.
Am I missing something?
My biggest worry is key stroke loggers. With my Sony Internet TV, I can log into ANY Internet account. Yes, there is nothing of much valued stored in the TV memory but log-in passwords open a large area of risk. IMHO, all I need to do is log into an e-mail site, open the wrong e-mail and the cat could be out of the bag: user names and passwords could be trapped and sent out on the Internet.
I'd be more worring about what Sony is doing...
with your information. They have already got caught putting root kits in entertainment DVDs, and my sources tell me they are run by the mob in Japan. I suspect anything that may occur is already installed on your TV from the factory! It wouldn't be the first time I've seen doped chips, pre-loaded malware on driver CDs, pre-loaded malware on keyboards chips installed an Mac Air laptops!!!!
I'm afraid the whole Pacific Rim manufacturers are rife with both dishonest CEOs and even a few dirty criminals inside their manufacturing process, with their own agenda.
Buying a Smart TV, do I need an Anti-virus
Yes, you should have Anti-virus / Anti-malware on your Smart TV. It is a computer and it has storage capability, and with out fail you will store privacy information on it. I can remember and it was not that long ago, when people said that you would never need it for your phone or your tablet. I also remember the first virus that I got sent, from a smart phone. I also remember, and that was just last week, a malware attack through a streamed video on my PC. Look at how poorly secured they are now, how easily people's are hacked and information stolen from them. As an IT professional and one that has been at it a long time, and one that has had to deal with privacy information, I am always amazed that people say, you will never need it. I keep reading the horror stories about people's phones and tablets and how poorly secured they are. CNET's forums have dealt with this on a number of occasions. I still have some issues with Anti-virus / Anti-malware that is issued for PC's and how often people are still having them hacked, and one of the main reasons why I do not have a smart phone or a tablet because of their poor security. I even had one of the Cell Phone carriers comment on how poor the security is and the hope that it would be improved. I am going to para-phase something here. Yes Virgina, you need an Antivirus.
the only problem is how is he to do that? What operating system does it use? What method of installation would work, i.e, is it a firmware operating system(more than likely) which would have to be "flashed", if it has application capability, this may make this easier, but then the anti-malware would perhaps need to work on an ARM processor - for example.
There are so many variables here, that it is a daunting task. I'm not even going into the fact that a firewall is probably a good idea, although the malware may not need to communicate in a way that would give a firewall any kind of successful function. Malware is already able to function completely under the radar on regular PCs, as they don't need permissions that would signify any kind of behavior that would set off alarms, alerts, or heuristic intrusion detection systems. There are HIPS capable of blocking such behavior but they are only written for Windows operating systems.
Perhaps the best bet would be a mobile version of the AV/AM that are written for Linux distributions like Android or Apple's iOS for example. This is assuming the TV uses an ARM processor though, if not - you gotta lotta questions that have to be answered before learning if this is possible - short of writing the open source code yourself.
I was thinking this too
this was my thoughts back in the summer when I bought a Panasonic TV
Don't believe it's even an option
AV programs you put on your PC are based largely on exploits that are in the field. It wouldn't make much sense to write one for exploits that may conceivably be done, because if they were known the TV's software would be, or should be, written differently. Maybe when exploits become common you can get AV software for your TV.
There isn't that much user data stored on a TV. Your local channel's, favorite channels, maybe audio speaker setup, account authentication information for various services. If you had to go back to factory defaults and set everything up again it would be a PITA but not the end of the world. Worst thing I can think of is someone finds a way to steal your authentication information and charges pay-to-view services to you--but it isn't clear to me that's possible let alone that someone has worked out a way to do it. Again, it should be the worst thing that ever happens to you.
About USER DATA. Ever see folk buy stuff on Amazon.com?
On a smart TV that's possible. Since the makers are downplaying this and we know the TV maker is not authoring the apps (I have a picture for you if need be) then you can never be sure the app is clean or has not been hijacked.
The TV makers do not answer basic security questions such as "What IP ports do I need to allow?"
Then we have Sony.
I think it's a worthwhile concept
I don't have the technical saavy that many of our contributors have, but I don't think all hackers are necessarily rational. I don't think ROI is an absolute necessity, or even the amount of work that it would take to accomplish such a mission as being an absolute factor. Some people just like a sense of achievement due to a malicious nature. One motive could be creating a cottage industry providing an anti-virus product or warranty coverage should the nature of the attack be severe enough.
i have another questiosn
is it possible to instail another program in my smart tv?
example media player?
That generally takes a firmware flash...
so I'd imagine that is a rare capability - however, the manufacturers come up with new features on their update firmware all the time, so it is worth monitoring what they offer. Although I'm not too familiar with any smart tvs having this feature set, it would make sense - after all, even a smart phone with an ARM processor can be flashed to install applications: why not smart TVs?