Samsung caused a stir this week, urging owners of its internet-connected smart televisions to perform virus scans every few weeks to stay safe.
The piece of advice came from the company's U.S. support Twitter account, which has more than 160,000 followers. The tweet was not in reply to anyone and was seemingly posted in a random bid to help customers protect themselves online.
- Data Breach Weekly Security Report
- 12 Internet of Things hacks, and why you need to lock down your smart home
- Midnight is when smart devices are mostly likely to be attacked
But the tweet, which contained a 19-second video showing how smart TV owners can run a virus scan, was quickly deleted.
Before it disappeared, the tweet said: "Scanning your computer for malware viruses is important to keep it running smoothly. This also is true for your QLED TV if it's connected to Wi-Fi! Prevent malicious software attacks on your TV by scanning for viruses on your TV every few weeks."
The tweet comes across as rather heavy-handed, given how rare smart TV-based malware is compared to viruses on computers. It seems likely that Samsung's marketing team decided a tweet urging users to check for viruses "every few weeks" was not the best way to sell smart televisions. Indeed, we wouldn't blame smart TV owners for assuming the devices performed automatic virus scans, or received software updated frequently enough to remove the problem.
Compounding the issue was the attached video. Viewed over 200,000 times before being deleted, it showed how more than a dozen presses of the remote control are needed to find the virus scanner, which is buried deeply in the TV's menu system. To access the scanner, owners of Samsung smart TVs are asked to go to settings -> general -> smart security -> scan.
When asked if the tweet was in response to a particular threat to smart televisions, Samsung replied: "The video was posted for customer's education and to have it as a troubleshooting step."
The tweet was deleted by Samsung without explanationScreenshot: Twitter
While we can likely put this tweet down to a lack of foresight from Samsung's social media team, there are broader problems here. As more and more devices are connected to the internet, our exposure to threats like viruses and malware increases, while our knowledge on how to protect ourselves does not.
It isn't right for Samsung to expect TV owners to go digging deep into the menu system in search of a virus scanner, then use it regularly. We wonder just how few consumers are even aware of smart TV malware, let alone how to scan for it.
It is also important for Samsung to offer clearer information on the threat of TV malware. A tweet containing an exclamation mark is not the way to do this, as it provokes fear without explaining what smart TV owners should worry about, or what the chances are of a TV being infected in the first place. Manufacturers of connected devices should take a responsible and informed stance, where they offer advice without spreading unnecessary fear among their customers.
Ken Munro, of security research company Pen Test Partners, told the BBC: "There is a tiny number of known malware that might attack a TV. I've seen one case of a ransomware infection but the prospect of it happening to most users is very small. A better solution would be for Samsung to automatically update its operating system for you."
The incident also prompted smart TV owners to suggest Samsung perform virus scans automatically, instead of asking users to dig into the menus themselves.
Rubbing further salt in the wound caused by the tweet is how the incident has reminded everyone that, in 2017, a security researcher in Israel discovered 40 zero-day vulnerabilities in Tizen, the proprietary operating system Samsung TVs run on today.
For those who don't trust Samsung — or any other smart TV maker — don't use a Wi-Fi password when connected, and instead use the screen purely as a display, which can still access services like Netflix via a device, like a Google Chromecast, Amazon Fire Stick or Apple TV.