Smart televisions are among the most popular products sold over the Black Friday and Cyber Monday weekend, thanks to heavy discounts by manufacturers and retailers alike.
But these televisions get their smartness by being connected to the internet, and this connection can be a cause for concern — especially if a TV includes a microphone and camera.
- Hackers take over thousands of Google Chromecast and Home devices
- Three quarters of consumers worry about internet hacking
- Now even your robot vacuum cleaner can have its camera hacked
Although cyber security issues with smart televisions aren't new, the FBI has published a fresh warning, and offers advice for buyers who just picked up a new TV in the holiday sales.
The FBI's Portland, Oregon website wrote about smart TV concerns at the end of November, just ahead of the Black Friday sales. Beth Anne Steele from FBI Portland said: "Beyond the risk that your TV manufacture and app developers may be listening and watching you, that television can also be a gateway for hackers to come into your home."
This is a key concern when it comes to the Internet of Things and smart home devices. While your computer might be locked down with the latest security and antivirus software, hackers could still break into your network and access devices via other poorly-secured products.
This was demonstrated last year, when hackers were able to access a casino's high roller database after gaining access to the computer network via an insecure fish tank thermostat. Similarly, hackers can gain access to your devices via whichever is least secure, and that could include smart TVs.
In some cases it's best not to use the TV's own internet connection iStock
Steele continues: "A bad cyber actor may not be able to access your locked-down computer directly, but it is possible that your unsecured TV can give him or her an easy way in the backdoor through your router."
As for hacking the TV directly, the FBI's message says: "Hackers can also take control of your unsecured TV. At the low end of the risk spectrum, they can change channels, play with the volume, and show your kids inappropriate videos. In a worst-case scenario, they can turn on your bedroom TV's camera and microphone and silently cyber stalk you."
The former was demonstrated earlier this year, when hackers took control of thousands of Google Chromecast and Home devices. Over 72,000 devices were hijacked to display a message telling people to subscribe to the YouTube channel of Felix Kjekkberg, also known as Pewdiepie.
The FBI notice is urging smart TV owners to take security concerns seriously, and be familiar with what features the TV has, such as a microphone and camera, and how to switch these off if they want. The organization even recommends covering the camera lens with black tape as a simple solution to prevent spying.
As with all other smart home devices, a TV's default security settings should not be trusted, the FBI says, and owners should change the often simple-to-guess default passwords to something more complex.
Buyers are also urged to check if the device can receive software updates designed to fix future security flaws, and if the manufacturer has a good track record for doing so.
Ultimately, and especially with cheaper smart TVs from lesser-known brands, it might be worth never connecting to the internet in the first place. Instead, you could attach a streaming device from a most trusted company, like Apple, Google or Roku, and use that instead of the TV's own apps for Netflix, YouTube etc.