On Monday, Samsung's Support account on Twitter sent out a message that made people do a double take. The company told users that they should be performing a virus scan on their Samsung smart TVs "every few weeks" in order to "prevent malicious software attacks." The tweet was accompanied by a short how-to video that pointed users to Samsung's smart TVs' built-in virus scan — a feature that is buried pretty deep in the menus for something that Samsung seems to think is so important.
The issue with Samsung's tweet, which has since been deleted, is twofold. First and foremost is the fact that the company raised the specter of viruses and malware plaguing televisions — something that many people probably hadn't considered and are now in a tizzy about. The second issue, which was raised repeatedly in the replies to Samsung's now-removed tweet, is the fact that Samsung is putting the onus on users to protect their devices when it could automate the process.
Samsung told the BBC that it removed its tweet because it "may have caused some confused" and the company wanted to clarify that the video "was simply a way to inform and educate consumers about one of the features included in our products." But now Samsung TV owners — and smart TV owners in general — are stuck with the thought that maybe they need anti-virus software for their TV the same way that they do for their computer.
Let's get some clarity on that topic.
Can a smart TV get a virus?
Like any internet-connected device, smart TVs are absolutely vulnerable to be infected with malware. "Smart TVs are in essence small computers, and hence also increasingly exposed to attacks from the Internet like any other connected device," Candid Wueest, Principal Threat Researcher at cybersecurity firm Symantec tells Mic.
Additionally, smart TVs run on operating systems the same way a computer or smartphone does. In most cases, that OS is WebOS or Android. They enable companies to develop apps and interfaces that allow you interact with on the TV, but they also have flaws and vulnerabilities.
Consumer Reports found last year that many smart TVs suffer from privacy shortcomings that leave user data up for grab to malicious actors. In a fitting bit of irony, Samsung's own operating system Tizen, which it developed for all of its internet-connected devices including its smart TVs, was discovered in 2017 to be particularly packed with security flaws that could be potentially exploited by an attacker.
Are there viruses for TV?
There is malware and other types of malicious software written and designed to attack flaws in smart TVs, but they aren't that common. Ken Munro, a security expert at Pen Test Partners, told the BBC that "there is a tiny number of known malware that might attack a TV" and said the possibility of an infection is pretty small for most users. Likewise, Wueest of Symantec says that "malware is still rare on smart TVs" Of course, a small chance isn't no chance, which means there is a potential threat out there, no matter how small. As Wueest warns, "Although the number of attacks targeting smart TVs is smaller compared to the number of traditional computer viruses, we see it’s growing with the number of devices being sold."
It's worth noting that there have been instances of TVs being compromised by attackers. For instance, earlier this year, thousands of vulnerable TVs were targeted by hackers and used to display messages promoting controversial YouTuber PewDiePie. While it might not compromise any vital files like a malware attack on your computer might, being forced to watch PewDiePie against your will is its own special kind of hell.
How bad could a TV virus be?
In the rare case that your smart TV is infected with a virus, the potential damage that could be done is different than what you'd expect from a virus on a computer or smartphone. It's unlikely that there is a ton of personally revealing information on your TV, but there is some information that you might be uncomfortable falling into the hands of an attacker. For instance, most smart TVs use a technology called automatic content recognition (ACR) that can identify every show that you watch. Additionally, smart TVs that are linked to other internet-connected devices could expose more data about you and your home as they trade data between one another. The more connected these devices become, the more necessary securing them is. While it's unlikely that an attacker would be able to access credit card information or passwords from your TV, it is possible that data shared with your TV by another connected device could be left vulnerable. Given the prevelance of smart speakers and assistants, which increasingly push things like shopping features that may have access to your financial information, it's possible that your data that isn't explicitly on your TV could be intercepted. Tom Van de Wiele, principal security consultant at F-Secure, warns that "one has to assume that all information entered and processed by the device is accessible to all applications."
A bigger potential for invasion of privacy exists if malicious software uses features of your smart TV against you. Van de Wiele says that "whatever functionality is available to a developer [of a smart TV] is also available to someone wanting to perform something malicious with the device." That means built-in features like a TV's microphone could be compromised and used to eavesdrop on your conversations.
Do TVs need anti-virus software or other security tools?
Smart TVs do need to be secured. The issue is that security software is not widely available for most devices. Samsung's latest models of TV come with McAfee Security for TV built in, and while it's buried in the device's menu it is available. Third-party software that can add a security scan isn't typically available the way that it is for computers or smartphones. It's also not clear that customers want to do that. "For most smart TVs or IoT devices there isn’t an additional security package available that can be installed, and we believe that most users do not want to install a separate security solution onto every IoT device in their home, such as a smart fridge," Wueest says.
This is where Samsung's recommendation of performing a scan every few weeks got the company in trouble. The suggestion is that users take more accountability for protecting their devices attempts to remove the burden from the manufacturer. "A manufacturer asking its end-users to take care of security for them is problematic," Van de Wiele explains, because most companies don't give users the tools need to "verify the integrity of their devices." In other words, people assume that their devices will work as promised and aren't quietly exposing their information to attackers and presenting the possibility of massive invasions of privacy.
Instead of asking users to monitor their own devices without having easy access to the necessary tools to do so, manufacturers like Samsung need to regularly provide security updates to their devices automatically to address any potential security flaws.
How can I keep my smart TV secure?
The best option is to simply not have a smart TV, or not connect it to the internet. Get a set-top box that you can trust will receive regular software updates to keep you secure rather than TVs that will quickly be forgotten by manufacturers and left vulnerable. Apple regularly updates the operating system for its Apple TV platform, and companies like Google, Amazon and Roku typically offer similar updates for users of their streaming products as well. Because they typically have a wider and more consistent installation base than TVs do, there is more motivation to provide regular security updates. These updates can and should be enabled to be performed automatically.
If you don't want to lose the functionality of your smart TV, look up the guide from the manufacturer and find how to make sure the firmware is up to date. If there is the ability to turn on automatic updates, do it. "The most important thing is that users configure their devices in a secure way, and that manufacturers provide an automated process to update the systems," Wueest says.
If you have multiple internet-connected devices including a smart TV operating within your home, you may want to look into smart home firewall devices. These products essentially sit between your home internet network and your connected devices to prevent attacks. They can be pricy and sometimes carry a monthly fee, so they may not be the best option for those on a budget but can provide an additional layer of security for those who need it.
All of these options are essentially patchwork for what we truly need, which is companies that care about consumer security and go to the necessary efforts to keep their devices secure. Van de Wiele says that in an ideal world, users wouldn't have to rely on slow-to-release and potentially flawed software fixes to protect them. Instead, consumers should have access to a "physical switch or button" that can shut off certain functions when they are not in use. Regardless if such features come to pass, Van de Wiele notes that companies need to provide more transparency regarding the risks a device presents and "what can be done to lower those risks." Unfortunately it looks like that may be wishful thinking for now.