Symantec finds Smart TVs may not outsmart security exploits

The idea of a “Smart TV” is one that can go online, but when is a so-called Smart TV not quite smart? When it can get hacked.

According to Symantec, the makers of Norton 360 and Norton Internet Security, that is a possibility that might just happen.

Tested by Candid Wueest, one of Symantec’s Threat Researchers, the team member was able to simulate an installation of a hijacked app and get an Android-based TV to run ransomware, forcing a ransom note to appear on screen every few seconds until a ransom was paid.

This style of malware is becoming increasingly popular on computers, with this type of security exploit able to lock down commonly used and accessed files, in theory forcing you to pay a ransom in order to gain access again, but on a TV, it would likely interfere with TV functionality, in essence holding your television viewing experience for ransom.

Symantec's Wueest was able to get malware working on an Android TV. Credit: Symantec
Symantec’s Wueest was able to get malware working on an Android TV. Credit: Symantec

Despite being able to run this style of malware, Wueest did point out that the malware could be likely be uninstalled, possibly because the exploit wasn’t made for the television it was being installed on in the first place, focused more on phones and tablets.

That said, it is a beginning, and with enough time, malware developers could easily latch on to devices like TVs and break through.

“Many Smart TVs use Android and we’ve already seen the crypto-ransomware attack Android phones, so TVs are a natural extension,” said Symantec’s Nick Savvides.

“We predict this will be very small for the near future though, but as Smart TV adoption grows and TVs become connected to media storage devices or other home automation systems, we expect criminals to look to expand their attacks to them.”

As for what you can do, we checked with Symantec to find out if it will be working with TV manufacturers to stop or halt malware infiltration, and were told that right now, it couldn’t comment on specific makers Symantec will be working with, but that “in the TV industry many set-top box makers already use Symantec technologies to lock down and authenticate their systems.”

One fix, however, might just come from adjusting DNS settings in the home, which is basically a listing for your modem or router to send its communications to in order to check if the sites you’re visiting are safe. Generally, the DNS is defined by your internet service provider (ISP), and so isn’t checked, but you can amend this with Norton’s free DNS service “ConnectSafe” if need be.

That said, while we don’t anticipate TVs to become a main vector for malware attacks, it is a possibility, and we suspect it will come down to TV manufacturers taking action and keeping their hardware and software secure, lest they expect consumers to grab security protection for their tellies, too.