A new report by Avast details how it hacked into a Vizio smart TV and gained access into a home network. For most consumers who use Vizio Smart TV at home daily, the idea that it could be targeted by hackers never crossed their mind. Craig Young, security researcher at Tripwire explains how serious this actually is and what companies and businesses can do to protect themselves.
[su_note note_color=”#ffffcc” text_color=”#00000″]Craig Young, Security Researcher at Tripwire :
“The risk of smart TVs cannot be understated. These are devices with access to the network and often times contain a variety of out of date software libraries with known vulnerabilities. This is compounded by the fact that television sets are designed to presume anyone on the local network has legitimate access for the sake of ease of use. This ease of use of course translates into an ease of exploitation from a relatively wide range of sources. These televisions are also finding their way into enterprise environments with greater frequency as businesses seek to upgrade their conference and board rooms.
Based on research I have conducted on smart TV technology and IoT in general, I would strongly advise that businesses using these sets keep them off the network and ensure that the USB ports are not exposed. As with a traditional computer, I have found that simple network requests or the insertion of a USB stick can sometimes be enough to give an attacker full control over the computing resources within a TV. If this TV is attached to a network with valuable data, it becomes a pivot point for the attacker. It is also worth noting that many of these TVs come equipped with remote controls for voice commands and cameras for video conferencing making them the perfect tool for corporate espionage. It is recommended that at this time enterprises do not make use of teleconference software bundled with consumer TVs but rather that they stick with more traditional teleconference solutions using the TV as a screen.
For consumers on the other hand, removing the TV from the network can greatly diminish its value but in many cases it is appropriate to put the TV on an isolated guest network to avoid the possibility of the TV becoming a pivot point to attack other systems on the network. Many consumers will also likely defer installing updates on the home TV but this is of course a mistake as these updates may contain critical security fixes. Smartphone applications, browser plugins, and even malicious web sites are all potential sources of threats for devices in a home network including the TV. By keeping the TV on an isolated network, these infection sources will not be able to locate an attack the set.”[/su_note][su_box title=”About Tripwire” style=”noise” box_color=”#336588″]
Tripwire is a leading provider of advanced threat, security and compliance solutions that enable enterprises, service providers and government agencies to confidently detect, prevent and respond to cybersecurity threats. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business-context and enable security automation through enterprise integration. Tripwire’s portfolio of enterprise-class security solutions includes configuration and policy management, file integrity monitoring, vulnerability management and log intelligence.[/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.