Security demonstrations at Black Hat 2013 illustrate the danger of so-called Smart TVs. Infosecurity writes researchers discovered a lot of common web vulnerabilities in the apps from Samsung's smart TVs. Some of these flaws can be used to execute arbitrary code on the TV, as well as to steal data from the TV itself or attached network storage.
Other than that, attackers can also turn on the TV's camera and record the video stream. Consumers with camera-equipped TVs are advised to cover the camera lens with a piece of tape or a sticky note to prevent spying.
According to the duo, many of the Samsung apps that they examined during their research were rife with common web vulnerabilities like cross-site scripting flaws that allowed for remote and arbitrary execution of code on the television. Many of the existing apps could also be manipulated for the force of evil. For example, a download API could be made to also upload content, giving an attacker the opportunity to upload any document on the TV, from online credentials to stored content like photos or other sensitive material.
Grattafiori believes that TV manufacturers have got to up their game with some kind of cross-platform security and to train their developers to securely code. In the meantime, consumers should be wary.
"Consider where you have the TV aimed - maybe your bed is not the best option”, he says. "Browse carefully and think about investing in sticky notes to stick over the camera."