Many businesses embrace internet-connected televisions. With a Smart TV, an organization can install a media player or digital signage application, giving workforce members and visitors updates about news, weather, traffic, and meetings. From conference rooms to break rooms, Smart TVs are now a regular component of the company’s larger device ecosystem. 

Simultaneously, these devices introduce new cybersecurity risks. According to Bleeping Computer, 90% of Smart TVs incorporated vulnerabilities that attackers could exploit. These remote attacks leverage vulnerabilities associated with the browsers that the TVs use, enabling nearly untraceable attacks using Hybrid Broadcast Broadband TV (HbbTV) transmission signals. Once threat actors gain control of an Internet of Things (IoT) device, they can use it as part of a larger attack. For example, malicious actors targeted a group of 13 IoT remote code execution (RCE) vulnerabilities to install a Mirai malware variant on the devices so they could control them as part of a bot attack.

Mitigating risks arising from Smart TV vulnerabilities is a critical but often overlooked part of corporate cybersecurity programs. 

Ways Attackers Can Target Smart TVs

While Smart TVs offer businesses an easy way to communicate with workforce members or customers, the internet connectivity gives malicious actors ways to compromise the devices, including their built-in cameras or microphones. 

Exploiting Software Vulnerabilities

The most common way for attackers to infiltrate an organization’s systems is by using a known software or firmware vulnerability. While manufacturers of traditional devices, like laptops, often provide regular security updates, Smart TV and IoT device manufacturers can leave security flaws unfixed for months or years. The longer the vulnerability exists and remains unmanaged, the easier it is for threat actors to find a way to exploit it. 

Infected USB Drive

Many businesses connect USB drives to their Smart TVs so that they can display specific media files related to their use cases. However, organizations should recognize that just as infected USB drives create a security risk on laptops, they pose a similar risk to these IoT devices. If a USB drive has a virus or worm, the Smart TV can be a point of origin for spreading the virus across networks. 

Malware and Spyware Attacks

Since IoT devices connect to networks, they can become infected without a USB drive. Smart TVs can be infected with malware or spyware, but typically these devices have no antivirus capabilities. Unlike traditional devices that can have antivirus software installed on them, IoT devices typically have no way to install programs like these, let alone keep them updated for new attacks.

Man-in-the-Middle (MitM) Attacks

In a Man-in-the-Middle attack, malicious actors eavesdrop on the network connection to intercept data being transmitted from one device to another. For attackers, the Smart TV may share sensitive information, like a network password, that they can use to further their interests. 

Wi-Fi Network Hijacking

Since the Smart TV uses the organization’s wireless network to stream data, attackers can use traditional tools to hijack the network as a way to manipulate the device remotely. For example, by using a packet sniffer or keylogger to capture the network password, the attackers can connect to the Smart TV and take it over. 

Bluetooth Hijacking

Similarly, attackers can use Bluetooth vulnerabilities to gain control of the Smart TV. Bluetooth technologies enable the TV to connect with speakers, but the technology lacks robust security settings. 

Signs your Smart TV has been hacked

Determining whether attackers have compromised a Smart TV is challenging. Traditional security monitoring tools often fail to provide visibility into the IoT device security since many require an agent, a downloaded software that provides a user interface. IoT devices often lack the ability to install these security monitoring tools, meaning that organizations have a blind spot in their security and network monitoring capabilities. 

Some signs that a Smart TV has been compromised include:

• Unusual activity: Any activity that occurs without human interaction, like changing settings or turning on/off
• Strange pop-ups, messages, or ads: unexpected screen activity similar to a malware infection on a browser
• Reduced performance: running slower than normal indicating potential malicious processes running in the background
• Changed privacy settings: unauthorized modification to camera or microphone permissions indicating potential malicious access to the device
• Unauthorized access: unrequested or unexpected content showing on the device
• Forced redirects: device browser forwarding the user to unknown and possibly malicious websites 

Incorporating Smart TV and IoT Security into Monitoring and Incident Response

The question that many companies face when trying to determine the risks posed by Smart TVs is whether they should remediate security issues or purchase new, possibly more secure devices. To do this, organizations need a platform that provides comprehensive visibility into their IoT devices, and the risks they pose to corporate networks and systems, and can increase security for IoT devices.

Inventory Devices

Smart TVs are only one example of IoT device risk. Many organizations have little insight into all connected devices, meaning that creating an inventory is the critical first step to implementing robust security across all deployed devices. To identify and inventory all IoT devices, organizations should consider a passive scanning solution that can detect and fingerprint these technologies with information like:

• Hardware: manufacturer, model, serial number
• Software: operating system, version, firmware revisions
• Device type and function
• Security assessment: vulnerabilities and risks

Identify Vulnerabilities and Prioritize Remediation

Identifying IoT vulnerabilities creates a unique challenge since traditional vulnerability scanning tools can take the devices offline. To identify the vulnerabilities that attackers try to exploit, companies need a passive scanning solution to assess device risk by providing insights like:

• Exploitable vulnerabilities within the environment 
• Exploitable vulnerabilities for each specific device
• Threat intelligence with insights about real-time exploitability
• Mitigation recommendations that include applying security updates or implementing appropriate compensating controls, like deactivating unnecessary services or implementing microsegmentation
• Ability to extend the secure life of devices through recommended security measures that compensate for a lack of security controls on an IoT device

Incorporate into Security Monitoring

A dedicated IoT security solution enables holistic monitoring by integrating with the company’s cybersecurity monitoring tools, like its security information and event management (SIEM) tool. Using a solution that understands normal IoT device activity can provide insights into potential anomalous activity that might indicate a security incident. For example, a Smart TV that connects to a server outside the organization’s geographic region could be receiving firmware updates or connecting to an attacker’s command and control (C2) server. 

Additionally, a solution focused on IoT devices can improve the organization’s incident detection and response capabilities with high-fidelity alerts that enable the security team to identify a threat faster. Since IoT monitoring solutions can capture network packet data, security analysts can use them to investigate root causes faster while collecting important forensic data like:

• RAM from servers (important for fileless malware, which doesn’t touch magnetic media)
• Traffic information from network devices
• Data transferred to an FTP server

Asimily: Smart TV and IoT Security Monitoring

Asimily provides holistic context into an organization’s environment when calculating Likelihood-based risk scoring for devices. Our vulnerability scoring considers the compensating controls so you can more appropriately prioritize remediation activities.

Organizations efficiently identify high-risk vulnerabilities with our proprietary, patented algorithm that cross-references vast amounts of data from resources like EPSS (Exploit Prediction Scoring System), Software Bills of Material (SBOMs), Common Vulnerability and Exposure (CVE) lists, the MITRE ATT&CK Framework, and NIST Guidelines. It understands your unique environment, so our deep contextual recommendation engine can provide real-time, actionable remediation steps to reduce risk and save time.

Asimily customers are 10x more efficient because the engine can pinpoint and prioritize the top 2% of problem devices that are High Risk (High Likelihood of exploitation and High Impact if compromised). Asimily’s recommendations can easily be applied in several ways, including through seamless integration with NACs, firewalls, or other network enforcement solutions.

To learn more about Asimily, download our IoT Device Security in 2024: The High Cost of Doing Nothing whitepaper or contact us today.