We're Apparently Scanning Our TVs For Viruses Now
from the internet-of-broken-things dept
We’ve noted for many years that (like so many “internet of things” devices) modern smart televisions have the security protection equivalent of damp cardboard. Not only are they often easily hacked (something intelligence agencies are super excited about since it gives them audio access to targets), but the companies that make them have been busted repeatedly for hoovering up user usage data (and even audio from your living room), and then failing to adequately secure it.
This week, Samsung took a bit of heat for urging the company’s TV customers to, for the first time, occasionally run an antivirus scan on their television sets. The Tweet was online online briefly before Samsung deleted it, apparently realizing it only advertised the fact that you shouldn’t be getting viruses on your TV set in the first place:
That’s amusing for several reasons. One, because customers wouldn’t be getting viruses on their television sets if these products had even the most basic security protections, something TV vendors have failed at for years. Two, because it highlights how many modern televisions have become insanely complicated. Not because consumers necessarily want them to be insanely complicated, but because most TV vendors want you using their embedded streaming platforms and as opposed to a third-party streaming device (like Roku, Chromecast, or a game console).
And of course they want you using their streaming platforms because they want to monetize your viewing and other profitable data. As a Vizio executive recently acknowledged, this can help subsidize the cost of cheaper TV sets. That creates a dilemma whereby the consumer is forced to pay a premium if they want a TV set that simply displays a god-damned image and doesn’t hoover up their personal data:
This is a real "privacy as a luxury product" dilemma: you can get a great 55-inch inch TV for $500, but it's full of ads that subsidize the price over time and create stable revenue for the manufacturers. Would you buy a dumb TV with the same specs for $1500?
— nilay patel (@reckless) June 17, 2019
The problem is if you’ve shopped for a TV lately, it’s effectively impossible to find a “dumb” television that simply passes on signal from other devices. As in: they’re simply not available at any meaningful scale, even if you were willing to pay a significant premium for them. Many people certainly are; most embedded TV OS platforms are kind of terrible, and users would rather buy a new streaming box (Roku, Chromecast, Apple TV) every few years than be forced to buy an entirely new TV set because the embedded streaming hardware becomes outdated (something TV vendors clearly would benefit from).
While some set vendors might argue that dumb televisions don’t exist because there’s no market demand for them, the fact is they haven’t even bothered to try. And they haven’t bothered to try because they’re fixated on accelerating the TV upgrade cycle and collecting and selling your personal usage data to a universe of partners. Which again, might not be quite as bad if these companies had done a good job actually securing and encrypting this data, or designing television OS’ that didn’t feel like they were barfed up from the bowels of 1992 GUI design hell.
It’s all kind of a silly circle dysfunction but pretty standard operating procedure in the internet of broken things era, where an endless list of companies now sell over-hyped internet-connected appliances, gleefully collect and monetize your data, but can’t be bothered to adequately secure that data or provide consumers with clear options to avoid data collection entirely.
Filed Under: computer security, iot, security, smart tvs, viruses
Companies: samsung
Comments on “We're Apparently Scanning Our TVs For Viruses Now”
Dumb
I gave my "Smart" TV a lobotomy and never hooked it to my internet. That way I can get the subsidized price but just use it as a giant dumb monitor. (Hooked up to my self-build media machine.)
Also, it turns out that Support alert just a scam, McAfee’s paid Samsung to pitch their krappy software.
Re: Dumb -- OH, so you're CHEATING on agreed deal, "Gary".
What a free-loader. I bet you CHEAT at games, too.
Re: Re: Dumb -- OH, so you're a coward on agreed deal, "balls".
Missed you in the Prenda thread bro.
Re: Re:
Paul Hansmeier is still going to jail, you know.
Re: Re: Dumb -- OH, so you're CHEATING on agreed deal, "Gary".
Said the guy who never went to the bathroom during a commercial break on TV. Convincing.
Re: Dumb
beware: apparently some TV’s will automatically scan for any open wifi and attempt to connect if they are not configured.
Re: Dumb
I did exactly the same thing. Bought a tv that has never seen the internet; it’s never going to either. I’d rather have had a dumb tv but since you can’t buy them anymore, that’s the next best thing I can do.
Re: Re: Dumb
How do you stop your TV from connecting to your neighbor’s WIFI or to G3?
Re: Re: Re: Dumb
let it connect to your wifi, but put it on its own subnet/vlan and don’t route it to the internet. Unless it really aggressively tries to get a a working internet connection by disconnecting and connecting to an open network.
Where have I heard that before...
While some set vendors might argue that dumb televisions don’t exist because there’s no market demand for them, the fact is they haven’t even bothered to try.
Reminds me of the video game market, where you’ve got companies trying to argue that there’s no market for single player, ‘pay once and you’re done paying’ games, because they want to push games that can be continuously monetized.
To the extent that there’s ‘no market demand’ for single-purchase products(tv or video games) it’s because the sellers are trying to either eliminate it or convince people that there isn’t so that they shift to ongoing purchase models.
You "Luddites". You cannot have both security and your toys!
Nor can you have privacy / security and:
1) Social media.
2) Google.
3) Facebook.
4) A cell phone.
5) Javascript.
Too many more to list. If you want the toys, you pay with your privacy / security.
Here’s YOU and what you’re in for rest of your life:
https://www.zdnet.com/article/sim-swap-horror-story-ive-lost-decades-of-data-and-google-wont-lift-a-finger/
It’s depressing to read what an abject idiot this guy is, but still a hoot. Doubt you kids will heed the warning to STOP the insanity of doing everything on net / phone / Google, which is another hoot. And if you had any brains, you would look at this and see how easily you can become an "unperson" in the modern world.
At least stop whining when you’re not even advising a course of action to stop / fix the problems of modern society!
And there is only ONE fix, which is
[I get the "screen name" text a lot.]
Re:
Can we have a Techdirt comments section and not you?
Re: Re: Re:
I think thats as likely as turning all humans into civilized creatures :/
Re: Re: Smokey Says: 'Only you can prevent troll feeding'.
Yes in fact, start flagging everything they post and not responding and even if they stick around their incoherent babble will at least take up minimal space.
Re: You "Luddites". You cannot have both security and your toys!
Interesting that you’ve decided technology is bad and users of technology are the luddites. Project much, bro?
Re: You "Luddites". You cannot have both security and your toys!
Funny you haven’t listed TVs in your rant. Obviously because you realized we CAN have security and our toy by NOT hooking up that darn TV to the Internet. Tough shit.
Turn off WiFi
With Internet connectivity off the worst thing I notice is the clock doesn’t get set automatically. No big deal to me.
J
Re: Turn off WiFi
Somehow I’ve succeeded to go through life without ever buying a TV. Computer monitors at closer range have always worked just fine for me and my family. Back in the 90s and early 2000s I had a VCR hooked up to my computer system, and it contained a tuner and coaxial plug, but I’ve never desired a TV.
As long as the TV has HDMI or other inputs, it’s a dumb monitor as long as you never enable wifi. Who uses their TV remote for anything other than power on/off and maybe input selection, anyway?
Soon, they will have come up with some silly assed excuse for the new and wonderful TVs that require an internet connection in order to function even if not using the internet.
Re: Re:
Don’t give Denuvo any ideas.
Just buy a computer monitor, or a projector
Admittedly even some projectors are shipping with ‘smart’ OSes these days, but you can still buy just-a-display, you just can’t buy a "TV" that is one.
Re: Just buy a computer monitor, or a projector
Useful advice depending on what size and aspect ratio you want. 50" computer monitors only seem to exist in ultrawide format, which has limited utility for TV.
Re: Just buy a computer monitor, or a projector
Displays don’t have remotes or speakers.
Re: Re: Just buy a computer monitor, or a projector
Headphones or home theater systems(HTS) are used much more than speakers
Surely one of the other seven remotes can learn how to turn display on/off. Try the HTS system* remote( it won’t ask for a PIN number)
Conference Room Monitor
Like one of these, Karl?
https://www.amazon.com/Dell-C5517H-Conference-1920X1080-Resolution/dp/B01LXN1NBI/
Re: Conference Room Monitor
Like one of these, Karl?
Is it ironic that you can’t actually use that link to buy the monitors?
Re: Re: Conference Room Monitor
Like one of these, Karl?
Is it ironic that you can’t actually use that link to buy the monitors?
The ones for sale – from outside of Amazon – are also 2-4 times the price of a Smart TV of the same size, which I think is the point Karl was making?
Re: Re: Re: Conference Room Monitor
Depends how much you like shopping for new TVs’.
Is it something you want to do every few years…
500X3 or 1500X1
Re: Conference Room Monitor
No, not one like these, genius. It’s FullHD only instead of 4K and does not come with a satellite/cable tuner.
Re: Re: Conference Room Monitor
I do not think I need 4k.
I did not need quadrophonic, I did not need a curved tv and I do not need an internet connected tv.
Re: Re: Conference Room Monitor
Are those still useful? I thought CableCARD was dead, unencrypted cable signals were mostly dead, and satellite tuning was never standardized. Is there a realistic way to watch satellite/cable without a separate box?
I never understand the argument that securing the data would somehow make data collection and promiscuous sharing okay. In either case, parties whom I don’t know nor have any reason to trust will have access to my personal data.
Re: Re:
sssh don’t think about it too much. if you actually did something (like if you failed to buy a malicous POS, I mean <insert-major-tv-vendor>’s latest * greates, on time…) that’d be terrible
This is required
https://www.xkcd.com/463/
I don’t see why this is a ‘put it on the manufacturer’ situation when its a ‘its the user’s responsibility’ when it comes to personal computing devices.
Why would it be Samsung’s responsibility to protect your tv from malware but not their responsibility to protect your phone or computer – both made by them?
No PC I’ve ever had – OEM or built by me – has ever come with more than a trial version of McAfee or Norton AV. Other than that its all my responsibility to secure things.
And it can’t be a ‘well, IoT things are different because the average use doesn’t have the knowledge’ – the average user either doesn’t have the knowledge or is not willing to make the effort to secure their other personal computing devices but we still aren’t saying manufacturers must do it for them.
Re: Re:
Windows 10 has it’s own AV (Defender) and firewall. So without a third party AV software, at least it has some level of reasonable protection.
And again, even with no knowledge, there is still some protections provided by MS. And it is auto updated with their update scheme they have implemented.
Re: Re:
How often do you update the antivirus on your car?
Re: Re:
You’re really comparing apples and oranges here (massively multipurpose computer vs extremely limited purpose IoT device), but even in the areas where the two are similar the situation isn’t actually different.
The major manufacturers of all 3 major OSes have all made huge efforts to secure their software. They are also facing a much larger problem than simpler IoT OSes do.
In neither case is it only the manufacturer or only your responsibility. No one has argued that. The issue here is that these manufacturers have made no effort whatsoever to secure these devices. You certainly should make your own efforts to secure anything that can talk to the internet as well, but the manufacturer should do what it can to reasonably secure their software.
Re: Re: Re:
Smart TV’s are not ‘limited purpose’ devices. Most of them come with a web browser – that’s in addition to the built-in apps.
That’s pretty multipurpose right there.
Re: Re:
the reason why we keep point out manufacturer failing is because of their underlying business philosophy towards software development
Re: Re: Re:
Not in this instance. Samsung TVs run Tizen, an OS developed internally by Samsung.
It’s Linux-based, so there’s perhaps some overlap with "just buying software off-the-shelf", but there are quite a lot of pieces that Samsung built itself.
Re: Re:
When a manufacturer does not produce a product customers want, the customers look elsewhere.
Why would I purchase an inferior product?
Not everyone is a computer genius and the latest trend is to dumb down the populace. Not looking good for your logical and efficient dreamland.
Re: Re: Re:
Except, if you want a TV, you can get a smart TV, or you can get a smart TV…
Re: Re:
If the TV allowed or encouraged a "install this random trash from the internet" model then I would agree that the user should be responsible for maintaining the security. However as far as I can tell my Samsung TV only lets me install crap from their curated app market. Therefore I think it should be their responsibility to maintain the security on the TV, both by examining the apps that they allow to be made available and by automatically scanning for malicious activity when the TV screen is off. They have the control, they should have the responsibility. A best practice should be to follow the android model where you can install things from outside the curated market only after acknowledging that it opens you up to additional risks.
Re: Re:
Because they don’t make the operating system on your phone or computer.
Unless you’ve got a phone that runs Tizen. If so, then yes, you have every right to be unhappy with Samsung.
Re: Re: Re:
Neither Android, Linux, nor Apple provide malware security for their OS’ either.
And Samsung – to keep using this example, does provide the OS for Samsung phones. Its a fork of Android. And they don’t provide malware security there either.
Re: Re:
Why are TVs now "personal computing devices"? What’s next, your TV will come with an optional keyboard and built in copy of Word Perfect and Excel? Will you be using your TV to do your taxes? Do your banking? Will you have to upgrade the hard drive in your TV? Add a new video card?
The manufacturer probably can’t figure out why my new TV appears to have fallen off the face of the earth (ready, set, go flat earthers!) because I never connected it to the Internet. lol
Re: Re:
I have to figure they’re aware that some customers won’t connect their TVs to the Internet.
TV and 5G
This is one of my big concerns every time I hear 5g hyped. Will we wind up with TV sets that we *can’t* isolate from the internet because always-on 5G is baked in?
The problem is if you’ve shopped for a TV lately, it’s effectively impossible to find a "dumb" television that simply passes on signal from other devices.
I should have known this is another Karl Bode article, written with clear ignorance behind every word.
Damn, I really wish you’d stop writing. You give me a headache with the limitless ignorance you write with.
I own a Samsung Q7 television. During setup, there was a request to connect to the internet, which I declined and selected "Skip this step" instead. A pop-up came up indicating I can connect through the settings at a later time.
Under no circumstance did the television force me to connect to the internet, nor did it "hide" options to prevent it. It was clear. It was consumer friendly. It worked as intended.
Since your ignorance is unyielding, what this means is every television which does not force an internet connections setup is actually a dumb television.
Please stop writing tech articles. If you can’t do this, then I beg you to at least do more research before making ignorant statements like the sentence above.
Re: Re:
If you don’t like the content, I beg you to……. just fucking leave!
Re: Re:
Gotta love those who are so trusting. And these people are why the government feels the need to protect them from themselves.
Re: Re:
I should have know that someone commenting on a Karl Bode article would run off at the mouth with the insults and pull on a super-weak string that does nothing to unravel the argument.
That the TV allows you to easily pass the wifi setup phase does nothing to invalidate the statement that it is nearly impossible to find a dumb TV these days.
At no point during the article does it matter that you can skip wifi setup. The point of the article is that security on these things is trash, and that the lack of dumb devices is because smart devices allow for abuse of the consumer:
While some set vendors might argue that dumb televisions don’t exist because there’s no market demand for them, the fact is they haven’t even bothered to try. And they haven’t bothered to try because they’re fixated on accelerating the TV upgrade cycle and collecting and selling your personal usage data to a universe of partners. Which again, might not be quite as bad if these companies had done a good job actually securing and encrypting this data, or designing television OS’ that didn’t feel like they were barfed up from the bowels of 1992 GUI design hell.
And, sure, your (singular) experience with a (singular) smart TV may have been (singularly) pleasant, but as it does nothing to address the actual point of the article, it isn’t even a relevant anecdote, beyond being a singular example of a good experience in the midst of sea of problematic experiences.
tl;dr Your comment is irrelevant and so are you.
Once upon a time it would have been easy to force actual security & limits on these spy boxes…
Imagine if you will a virus that tuned every smart box to Goatsee, pretty sure the backlash would make ‘smart tvs’ the very model of how to secure iot tech.
Re: Re:
<LarryTheCableGuyVoice>Now that’s funny raht thar – I don’t cahr who ya are.</LarryTheCableGuyVoice>
Also note the people who watch the most TV tend to be children, the elderly, and the poor; not exactly your top purchasing groups. So for a thousand dollars per TV, with maybe a quarter of TVs in view of anyone who might be a customer, that’s about a thousand dollars’ worth of marketing information per viewer per year.
I think that "thousand dollars per TV" is between two and three orders of magnitude larger than the actual marketing value of the information they might collect. It’s a scare number to try to browbeat people into buying 1984-style TVs that watch them back, to make them stop complaining about it.
I’ll buy the "smart" TV at Costco ’cause I can get it cheaper there than, say, Best Buy (except during one of their better sales/promos), but it’ll never touch my network.
Sceptre actually makes 4K TV’s that truly are dumb – no internet, nothing – and are affordable. I have a 50" Sceptre dumb TV (not 4K, but still HD), and it’s worked very well in the year I’ve had it. It was only a few hundred bucks, too. And this 4K dumb TV here is a 65" for only $460. You typically won’t find them in stores, though, you’ll have to order them online from places like Amazon or Walmart, but they’re worth it. Anyway, here’s the link, and there are more on there too:
https://www.amazon.com/Sceptre-65-inches-LED-U658CV-UMC/dp/B0198XNF6U/ref=sr_1_7?keywords=sceptre+tv&qid=1560876868&s=gateway&sr=8-7
Re: Re:
Does it have a proper anti-glare coating? Everything in stores has been glossy for some years and I’m not buying it to watch the reflection of myself…
The Warm Comforting Glow of the Idiot Box
We’re Apparently Scanning Our TVs For Viruses Now
Read a book instead.
The amazing transformation from boob-tube to smart-TV – Edward Bernays would be proud.
Italicized/bold text was excerpted from the website http://www.historyisaweapon.org found in chapter one Organizing Chaos of a book titled Propaganda authored by Edward Bernays the father of modern public relations in 1928 before televisions were mass produced/owned:
THE conscious and intelligent manipulation of the organized habits and opinions of the masses is an important element in democratic society. Those who manipulate this unseen mechanism of society constitute an invisible government which is the true ruling power of our country.
We are governed, our minds are molded, our tastes formed, our ideas suggested, largely by men we have never heard of. This is a logical result of the way in which our democratic society is organized. Vast numbers of human beings must cooperate in this manner if they are to live together as a smoothly functioning society.
http://www.historyisaweapon.org/defcon1/bernprop.html#SECTION11
You can also watch the BBC’s Edward Bernays documentary – The Century of Self found on youtube:
https://www.youtube.com/watch?v=eJ3RzGoQC4s
If you want to understand modern western psyche watch The Century of Self or read Propaganda.
Re: The Warm Comforting Glow of the Idiot Box
Area Man Constantly Mentioning He Doesn’t Own a Television
Re: Re: The Warm Comforting Glow of the Idiot Box
Looks like that was meant to go here where it is mentioning not owning a TV
https://www.techdirt.com/articles/20190617/08491442412/were-apparently-scanning-our-tvs-viruses-now.shtml#c181
Help! I removed the front door to my house to make it more convenient to enter and leave, but now burglars keep coming in and robbing me while I’m not home! Someone needs to create some sort of security device that will keep unauthorized people from entering your home!
Re: Re:
Just scan it before entering. Should only take a few hours. Sit on sidewalk and watch in case any immediate action is required
I own a dumb TV that’s got a few years on it. It televisions when I TV at it. Very TV.
When I wanted smart stuff, I hooked up a PC. They had a nice relationship, but lately a friend convinced me to get an XBoneX. Now the XBox XBoxes at the TV and the TV televisions back, and they’re very happy together.
Also the TV can stereo, but my Stereo stereos better, so I hooked the TV to the Stereo. All three are now living together in joyful bliss, which is probably illegal in some states, but it works for them.
The TV sleeps in the middle, in case you’re wondering. But don’t call it a slut or the Stereo will shout at you. It’s very loud when it wants to be.
Smart TV's
I bought a Samsung TV yesterday, before I read this article. The agreement I had to accept permitted them to examine pixels on my set and transmit them to wherever. They want everything I watch and when I watch it. They want to know every connected device. I cannot delete their canned apps. They are probably going to crawl around my home network. I will never push an Ethernet cable into this TV!
My TV got infected with ads…
Cereal, sofas, you name it.