The U.S. Federal Bureau of Investigation (FBI) recommends making sure that Internet of Things (IoT) devices and smart TVs in your home are properly configured to protect them and your other devices from potential attackers.
FBI’s recommendations come after a long stream of malicious campaigns targeting such devices [1, 2, 3, 4, 5, 6] that usually are unsecured, to either add them to large botnets or use them as a stepping stone in multi-stage attacks aiming for other devices like smartphones and personal computers.
This advice aims to help you build a digital defense around your smart TV and IoT devices to protect your sensitive personal and financial information, seeing that they are easily reachable as they usually come with an Internet connection enabled by default.
“Unsecured devices can allow hackers a path into your router, giving the bad guy access to everything else on your home network that you thought was secure,” the FBI Portland Office says.
“59.7% of routers have weak credentials or some vulnerabilities” and “59.1% of users worldwide have never logged into their router or have never updated its firmware” said Avast in its 2019 Smart Home Security Report published in February — the stats were extracted from data collected from 16 million different home networks and 56 million devices all over the world.
Securing your IoT devices
The easiest way to protect your data from a hacker that manages to compromise one of your IoT devices is to secure your home network by segregating them on a separate network.
“Your fridge and your laptop should not be on the same network,” the FBI says. “Keep your most private, sensitive data on a separate system from your other IoT devices.”
The US federal law enforcement agency also advises changing the devices’ default password with unique and hard to crack passwords, thus blocking any hacking attempts trying to use known passwords set with factory settings.
Making sure that mobile apps paired with such devices don’t have permissions that would allow them to harvest your information is also recommended, as is always keeping all your IoT devices up to date by enabling automatic updates whenever possible.
Digital defense for Smart TVs
“Beyond the risk that your TV manufacturer and app developers may be listening and watching you, that television can also be a gateway for hackers to come into your home,” the FBI states.
“A bad cyber actor may not be able to access your locked-down computer directly, but it is possible that your unsecured TV can give him or her an easy way in the backdoor through your router.”
Following a successful attack, hackers can take control of the smart TV in your living room or bedroom to spy on you using the built-in microphone and camera.
To defend against this, the FBI recommends disabling the TV’s microphone and covering the camera with black tape if you can’t turn it off.
The following guidelines should have you covered if you own an Internet-connected smart TV according to the FBI:
• Know exactly what features your TV has and how to control those features. Do a basic Internet search with your model number and the words “microphone,” “camera,” and “privacy.”
• Don’t depend on the default security settings. Change passwords if you can – and know how to turn off the microphones, cameras, and collection of personal information if possible. If you can’t turn them off, consider whether you are willing to take the risk of buying that model or using that service.
• If you can’t turn off a camera but want to, a simple piece of black tape over the camera eye is a back-to-basics option.
• Check the manufacturer’s ability to update your device with security patches. Can they do this? Have they done it in the past?
If you want to report an incident involving an attempt to hack one of your devices or even a successful attack, you can get in touch with the FBI’s Internet Crime Complaint Center at ic3.gov or call your local FBI office.