Did you buy a smart TV as part of a Cyber Monday deal? Scratch that -- odds are you already own one. As such, there are a few things about smart-TV security and privacy you should know.
This issue is in the news thanks to a recent blog post by the FBI field office in Portland, Oregon. Please note that this FBI warning about smart-TV hacking did not come from FBI headquarters in Washington, D.C., so it does not describe any new or imminent threat.
However, the Portland FBI's blog post does address issues that have been known for several years. Chiefly, many smart TVs have sloppy security.
And many smart TVs may permit access from over the internet. Some may have web servers built in. (It's pretty common to have web-server functions on home networked devices such as routers and digital video recorders.)
In the worst-case scenario, a smart TV with a built-in camera and microphone could be accessed over the internet without authorization, and could give an attacker an audio and video feed of what's happening in the user's living room ... or bedroom.
A lot of different vulnerabilities and problems would have to line up for that kind of smart-TV spying to be possible. But there are some simple steps you can take to protect your privacy.
5 smart TV security tips you need to know
1. Before you buy a smart TV, check to see whether it has a camera and/or a microphone.
Ask yourself whether you really need your TV to watch you, instead of the other way around. (Personally, we wouldn't let such a TV in our house.)
2. If you already own a TV with a camera and/or microphone, see if you can disable them.
You'll want to dig around in the settings for this, and then Google it regarding your particular model if you have to. If there's no way to disable these features, then -- and the FBI field office really does recommend this -- put black tape over the camera.
3. See if you can change the administrative password in your smart TV's settings.
Most smart devices have default password settings, and most consumers leave them that way, but those default passwords are no secret. Prospective smart-TV buyers can Google the user manuals for TVs they are considering.
4. See how easy it is to update the TV's firmware.
You should probably do this before your buy a particular model. Again, Google will be your friend. Our own 2013 Samsung smart TV does update itself automatically, and we hope that means most current models will too.
5. Change the default access and administrative passwords on your home Wi-Fi network.
Lax password security is the main reason for Wi-Fi network break-ins. If an attacker can't access your home Wi-Fi network, it's going to be hard for them to access your smart TV in 90 percent of possible attack scenarios.
The bad news about smart-TV privacy
The FBI blog post also addresses user privacy with regard to what the smart-TV makers collect about you. We're afraid we don't have much good news about that.
Here's a story we did on academic studies that analyzed what kind of personal data smart TVs and set-top boxes collect and send upstream. It's not pretty.
This massive data harvesting is not the result of hacker attacks or vulnerabilities. These are instead intentional features in smart TVs and set-top streaming boxes. It's one way for device makers to offset the cost of manufacturing and keep retail prices low.
This kind of data collection may not much upset those people who have reluctantly accepted that all our privacy is already pretty much shredded anyway. But it does concern many people.
The FBI blog post recommends checking (i.e. Googling) smart-TV makers' privacy policies to see what kind of data they collect and how they handle it. But in practical terms, it's usually impossible to understand those policies unless you have a law degree.
I'm afraid we don't have much good advice here. You could try to find a "dumb" TV that doesn't have internet connectivity, or you could just not connect your smart TV to the internet at all. But if you hook up a set-top streaming box to get Netflix or whatever, then it's back to square one.
