Samsung says we should scan our smart TVs for malware. Is it right?

The problem with smart TVs in 2019

Is Samsung right to warn of TV nasties?

So here's a thing that just happened. Samsung – or more specifically, a Samsung customer support account – sent out a tweet advising owners of its QLED smart TVs to regularly scan their sets for malware. It even offered a video showing users how to find the buried virus scanner in their TV settings, which most users have probably been unaware of until now – and we don't blame them.

"Scanning your computer for malware viruses is important to keep it running smoothly," read the tweet, first spotted by The Verge. "This is also true for your QLED TV if it's connected to Wi-Fi! Prevent malicious software attacks on your TV by scanning for viruses on your TV every few weeks. Here's how".

People shouldn't need to care

What was presumably sent out as a well-intentioned advisory warning came across as a self-own for Samsung's PR machine – and some tasty fodder for everyone's favorite Internet of Sh*t Twitter account.

But was Samsung right? Do we need to be aware of malware and other nasties infecting our smart televisions?

"People shouldn't need to care," security expert Barry Dorans tells me. "Samsung and others should be doing this automatically, or minimise the risk in their TV operating systems and code." As Dorans says, while it's bad enough that smart TVs work on a business modeled on selling user data, it gets worse when TVs are starting to get built-in microphones and cameras. But these bring their own marketable conveniences, like telling Alexa to turn the TV off, or adjusting the volume without having to lift a finger.

"The advice doesn't surprise me," says Dorans. "In the age now where TVs are as much about selling user information, habits and serving advertising there are inherent security risks."

So why the hell isn't this process automatic? Samsung isn't wrong to say that malware is a risk, but for TV companies to put this burden on users is irresponsible. Should we also be doing this for our smart fridges? It would be disingenuous to argue that any internet-connected device didn't have some level of vulnerability to it, but smart TVs may be especially at risk.

In fact, in 2017 a researcher in Israel discovered 40 zero-day vulnerabilities in Tizen, the OS that underpins Samsung's smart televisions. Consumer Reports also discovered last year that hackers could interfere with Samsung's QLED TVs via an exploit.

Samsung says we should scan our smart TVs for malware. Is it right?

The ugly truth about your smart TV

So why not just switch to a "dumb" TV instead? This is where things get pretty ridiculous because smart TVs are actually cheaper. That's because companies can subsidise lower prices with user data collected from smart TV sets. Dumb TVs cannot collect this same data, which is why they actually cost more. So the very companies that are selling us smart TV sets are creating added vulnerabilities by letting in third-party advertisers.

Dumb TVs cannot collect user data, which is why they're more expensive

Welcome to the ugly truth of smart TVs. Alternatively you can buy the smart TV just for the benefit of its 4K loveliness, not give it your Wi-Fi password, and instead use it as a passthrough for other set-top boxes like the Apple TV. But this is less convenient than having everything built into one television set.

There's a bit more context that adds weight to Samsung's warning. In 2017, WikiLeaks released documents purportedly showing how the CIA and UK's MI5 had collaborated to spy on people using their Samsung Smart TVs. However, the "hack" required someone plug a USB drive into the TV, which means it couldn't be remotely activated without human contact. Nonetheless, it raised a valid concerns that if this could be done, we could one day be faced with more elaborate hacks done remotely.

So is Samsung right to highlight smart TV vulnerabilities? It would be false to say they didn't exist. "As for are they overstating? No way to tell," says Dorans. "We've not seen public viruses as yet, but it may be a tempting target for some."

The problem here isn't Samsung's advice, but more that it's drawn attention to fallibilities in smart TVs in 2019 and the ridiculous situation we've found ourselves in. It's clear that people are not going to scan their TVs for viruses on the regular, if at all, and as such this "feature" should be one completely automated and buried out of sight.

Until that day comes, if you do own one of Samsung's QLED smart TVs and want to check you haven't picked up any nasty bugs, you can find the virus scanner by going to General > System Manager > Smart Security > Scan.

TAGGED   televisions
What do you think?
Reply to
Your comment