Here’s a follow-up of why putting camera-enabled smart TVs in the bedroom might be a bad idea
At Liverpool Makefest on Saturday I gave a talk about keeping smart homes private. I talked about how we’re inviting smart devices into our homes. We’re giving them an intimate status, allowing smart TVs with cameras and microphones into our bedrooms.
In a follow up email, someone said they’d mentioned the issue of TV being able to access the living room or bedroom, but their friends didn’t believe them. So here’s a quick explainer on how smart TVs work and how things go wrong.
Smart TVs are complex computers
Modern smart TVs are complex computers. Just like your computer or phone, they run a full operating system, often based on Android. We connect them to the internet and install applications like Netflix, iPlayer and Skype.
That’s great, but the complexity of being a full-blown computer means there are many ways for things to go wrong.
We’ve all been drilled that keeping computers secure starts with regular security updates and being careful with what things we download and open. The same is exactly true for smart devices.
Manufacturers don’t keep devices updated
The trouble is that manufacturers don’t keep making security updates.
You might expect your TV to last 10 years, but the manufacturer doesn’t. They’ll release updates for as little time as they can get away with, since it’s expensive to maintain “obsolete” devices. (There are exceptions, and you should give those companies your money)
Over time, researchers and hackers find issues in the software running on smart TVs. Sometimes they’re in the underlying Android operating system (affecting all devices) and sometimes they’re in the manufacturer-specific code used to customize the TV.
Occasionally these software bugs are so serious that they allow someone to take control of the TV — just like a computer virus — giving access to the camera, microphone and internet connection.
This type of serious security bug is precisely why it’s important to install security updates — to fix the bug and prevent it from being exploited. When manufacturers stop supporting a device, they’re leaving your device vulnerable to the next big software bug.
Devices are often poorly designed
Another way smart TVs go wrong is when they’re just poorly engineered.
In my talk I referred to a creepy internet-connected teddy bear that leaked 2.2 million voice recordings between children and parents. This was due to a string of bewilderingly incompetent technical decisions.
In 2016 Troy Hunt found a vulnerability in the Nissan LEAF car which allowed anyone on the internet to take over the air conditioning and heating systems of the vehicle.
The point of these examples is to highlight that manufacturers are making basic security mistakes — they simply aren’t prioritising security, and aren’t protecting your privacy.
Devices don’t always work as designed
Finally, devices just don’t always do what we expect them to do.
In May this year, a couple received a phone call from a colleague urging them to unplug their Amazon Alexa devices (always-on microphones which respond to voice-commands).
Somehow, the colleague on the phone had just received a voice recording of the couple’s private conversation. It turned out the ever-present microphone had made a series of misinterpretations leading to the accidental exposure. According to Amazon:
Echo woke up due to a word in background conversation sounding like ‘Alexa.’ Then, the subsequent conversation was heard as a ‘send message’ request, At which point, Alexa said out loud ‘To whom?’ At which point, the background conversation was interpreted as a name in the customers contact list. Alexa then asked out loud, ‘[contact name], right?’ Alexa then interpreted background conversation as ‘right’. As unlikely as this string of events is, we are evaluating options to make this case even less likely.
Smart devices are a perfect storm
Smart TVs now have cameras and microphones, and we invite them into our personal spaces.
But they’re just little computers. Computers have bugs, allowing them to be taken over by others.
Many manufacturers put profit over safety, failing to build devices securely and failing to keep on top of bugs.
It’s a perfect storm.
Please think carefully whether you want these things in your bedroom.