Smart TVs from Samsung, LG and Phillips seem to carry a security exploit in their apps that allow for spying and obtaining customer logins.
The next time you’re on your Smart TV playing around with the apps, you might want to step back and watch what information you’re transmitting through your television. It turns out, that may not be the best idea due to a possible security exploit. According to a recent report published by the German computer magazine c’t, they were able to obtain login data through apps such as Amazon’s lovefilm and even peek at browser sessions of the user.
This isn’t the first security flaw for the Smart TVs, as Samsung last year had to deal with an exploit (that was quickly patched via new firmware) of hackers that remotely activated the integrated cameras in Samsung made TVs to spy on viewers. In this case, c’t magazine was able to gain access through the data by faking SSL certificates, which are used to make sure the sites that use data encryption are secure for the user. The Smart TV didn’t check these certificates to see if they were from a trusted source, therefore allowing the capture and recording of user names and passwords for apps and Internet browsing via the TV.
Obviously this causes issues for the three manufacturers that allowed the exploits to occur. They were notified by the magazine and told that they were all aware of the issue. So basically that means they knew this exploit does exist and that they are all working on fixing these issues via firmware updates in the near future.
More or less, the best way to approach this, and protect yourself, is to make sure you don’t do any major browsing that involves secure personal information transmission. If you have to look up your banking or credit card information, stop what you’re doing and go to a computer. Just use your television for streaming Netflix and HBO Go. Chances are that you’ve given those usernames and passwords to all your friends already anyway.