AMID NEW FBI WARNING ABOUT THIS YEAR’S HOTTEST GIFT—SMART TVS— WHICH CAN CONNECT TO THE INTERNET & RECORD UNSUSPECTING VICTIMS, SCHUMER DEMANDS FEDS INVESTIGATE SECURITY POLICIES OF DEVICES & IMMEDIATELY SET UNIFORM STANDARDS TO BETTER PROTECT UPSTATE NY FAMILIES FROM BEING HACKED & TRACKED
FBI Warning That Smart TVs, Which Connect To The Internet & Record Unsuspecting Victims, Present A Variety Of Security Concerns For NY’ers Who May Not Even Know The Privacy Ramifications Of Their Living Room Or Bedroom TV
On A Conference Call With Reporters, Schumer Launches Major Push To Investigate Security Policies & Data Protections Of Smart TVs; Wants New Industry Standards
Schumer: “Sees You When You’re Sleeping; Knows When You’re Awake” Is Fine For Santa BUT Not The Family TV
As holiday shopping season heats up, U.S. Senator Charles E. Schumer today sounded the alarm on the security of smart TVs. Last month, the Federal Bureau of Investigations (FBI) issued a warning that smart TVs, which can connect to the internet and collect data on users, since they’re often equipped with features such as microphones and cameras, present a number of potential security threats to New Yorkers. Schumer explained that TV manufacturers, app developers, and hackers can gain access to critical data that smart TVs collect on users, risking the exposure of their private information. Similarly, the National Institute of Standards and Technology (NIST) has also recognized the risk of unsecure devices, such as smart TVs, and previously issued a draft of recommended features for industry to implement to improve their security, with the public comment period for these recommendations recently concluding. Therefore, to protect New York homes from these grave, potential security threats, Schumer urged the Federal Trade Commission (FTC) to both immediately open an investigation into the data protection and security of smart TVs—by TV manufacturers and software application developers—and develop recommendations for the production of secure smart TVs. Additionally, Schumer called on NIST to update Congress on any feedback received during its recent public comment period for its security feature recommendations for smart TVs.
“Smart TVs are always one of the hottest items on our holiday shopping lists, but rather than adding convenience and security to our homes, these devices roll out the welcome mat for both manufacturers and app designers, as well as potential voyeurs, robbers, blackmailers and other criminals. The FBI said as much last month, and the National Institute of Standards and Technology before that, so it’s time to reign this serious threat in,” said Senator Schumer. “While everyone loves having guests in their homes over the holidays, they need to be invited—and the hackers and corporations on the other end of smart TVs aren’t. That’s why I’m calling on the feds to both investigate the data protection policies of these corporations and to issue updated recommendations for the production of secure smart TVs, to ensure that the private information of Upstate New Yorkers is kept that way.”
Schumer explained that of particular concern regarding smart TVs is the collection and storage of users’ data. These devices can collect a large amount of consumer information and data, ranging from an individual’s viewing habits to video and audio recordings often times without the knowledge of consumers. Schumer argued that this private information must be stored in a secure setting with specific data safeguards, and that manufacturers should acknowledge individual consumer rights.
Furthermore, Schumer explained, because smart TVs are connected to the internet, bad actors have the ability to hack them and gain unauthorized access. If a hacker, then, can gain access to one device on a user’s home network, there is also a risk that they could access and compromise other devices connected to the internet on that network. Schumer said that a successful hacker could turn off devices like refrigerators, switch on devices like cameras and microphones, and remotely spy on a home without the knowledge of the surveilled parties. Schumer added that this risk increases with the more internet-connected devices a consumer owns.
Schumer first drew attention to this issue in 2013 following a series of events that established the need for more secure smart TVs. In one example, hackers in Russia broke into over 70,000 cameras across the world, including over 4,000 cameras in the United States, by using camera manufacturers’ default passwords. Live video feed from the hacked cameras had at one time been streamed on the foreign website “www.insecam.cc.” The site’s stated purpose at the time was “to show the importance of settings and changing the security settings on internet cameras.” Many of the hacked cameras were built onto smart TVs, demonstrating their absolute vulnerability. More recently, a 2018 Consumers Report investigation found that millions of smart TVs can be controlled by hackers that exploit easy-to-find security flaws in smart TVs, allowing them to change channels, play offensive content, or even increase the volume. This investigation along with the recent FBI warning signifies that more work must be done to ensure these products remain safe and secure for consumer use.
Specifically, Schumer called for the FTC to immediately open an investigation into the data protection and security of smart TVs by TV manufacturers and software application developers, to ensure that data is being protected. Additionally, Schumer requested the FTC develop and issue recommendations for the production of secure smart TVs to address these security concerns. Last, Schumer urged NIST to update Congress on its security feature recommendations for smart TVs. Schumer argued that NIST should inform Congress of any relevant concerns received during the recent public comment period that might help to inform future Congressional action.
Below appear NIST’s top 6 suggested industry recommendations for smart TVs and other internet-connected devices:
- Device Identification: The smart TV should have a way to identify itself, such as a serial number and/or a unique address used when connecting to networks.
- Device Configuration: Similarly, an authorized user should be able to change the device’s software and firmware configuration. For example, many smart TVs have a way to change their functionality or manage security features.
- Data Protection: It should be clear how the smart TV protects the data that it stores and sends over the network from unauthorized access and modification. For example, some devices use encryption to obscure the data held on the internal storage of the device.
- Logical Access to Interfaces: The smart TV should limit access to its local and network interfaces. For example, the smart TV and its supporting software should gather and authenticate the identity of users attempting to access the device, such as through a username and password.
- Software and Firmware Update: A smart TV’s software and firmware should be updatable using a secure and configurable mechanism. For example, some smart TVs receive automatic updates from the manufacturer, requiring little to no work from the user.
- Cybersecurity Event Logging: Smart TVs should log cybersecurity events and make the logs accessible to the owner or manufacturer. These logs can help users and developers identify vulnerabilities in devices to secure or fix them.
A copy of Schumer’s letter to the FTC and NIST appears below.
Dear Chairman Simons and Under Secretary Copan:
In the midst of holiday season throughout Upstate New York and across the country, I write to express my deep concerns regarding the security of one of the most popular gifts of the year: “smart TVs”.
In November, as a pre-holiday advisory to customers, the Federal Bureau of Investigations (FBI) warned consumers about the potential security threats posed by using smart TVs, which can connect to the Internet, collect data on users, and are often equipped with a variety of features, including microphones and cameras. TV manufacturers, app developers, and hackers can gain access to critical data that smart TVs collect on users. Similarly, the National Institute of Standards and Technology (NIST) recognized the risk posed by unsecured internet-connected devices and recently released a draft of recommended security features that the industry follow to improve the security of these devices.
Of particular concern regarding smart TVs is the collection and storage of user’s data. These devices sometimes collect large amounts of information about consumers, ranging from an individual’s viewing habits to video and audio recordings. This data is collected by both smart TV manufactures as well as affiliated software application developers. Because these devices can connect to the internet, bad actors have the ability to hack these devices and gain unauthorized access to consumer data, especially when that data is not properly secured with the proper safeguards. If a hacker can gain access to one device on a user’s home network, there is also a risk that they can access and compromise other devices on the network. A successful hacker could then surreptitiously turn off devices like refrigerators, switch on cameras and microphones, and remotely spy on a home without a consumer’s knowledge. The risk increases with the more connected devices a consumer owns.
Accordingly, to protect American homes from these potential threats, I request that the Federal Trade Commission (FTC) immediately open an investigation into the data protection and security of smart TVs by TV manufacturers and software application developers. I also request that the FTC develop and issue recommendations, for the production of secure smart TVs to address these security concerns. Last, I request that NIST provide an update to Congress on any feedback received during its recent public comment period for its security feature recommendations for smart TVs.
As popularity for these devices increase it is imperative that consumer data is safeguarded. Thank you for your attention to this important matter.
Previous Article Next Article