A model poses with a Samsung Electronics’ 75-inch F8000 Smart LED TV during a media conference in Seoul on February 19, 2013. (Photo credit: JUNG YEON-JE/AFP/Getty Images)
The Federal Trade Commission’s $2.3 million fine of Vizio has proven the government is paying attention to consumer complaints about the privacy implications of Smart TVs. The company was punished by FTC for claims it harvested anonymized viewing habits of its customers without explicit permission.
Whilst Vizio and other TV manufacturers will likely pay more heed to consumers’ desire to keep Big Brother out of their home lives, police are just starting to get their heads round the idea that such connected devices might have useful evidence within. Thus far, I’ve only been able to uncover one case in which the feds sought to look through the information stored on the set.
It occurred in June 2016, when San Diego officers working for the Homeland Security Investigations (HSI) unit sought information from the Samsung smart TV of Mikhail Feldman, a man previously convicted for possession of “images of minors engaged in sexually explicit conduct,” as outlined in an affidavit for the warrant (see below — it appears to be the first ever published warrant for a smart TV). Feldman had admitted to watching adult and child pornography on his Samsung television, using Google on the TV to find the material.
The warrant treats the TV like a normal computer, allowing the feds to access all files stored on the Samsung device that pertained to child abuse imagery and video, as well as browsing history, online profiles and associated passwords, amongst other data. The warrant was returned executed, though the document confirming what exact information was taken remained sealed at the time of publication.
Police were right to look at the TV like a standard PC. According to Rob Lee, digital forensics and incident response lead at the SANS Institute, said in many cases, TVs are just “very large smartphones.” “So the potential for exploitation is there,” he added.
Indeed, malicious hackers have found weaknesses across smart TVs before. At the end of 2016, a software engineer warned about ransomware appearing on his LG TV. Reports of such activity emerged earlier that year. It should be no surprise then that police can grab data from TVs when they have direct access.
Apple TV too?
Whilst the case of the Samsung TV shows how home-connected devices should be treated like typical digital devices, smart televisions don’t come with the same security protections. That extends to Apple TV too, says Mattia Epifani, CEO of Italian forensics experts Reality Net.
He’s been studying how to draw data from Apple TVs once a forensics expert has access and hooks up a PC. “Apple TV cannot be password protected like an iPhone so it means that by simply connecting to a computer you can extract some useful information,” Epifani said.
“Simply by connecting through the USB port to the Apple TV we used for testing, part of the file system of the device can be copied out… [it] is available with no protection. I think it is not a vulnerability but a choice of Apple.”
From the Apple TV he was able to extract the registered Apple ID on the TV, the shopping database containing the books, films and music bought by the user, a list of the iPhones connected to the Apple TV and the list of Wi-Fi networks it had connected to.
The ultimate message here for the innocent consumer? Treat all connected TVs like computers with dubious security, and don’t store anything sensitive on them.
Got a tip? Email at TFox-Brewster@forbes.com or email@example.com for PGP mail. Get me on Signal on +447837496820 or firstname.lastname@example.org on Jabber for encrypted chat.