Your smart TV can watch you

In April 2013, Cassidy Wolf, then a contestant in the Miss Teen USA pageant, was shocked to learn that a hacker had used the webcam on her own laptop to take photos of her in her own bedroom.

The hacker, later identified as 19-year-old Jared James Abrahams, took the photos quietly without her noticing it over a period spanning several months.

In fact, she would not have known of it had he not sent her an email attempting to blackmail and extort her.

Thus, Cassidy joined the many victims of creep-ware attacks in which hackers and other cyber criminals hijack and control personal digital devices connected to the Internet.

Having gained control of the devices, the hackers can record the online behaviour of their victims secretly and sell the information to advertisers.

They can also take photos or videos of extremely private and potentially embarrassing activities using the webcam on the devices.

In some cases, they can record the conversations of their victims using the microphones on the devices.

Ordinary objects

The hackers can also steal private information such as passwords or credit card details from the enslaved devices.

Hackers have been around since the emergence of the digital revolution. However, vulnerability to privacy violation has grown with the ubiquity of advanced digital technologies and networks currently exemplified by the “Internet of Things” (IoT).

This is a network of physical things – living and non-living – with a capacity to send and receive digital data without requiring human intervention.

Therefore, IoT creates scenarios where network connectivity and computing capability extends to ordinary objects and everyday items not normally considered computers.

Such devices then become able to generate, exchange, and consume data with minimal human intervention.

IoT can facilitate the connection of ordinary home appliances such as televisions, refrigerators, clocks, home theatre machines, coffee makers or even decorations.

The other personal IoT devices may include wearable fitness and health monitoring devices and network enabled medical devices.

A number of technology companies and research organisations have offered a wide range of projections about the potential impact of IoT on the Internet and the economy during the next five to 10 years.

Cisco, for example, projects more than 24 billion Internet-connected objects by 2019, while Morgan Stanley projects 75 billion networked devices by 2020.

Looking out further and raising the stakes even higher, Huawei forecasts 100 billion IoT connections by 2025.

McKinsey Global Institute suggests that the financial impact of IoT on the global economy may be as much as $3.9 trillion to $11.1 trillion by 2025.

While the variability in the predictions makes any specific number questionable, collectively they paint a picture of significant growth and influence of IoT.

The use of smart devices comes with myriad conveniences. However, the consumers need to be alive to the fact that these devices could actually be used to spy on their unsuspecting owners.

The smart TV is one of the home appliances that can turn the lives of their owners into a nightmare.

operating system

Many people are oblivious of the fact that smart TVs are basically computers which come with USB ports, operating system and network capability, yet they require no authentication to use. Smart TV manufacturers seem to prioritise user comfort over security.

For instance, smart TV sets typically do not run any anti-virus software. Therefore, they are an easy target to hackers through man-in-the-middle (MiM) attacks.

Once hackers take control of any IoT device, they are able to launch diverse attacks on any other device connected to the same network such as computers, ipads, mobile phones or gears and glean private information.

They can also turn your smart TV into a video surveillance camera recording every activity, if they choose to, in your living room, by using the webcam and microphone on the set.

Hackers can also hijack the remote controls of the enslaved smart TV and change channels, mute the volume or altogether switch it off at will.

Global security concerns are so fixated on preventing the use of weapons of mass destruction to the extent that threats emanating from increased digitalisation do not attract meaningful attention. Knowing that a global MiM attack is possible through IoT devices, we are sitting on a time-bomb.

There is need for a comprehensive and proactive framework for enhancing and assuring security in the “smart” world. In the meantime, you are on your own. It is prudent to handle your smartTV with the same caution you treat your other digital devices.

Prof Kwanya is the Director, School of Information and Communication Studies at the Technical University of Kenya.