Smart TV Vulnerabilities: Beware Spies may be Watching You

Smart TVs, with their ability to stream content, browse the web, and integrate with smart home systems, have become a staple in modern households. Brands like Samsung, LG, Sony, Vizio, and TCL dominate the market, offering features like voice assistants, cameras, and app ecosystems. However, these internet-connected devices are not immune to security risks. The July 31, 2025, Samsung Smart TV outage, which affected app access and connectivity, raised questions about whether such disruptions could stem from cyberattacks. Although Samsung attributed the issue to server problems, the incident highlights the vulnerabilities of Smart TVs. This article explores the security risks of Smart TVs, their hacking history, and actionable steps to protect your device from threats like unauthorized audio/video capture, data theft, and network compromise.

Security Risks of Smart TVs

Smart TVs, like any Internet of Things (IoT) device, face multiple security risks due to their connectivity and features. Below are the primary threats:

1. Unauthorized Audio and Video Capture

Many Smart TVs come equipped with microphones for voice assistants (e.g., Samsung’s Bixby, LG’s Google Assistant, Sony’s Alexa) and, in some cases, cameras for video calls or gesture control. If compromised, these features can be exploited:

• Microphone Exploitation: Hackers can activate microphones to record conversations without user consent. For example, a 2017 WikiLeaks report revealed the “Weeping Angel” program, where the CIA and MI5 allegedly used Samsung Smart TVs’ microphones to spy on users.
• Camera Access: Older Smart TV models with built-in cameras (e.g., Samsung’s 2013 models with Skype support) are particularly vulnerable. Hackers could capture video or images, potentially for blackmail or surveillance. A 2013 proof-of-concept hack demonstrated camera access on Samsung TVs.
• Detection Challenges: Unlike laptops, Smart TVs often lack clear indicators (e.g., a “recording” light), making unauthorized access hard to detect.

2. Data Theft and Privacy Invasion

Smart TVs store sensitive information, such as streaming app credentials, payment details, and viewing habits, which are valuable to cybercriminals:

• Automatic Content Recognition (ACR): Technologies like Samsung’s Viewing Information Services or Sony’s Samba Interactive TV track viewing habits for targeted ads. In 2017, Vizio was fined $2.2 million by the FTC for collecting and selling user data without consent.
• Unencrypted Data Transmission: A 2013 investigation found LG Smart TVs transmitting unencrypted data, including USB file names, to servers even when data collection was disabled.
• Credential Theft: Hackers can steal login details for apps like Netflix or Amazon Prime, leading to account compromise or identity theft. A 2013 bot was found stealing credentials from Smart TVs.

3. Malware and Botnets

Smart TVs, especially those running Android (e.g., Sony, TCL), are susceptible to malware:

• Malicious Apps: In 2017, Trend Micro identified the FLocker ransomware targeting Android-based Smart TVs, collecting data like location and photos.
• Botnet Recruitment: Compromised TVs can be used in botnets for Distributed Denial of Service (DDoS) attacks or cryptocurrency mining, as seen in 2013 bot attacks.
• USB-Based Malware: Connecting infected USB drives to Smart TVs can introduce malware, exploiting vulnerabilities in the TV’s operating system.

4. Network Compromise

A hacked Smart TV can serve as an entry point to your home network:

• Man-in-the-Middle (MITM) Attacks: Hackers intercepting unencrypted Wi-Fi communications can access other devices, such as phones or computers.
• Router Vulnerabilities: Weak router passwords or outdated firmware allow hackers to infiltrate your network, compromising all connected devices.

5. Remote Control and Manipulation

Hackers can exploit vulnerabilities to control Smart TVs remotely:

• Channel/Volume Changes: A 2018 Consumer Reports investigation found Samsung and TCL TVs vulnerable to remote control, allowing hackers to change channels, adjust volume, or disconnect Wi-Fi.
• Content Manipulation: Hackers could display inappropriate or illegal content, especially on public TVs in places like malls or gyms.

6. Ransomware

Though less common, ransomware can lock a Smart TV’s interface, demanding payment for access. The 2017 FLocker ransomware targeted Android-based TVs, demonstrating this risk.

7. Limited Software Support

Many Smart TVs receive software updates for only two to three years after launch, leaving older models vulnerable. A 2023 Which? report noted that Samsung offers three years of updates, LG two to five, and Sony two, while Hisense provides up to ten. Outdated firmware increases the risk of unpatched vulnerabilities.

8. Rogue Signal Attacks

A 2017 attack developed by Rafael Scheel exploited Digital Video Broadcasting-Terrestrial (DVB-T) signals to gain root access to Smart TVs, enabling spying or DDoS attacks. This unidirectional attack was hard to trace and affected 90% of Smart TVs at the time.

Hacking History of Major Smart TV Brands

The following outlines significant hacking incidents and vulnerabilities for major Smart TV brands:

Samsung

• 2013: A proof-of-concept hack demonstrated camera and microphone access on Samsung Smart TVs, raising privacy concerns.
• 2015: Samsung faced backlash over a privacy policy implying its TVs could monitor conversations. The company clarified that microphones required user activation via remote.
• 2017: The “Weeping Angel” program, exposed by WikiLeaks, targeted Samsung’s F8000 series, allowing the CIA and MI5 to record audio via built-in microphones.
• 2018: Consumer Reports identified vulnerabilities in Samsung’s Tizen OS, enabling remote control of TVs. Samsung patched these issues in a 2018 update.
• 2019: Samsung’s support account tweeted (then deleted) a recommendation to run antivirus scans on TVs, highlighting malware risks.
• 2023: A vulnerability (CVE-2023-29066) in Samsung TVs allowed remote access to device features, including microphones, and was patched.
• 2025: The July 31 outage disrupted Smart Hub services, with speculation of a cyberattack, though Samsung attributed it to server issues. User reports on X indicated ongoing issues.

LG

• 2013: IT consultant Jason Huntley discovered LG Smart TVs transmitting unencrypted data, including USB file names, to servers even when data collection was disabled.
• 2017: LG’s webOS was criticized for privacy issues, with reports of data collection despite user opt-outs.
• 2024: LG TVs were found vulnerable to Wi-Fi provisioning and remote-control binding issues via the EVILSCREEN technique, which tests multi-channel remote control security.

Sony

• 2018: Consumer Reports noted vulnerabilities in Sony’s Android TV platform, allowing remote control exploits.
• 2024: Sony TVs using Google TV were found susceptible to remote-control mimicry attacks, as identified by the EVILSCREEN technique.
• Privacy Concerns: Sony’s use of Samba Interactive TV for ACR has raised data privacy issues, though users can disable it.

Other Brands

• Vizio (2017): Fined $2.2 million by the FTC for collecting and selling viewing data without consent, with ACR enabled by default.
• TCL (2018): Consumer Reports identified vulnerabilities in TCL’s Roku-based TVs, allowing remote control and Wi-Fi disconnection.
• Roku (2018): Similar vulnerabilities to TCL, with external control features exploitable unless disabled.
• Hisense (2024): Vulnerable to Wi-Fi provisioning and remote-control binding issues, though the brand offers longer software support (up to 10 years).

Other Risks

Beyond hacking, Smart TVs pose additional risks:

• Surveillance by Manufacturers: ACR technologies collect viewing data for targeted ads, often without clear user consent.
• Physical Access Exploits: Hackers with physical access can install malware via USB or HDMI devices, even on offline TVs.
• Phishing Attacks: Malicious emails or websites can trick users into entering credentials on fraudulent pages, compromising streaming accounts.
• Cross-Device Advertising: Agreeing to features like LG’s “Who. Where. What?” allows partners to use viewing data for commercial purposes, even if data sales are restricted.
• Social Engineering: Hackers may use social media apps on Smart TVs to access accounts or spread malware.
• Public Space Vulnerabilities: Smart TVs in public settings (e.g., hotels, gyms) are at higher risk of displaying harmful content or being used to spy via poorly secured networks.

Protecting Your Smart TV

To mitigate these risks, follow these actionable steps:

1. Update Firmware Regularly:
   • Check for updates: Samsung (Settings > Support > Software Update > Update Now), LG (Settings > All Settings > General > About This TV > Check for Updates), Sony (Settings > System Software Update > Software Update).
   • Enable automatic updates where available to patch vulnerabilities.
2. Disable Unnecessary Features:
   • Turn off microphones and cameras: Samsung (Settings > General > Smart Features > Voice Recognition), LG (Settings > General > LivePlus), Sony (Settings > System > Samba Interactive TV).
   • Cover cameras with tape if they cannot be disabled.
3. Secure Your Network:
   • Use strong, unique Wi-Fi passwords and enable WPA3 encryption.
   • Set up a guest network for your Smart TV to isolate it from other devices.
   • Consider a VPN on your router to encrypt traffic.
4. Limit App Usage:
   • Install apps only from official stores (e.g., Samsung’s Smart Hub, LG’s Content Store).
   • Deny unnecessary app permissions for cameras or microphones.
5. Disable ACR and Data Collection:
   • Samsung: Settings > Support > Terms & Policy > Privacy Choices > Disable Viewing Information Services.
   • LG: Settings > General > LivePlus > Toggle Off.
   • Sony: Settings > System > Samba Interactive TV > Toggle Off.
6. Avoid Untrusted Devices:
   • Scan USB drives with antivirus software before connecting to your TV.
   • Avoid connecting to public Wi-Fi networks.
7. Enable Security Features:
   • Use Samsung’s Knox security, LG’s webOS security manager, or Sony’s Google Play Protect for malware scanning.
   • Set a PIN for Smart Hub access (Samsung: Settings > General > System Manager > Change PIN, default 0000).
8. Monitor for Signs of Hacking:
   • Look for unusual behavior like pop-up ads, slow performance, unfamiliar apps, or unresponsive remotes.
   • Reset the Smart Hub or perform a factory reset if compromised (Samsung: Settings > General > Reset; LG: Settings > General > Reset to Initial Settings).
9. Use Strong Passwords:
   • Create unique, complex passwords for streaming accounts and enable two-factor authentication where available.
10. Disconnect When Not in Use:
    • Consider disconnecting your TV from Wi-Fi when not in use to reduce exposure, though this limits functionality.

Conclusion

Smart TVs offer unparalleled convenience but come with significant security and privacy risks. Hacking incidents, such as Samsung’s 2013 camera exploit, LG’s 2013 data transmission issue, and TCL’s 2018 vulnerabilities, demonstrate that no brand is immune. The 2025 Samsung outage, while not confirmed as a cyberattack, underscores the fragility of internet-dependent devices. Additional risks, like manufacturer surveillance and public space vulnerabilities, further complicate the security landscape. By updating firmware, disabling unnecessary features, securing your network, and monitoring for suspicious activity, you can significantly reduce these risks. Stay vigilant, review privacy settings, and consult manufacturer support. Protecting your Smart TV ensures a safer, more private entertainment experience.