Smart TVs are dumb. They have little security, their interfaces tend to be crap, and, oh yes, many smart TV models will spy on you.
If that worries you, go back to rabbit-earred TVs and dumb DVD-players. You aren't going to be a happy couch potato in today's Internet-entwined television world.
But smart TVs go far beyond tracking what you watch. I'm talking about some far more sneaky actions. Your smart TV may well be listening in to your conversations and even watching you from its built-in video camera.
Sound like science-fiction? Nope, it's already happened.
Take my VIZIO M50-C1 50-Inch 4K Ultra HD Smart LED TV. It's a great TV with an excellent display. It just has this one little problem. When I first got it, it was tracking my viewing habits and sharing this data with advertisers... by default.
This Smart Interactivity "feature" works by watching what I watch -- whether it's by cable or streaming. It also records the date, time, channel of programs and if I watched the show live or recorded. VIZIO then takes all that data and connects it to my Internet Protocol (IP) address. With that much data, any big data analyst can know more about me -- and not just my television watching habits -- than my family does.
Then, there's Samsung. Last year it was revealed that some Samsung smart TV models can "capture voice commands and associated texts so that we can provide you with Voice Recognition features and evaluate and improve the features."
OK, I can buy that. But, "Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of Voice Recognition."
I'm not happy with that. And I'm downright ticked off that Samsung doesn't properly encrypt this data when it sends it home over the Internet.
And we can't forget LG. Back in 2013 LG wasn't sure if their smart TVs were spying on you or not. I think we can safely assume they were.
So what can you do? Well it depends, as always, on the brand and model.
On the VIZIO, which is the most troubling since it's the only company -- that we know of -- which spys by default, you can turn off Smart Interactivity by following these steps from your TV.
- Press the MENU button on your TV's remote.
- Select Settings.
- Highlight Smart Interactivity.
- Press RIGHT arrow to change setting to Off.
The other TVs should be safe so long as you have the voice recognition features turned off.
You see I really don't trust any of the TV vendors. The more data they can get about you, the better for their bottom line. And, come on, LG -- you didn't know if you were sucking down data from your customers!?
Even if you assume that the TV vendors care about protecting their customers' data they don't have the necessary security and network chops to protect your data. TV companies may be experts making great displays, but they're not networking or security pros.
For example, Samsung's data leak came about because their smart TVs were sending data over the 443 TCP socket. That sounds good. That's the default socket for the secure HTTP over SSL protocol. What they were actually sending over this port was a mess made up of XML, binary packets, and some raw, unencrypted data.
I'm no hacker, but I could crack that.
As South Korean security expert Seung-Jin Lee showed in 2013, there's no security worth the name in most smart TVs. Lee showed 10 different vulnerabilities that would allow him to get a root shell on the device.
Root? Yes, you see this particular TV ran all of its applications as root. Which means, for those of you not from the Unix/Linux world, that a cracker would get absolute control over the "smart" TV.
I am absolutely sure there has been no improvement in smart TV security since then.
So what can you do?
Well, for starters, don't buy smart TVs in the first place. Apple TV and Roku, to name but two, supply pretty much everything a smart TV does and more besides. Sure, they can have security holes as well, but at least they're designed by people with a clue about security and network engineering.
What's that? You already have a smart TV? Bite the buller and disconnect it from the Internet and turn it into a dumb TV.
First check to see if your TV will let you disconnect from your Wi-Fi network. If it won't, reset it to its factory default setting. When it turns on again and goes through its setup routine, don't give it your Wi-Fi password.
If you're using Ethernet, do the same thing except this time you simply don't plug it into your network.
Yes, this is drastic. But you really can't trust smart TVs.
And, if you think that's bad, just wait until you add more Internet of Things devices to your home. Are you going to be able to keep track of what your car is saying about your driving habits? What your electrical use tells about when you're at home? Heck, what your health insurance provider thinks about the fact that you only use an IoT-enabled toothbrush once a day?
No, you're not going to be able to manage this non-stop bleeding of personal data.
Me? I've lived on the Internet for longer than many of you have been alive. I appreciate what it gives me, especially with television, but I choose to keep the TV vendors out of my personal life. I think you should too.