Internet TVs new 'playground' for cybercrooks

Multiple Net entry points brought about by new era of non-PC-based, Web-enabled devices such as Google TV, represent significant exploit opportunities for cybercriminals, say security experts.

In an era where the use of non-PC Internet devices is "exploding", consumers now have more entry points to access the Web. These access points and the various devices used represent, in turn, multiple "playgrounds" for cybercriminals to exploit for financial gain, according to a security expert.

David Hall, regional consumer marketing manager for Symantec Asia-Pacific, said with the increase in entry points and users spending more time online, the opportunity for cyberattacks to occur increases significantly.

He illustrated the scope of the threat by citing an IDC report, which stated that there are over 10 billion non-PC devices that connect to the Internet today and the number is expected to grow to "almost 20 billion by 2014". These non-PC devices already outnumber PC workstations by "five to one", he noted in an e-mail.

Adding to the deluge of Web-enabled devices are Internet-enabled TVs such as the ones Google hopes to introduce in the near future.

The search giant announced its intentions to mesh both the Web with TVs, named Google TV, at its Google I/O conference last month. As early as March this year, Google was said to be collaborating with industry partners such as Sony, Intel and Logitech to deliver set-top boxes and TV sets that are Web-ready, powered by Google's Android mobile operating system (OS).

If Google succeeds with its foray into consumer electronics, it will increase the risk of cyberattacks occurring "any time, any place", warned Hall.

"We see that computing is expanding far beyond the PC as a platform as the connected devices market goes through a period of explosive growth," he said. "Now more than ever, it is critical for consumers to be protected beyond their PCs."

One particular area that could be a security risk is in the area of e-commerce, noted Hall. According to him, there is a "high chance" of cybercriminals stealing credit card details and other personal data through unsecured Web sites and phishing scams, as counterfeit shopping sites offering bogus promotions and low prices surface on non-PC platforms.

To combat this, companies such as Symantec are offering or planning to offer security solutions that look beyond conventional PC protection to other platforms including mobile devices, "smart devices" such as Blu-ray players, digital photo frames and TVs, he said. The protection, he added, could extend to the safeguarding of the user's Internet connection.

Another security expert, Anthony Ung, reckons that with the introduction of Web-enabled TVs, the risk of cybercrooks employing social engineering tactics will come to the fore.

The Country Manager for Southeast Asia at Trend Micro said that Google TV and other such Web-enabled media devices will make TV viewing "a more social experience", particularly in integrating social media elements with conventional broadcast content.

"Social engineering tactics, whether it is through users visiting risky sites and downloading malicious files or [divulging] too much information via their TVs, will surely come into play," said Ung.

He added that in the near future, consumers could possibly see bogus links to certain popular TV shows just to entice users who are fans of the programs to click on them.

Ung also pointed out that manufacturer attention to quality control is now "definitely a necessity" as cyberattacks take on new forms.

An earlier ZDNet Asia report indicated that cybercriminals are targeting non-conventional electronic appliances such as digital photo frames and battery chargers. Web-enabled TVs will no doubt be on their list of targets once such devices come into the market, said the Trend Micro executive.

Users need to understand threats
To better mitigate the threat, Ung called for manufacturers to implement and adhere to proper IT security policies as well as for users to understand the various threats that are currently active and take up proper measures against them.

Concurring with Ung's assessment, Symantec's Hall pointed out that online identity and data theft "equate closely" to the likes of robbery or murder in the physical realm, where individuals are likely to deal with the ramifications of such actions "for years" or experience "profound emotional impact".

He advised users to minimize the amount of personal or financial data they store on interconnected devices, as this limits their exposure in the event the devices are stolen. Additionally, consumers should be actively applying manufacturers' security updates as they become available.

Users should also remove all their data from the storage space of the device or multiple devices they plan to sell or give away before handing them over to the new owner, Hall added.