Smart TVS from major manufacturers like LG and Samsung are easy targets for eavesdropping, according to a recent report published by Germany’s computer magazine c’t. The magazine was able to obtain login data from apps like Amazon’s lovefilm, and even snoop on browser sessions, leading to the suggestion that Smart TV users should never use banking websites, or other sites requiring sensitive personal information, on their TV sets.
c’t journalists were able to intercept this kind of data by faking SSL certificates, which are used to verify the security of data encryption sessions. The magazine simply generated and signed its own certificates, and the smart TVs in question didn’t bother to check whether these certificates came from a trusted source. The result was that c’t was able to listen in on encrypted HTTPS traffic and extract user names and passwords for apps and more.
The magazine was able to run this exploit on three TVs from Samsung, LG and Philips, and notified the companies about the weakness. According to its report, all companies acknowledged the issue, confirming that it’s present across all of their smart TV devices. All promised to provide a fix through future firmware updates.
This isn’t the first time that smart TVs have come into the spotlight for security concerns. Last summer, hackers were able to remotely activate a camera integrated into Samsung smart TVs to spy on viewers, forcing the company to release a firmware update to fix the exploit.