Many new TVs can watch you or even film you on the sofa
by Guy Adams
You are sitting in bed in your pajamas, drinking a cup of cocoa. A loved one lies next to you, watching late-night television. Pillow talk is exchanged. An alarm clock is set. Eventually the lights are turned out.
Earlier, you sat on the living-room sofa eating supper, before loading the dishwasher and heading upstairs.
You have, in other words, just enjoyed a perfectly normal night, in a perfectly normal home. The curtains are drawn, the central heating turned up. It’s cozy, relaxing and, above all, completely private. Or so you thought.
The truth turns out to be quite the opposite. For on the other side of the world, people you didn’t know existed are keeping a beady eye on your every move.
These characters can see what clothes you have been wearing and what food you’ve eaten. They heard every word you said, and logged every TV show you watched. Some are criminals, others work for major corporations. And now they know your most intimate secrets.
It may sound like a plot summary for a futuristic science-fiction movie. But real-life versions of this Orwellian scenario are being played out every day in towns and cities across the globe — and in most cases the victims have no idea.
At fault is a common electronic device invented nearly a century ago and found in almost every modern household: the domestic television set.
Put simply, our TVs have started spying on us.
Last week, there was a high-profile case in point. An IT consultant called Jason Huntley, who lives in a village near Hull, uncovered evidence that a flat-screen television, which had been sitting in his living room since the summer, was secretly invading his family’s privacy.
He began investigating the £400 LG device after noticing that its home screen appeared to be showing him ‘targeted’ adverts for for cars, and Knorr stock cubes — based on programs he’d just been watching.
Huntley decided to monitor information that the so-called smart TV — which connects to the internet — was sending and receiving. He did this by using his laptop effectively as a bridge between his television and the internet receiver, so the laptop was able to show all the data being sucked out of his set.
He soon discovered that details of not just every show he watched but every button he pressed on his remote control were being sent back to LG’s corporate headquarters in South Korea.
There, the electronics company appeared to be using its customers’ data to make money. A promotional video shown to commercial clients suggested that data was being used to provide ‘the ad experience you have always dreamed of’.
The information Huntley’s TV had sent — without his knowledge — included the contents of his private digital video collection, which he’d watched on the television. This included camcorder footage of family celebrations containing images of his wife and two young children.
Most worrying of all, the device continued sending such information to Korea even after Huntley had adjusted the television’s default settings to ‘opt out’ of data sharing.
Huntley wrote about the findings on his blog. After his case was picked up by mainstream news outlets, LG announced an investigation. ‘Customer privacy is a top priority,’ the firm said. ‘We are looking into reports that certain viewing information on LG smart TVs was shared without consent.’
LG has also removed its promotional video about targeted advertising from its website.
The Information Commissioner’s Office says it is now investigating the firm for a ‘possible breach’ of the Data Protection Act. Jason Huntley, meanwhile, tells me he is ‘very suspicious and also a little worried’ by the affair. ‘I don’t think we’ve heard the last of this. Who knows what else these televisions are doing that we don’t know about?’
It doesn’t take much digging to find out. Talk to any IT security expert and they will tell you that Huntley’s discovery is probably the tip of the iceberg.
What’s to blame is the continuing rise of smart televisions, which account for most new TV sets sold and are predicted to be in more than half of British homes by 2016. These high-tech devices differ from traditional televisions in that they are not just passive boxes that receive a signal and transfer it to a backlit screen. Instead, they are essentially computers that connect to the internet — and so also send information back the other way.
In theory, this can be extremely useful. For example, many smart TVs have shopping ‘apps’ to access Amazon. They connect to iTunes. They allow us to watch YouTube, instantly download films via Netflix, stream BBC shows on iPlayer, and talk to friends using the video phone link Skype. But in practice, like almost every type of computer, they can be all-tooeasily hacked. And unlike PCs, almost all of which have fairly good anti-virus ‘firewalls’, smart TVs have little or no such software.
Indeed, most have been designed so that outside software — including anti-virus programes — can never be installed. This year, Luigi Auriemma, an IT security researcher and computer programmer from Malta, demonstrated the risks that these devices pose when he showed it was possible to hack into several types of Samsung smart television.
After accessing the devices via the internet, Auriemma was able to control them: turning the TVs off and on, and secretly accessing data they held about a user’s viewing habits. Had he been a criminal, he could also have obtained details of the credit cards that users had uploaded to access pay-per-view TV, download films or use shopping apps.
Other experts recently made the chilling discovery that it is possible to remotely access the video cameras built into the front of thousands of smart televisions, and spy on the users in their own home.
One such expert is Kurt Stammberger, who works for the IT security firm Mocana. He says the company was recently asked by a television manufacturer to do ‘penetration tests’ on its devices.
‘We weren’t just able to find out what someone was watching, and had watched,’ he says. ‘We could also install “spyware” that could, if they had a video camera, allow us to see through that camera — without even activating the little light that indicates it’s on.
‘It was a fairly straightforward thing to do. People who work in IT often place tape over their computer’s camera lens [in a laptop they are usually set into the inside of the lid] unless they want to actually use it, because it’s so common to hack them. We should all do the same with smart TVs.’
Such an attack, which Stammberger describes as ‘frighteningly easy’ to mount, could provide voyeuristic hackers with a chance to snoop on unsuspecting home-owners in their living rooms or bedrooms.
You have only to witness the extraordinary success of the critically acclaimed Channel 4 show Gogglebox, in which consenting families allow the viewing public to watch them watching television, to appreciate how enticing that prospect could be. More commercially minded hackers could use such an attack to steal commercial secrets. It could even be used to spy on foreign powers.
‘It’s a serious prospect and I would be very surprised if the Government ever puts in a big order for TVs from, for example, a Chinese manufacturer such as Huawei,’ adds Stammberger, referring to the giant corporation that has been banned in America because of fears over espionage.
‘But supply chains these days are so long and so complex that it’s very rare to buy an electronic device that doesn’t have some sort of Chinese component in it.’ Gangs based largely in Eastern Europe and Russia, meanwhile, are already using so-called ‘data-mining’ programs to travel the internet looking for smart TVs in which owners have entered their credit card details. A single search can yield thousands of results.
According to Roger Grimes, who has written eight books on IT security and worked in the field for 28 years, the gangs then sell lists of hacked credit card numbers to fellow criminals. Card details that were obtained within the past 24 hours sell for around 2.20 pounds each. Older ones are cheaper because there is more chance the cards could have been changed or stopped. ‘What we are starting to see now is really just a foretaste of what’s going to be happening in the next couple of decades,’ says Grimes. ‘Thanks firstly to mobile devices, and now smart TVs, we are entering a brave new world where there will be computers everywhere.
Bad guys will take advantage of that.’ And we may not even be safe in our own living rooms.