Good Job Team: New TVs Are Vulnerable To Malware, Viruses

Good Job Team: New TVs Are Vulnerable To Malware, Viruses
Image: Kotaku

Welcome to Hell, where our TVs get infected with ransomware and viruses.

If this sounds like a horrifying thought, Samsung would like to remind you that, yes, your TV is just as vulnerable to random popad ads from porn as every other device. The company’s official support account on Twitter today put out a little notice showing everyone how you can run an anti-virus scan on your TV, because it’s 2019 and this is something we have to all actively think about now.

Unsurprisingly, Samsung’s handy reminder was not welcomed with open arms.

I feel bad for the Samsung Support team. They’re just doing their job, trying to help, although interactions like this one weren’t received too well.

And best intentions don’t pan out so well when they stop your TV from using, uh, Netflix:

If anything else, the general sentiment was that, collectively, we have enough devices in our lives that require careful management.


    • Just hope your TV never breaks down. It’s basically impossible to buy a dumb TV anymore. Even my base-tier 50″ Sony has the utterly useless “Android TV” on it. All it seems to do is update itself occasionally, forcing me to wait five minutes before I can actually use the TV.

      At least it has the courtesy to update at power-on rather than while I’m actually watching it, I guess.

      • Might have to go with one of those ‘not so good’ brand tvs perhaps? Or simply deny it wifi access?
        Its a problem for future me i suppose.

  • I’ve never connected my TV to the Internet, all my streaming is done off Chromecast or the PS4.

  • Interestingly, some TVs will accept firmware updates transmitted in free-to-air TV broadcasts. There used to be a program to multiplex these updates into the broadcasts on the ABC and commercial stations, but I don’t know if it is still being done. The firmware has probably grown a lot, but the bandwidth available to send out the updates through this channel has remained constant.

    • Love to get my Channel Seven-sponsored critical TV security updates, available only during the hours of My Kitchen Rules and some other mind-numbing quality content

      • I only saw an OTA update on my TV once, and it only notified me about the update when I tried to turn it off.

        But the length of television shows is actually relevant: to properly download an update, you needed to be tuned into a station to receive the full update package. If you can’t fit the update into the fraction of bandwidth available during an episode of MKR, then it would probably never download successfully. That’s probably one of the reasons the mechanism became unworkable.

  • Cut to a couple of years from now, when we’re having the same concerns about every IoT device in your home. Imagine your toaster refusing to make toast until you cough up some bitcoin, or getting locked out of your own fridge…

    • We don’t even have the important stuff like the fridge being able to show you who stole your last chocolate yogurt.
      “I knew it, Doug, I bloody knew it was you! Now I have the video evidence to prove it!”

      • Actually, I just saw a fridge in the store that has cameras inside (so you can see what’s in there without opening the door) and it also had a tablet built into it. If it’s not already an option, I doubt it would be hard to make it record the video feed 😛

  • Wow, we have gotten to that stage. New market for the Kaspersky’s and Symantec’s. Anti Virus for your household items, fridge, toaster, tv, remote control, kids.

  • This is somewhat old news. If you have any IoT capable device, chances are it’s being exploited as part of a botnet or otherwise being misused unless you’ve secured it. We’re living in an age where we have smart devices but haven’t made people smarter to keep up with the new security and privacy problems they bring.

    • OTOH most people don’t understand how their tech works, and they shouldn’t really have to as end users. It’s up to manufacturers to push software updates (and probably enforce their installation) to protect users. Unfortunately, they just don’t support their devices properly.

      I like the convenience of a smart TV but so many things end up broken as time goes on that I’d rather just use my console or an Apple TV or whatever and have the TV do nothing more than select inputs. At least those devices will receive regular updates.

      • Thats always been the case to some extent. As a new wave of tech emerges, in this case IoT, the previous generation that didnt grow up with it tend to suffer somewhat. Its close enough they get the gist, but different enough they miss what makes them new.

        The switch to smart phones did similar as did the emergence of mobiles in general. My dad was pretty tech proficient, but never did get the benefits of mobile phones. Digital TV was a confusing thing for a lot of people a decade ago, and I’m sure you remember the indifference to the NBN right at the start, and the belief that you didnt need to switch. Even the rise in microwave usage confused some people for a while.

        Not going to go back further than that, but every time the base method with tech has changed, a group fails to understand it, and its usually an older generation that has learned how to do things a certain way, and doesnt understand how a change can make it better.

    • I don’t know much about Tizen (which I assume is what’s being talked about here) but if it’s at all on par with Android then the only meaningful need for antivirus is if the OS allows untrusted packages to be installed and you’ve enabled that setting. If you keep your device with default security settings (eg. trusted sources only), you don’t need AV (on Android).

      (That’s not even getting into the fact AV on Android is mostly a scam anyway and most AV apps don’t do anything more than blacklist apps by executable hash. But hey, AV companies gotta make that money and what better way than to convince normal people they need something they don’t.)

    • It really depends on who made the IoT device. Some have practically no application level security and are abandoned by the manufacturer the minute the new version is released the next year. Others make it difficult to escalate an application level compromise into a full system compromise, and have automatic updates enabled by default (e.g. Google’s ChromeCast line).

      I generally try to steer family away from the no-name Chinese gear on the basis that those brands have nothing to lose if they get things wrong: they’ll just cycle on to the next brand name and have a clean slate. In contrast, the Google or Philips brand names have value that the respective companies won’t want to tarnish. It’s not foolproof, but it helps weed out the worst.

      • That’s a pretty good point. The bigger names do tend to support at least critical updates longer than the no-names do.
        My partner has a less than year old Kogan TV that can no longer access netflix because they haven’t updated it, while several years ago I flashed the firmware on my 8 year old at the time LG to fix reception issues with digital channels.

    • I think the main question Samsung’s post raises is what their virus scan menu item actually does.

      If it is just checking that all the applications are correctly signed and authorised, then surely this is something that already happens when they’re installed/upgraded. If it is possible to escape Tizen’s application confinement and compromise the base system, why would you expect that virus scan menu item to actually do what it says?

      It sounds like something an executive or project manager asked to be added without a clear idea of what it would do. If anything, it could give users a false sense of security. You’d be better off with a manufacturer that pushes out regular security updates than one who adds a virus check menu item.

  • Pretty concerning when the devices get to a few years old and the manufacturer no longer supports them.
    My Samsung smart TV hasn’t received an update in 5 years and Android phones generally don’t get supported after 2 years

  • For me, I think one of the biggest concerns is spread. IoT devices can be an easy entry point. As people above have stated, they tend to be quickly forgotten about and have little security. But if we look at the latest Samsung tv’s for example, they are now becoming homekit compatible. Find an entry via IoT and then an exploit through homekit and then to main computers.

      • Pretty much. I think the reason these sort of things are getting focused on atm is that it is another way to be sold a shoddy antivirus. Like badly loaded, pre-installed programs on a laptop. Which for a tv if I think about some people I know they are the sort of people who don’t know any better and will buy this sort of software. Either directly on the device or as an add on sale at the good guys or harvey norman.

Show more comments

Log in to comment on this story!