Friday, 9 February 2018

Why integrated smarts in televisions isn't always that good.

Device manufacturers love to add bells and whistles to things to try and stand out from the pack. Promoting the idea that you can do it all with their device and do away with the other stuff you'd usually connect in.. but how does this fare over the long term? I don't think "smart" appliances are necessarily that smart.
Picture this. You've just bought a top of the line television, it's sleek, smooth, and is designated "smart" by it's manufacturer - hey, it's got a web browser, you can install apps, and it'll talk to a particular store or service for streaming direct to your device.

Everything goes swimmingly, then a year or two passes and then you see a headline something like this:

Android TV's rise is bad news for (most of) Google TV

Now, half the buttons on the remote probably won't do much useful, it'll probably have a growing list of vulnerabilities, and chances are that new codecs won't be supported.

What about an article like this:

Smart TV hack embeds attack code into broadcast signal—no access required

It didn't even require physical interaction with the television!

In theory, "smart" devices sound great - in the case of a television, it's already going to have a lot of chippery, so to add some extra features isn't that great a cost. A television, however, is usually a long term purchase, and so after the upfront cost, the manufacturer won't see any ongoing revenue from the set. This sets up a perverse set of motivations - the manufacturer wants to entice people to buy new TVs by offering new features and convenience, but also doesn't want to spend money keeping owners of older sets happy, and doesn't want to discourage them from buying a new TV.

  • "It's just a television", I hear you say.
    No - these days, it can be a networked computing device... and, it's inside your network!
  • "I don't browse on my TV", you say.
    That doesn't mean that the TV won't reach out to the internet for things like interactive broadcasts (which use the internet for backchannel), or leave connection options open for other devices (so you can cast stuff to your TV etc.)
A smart device may not be the first point of attack within a network - it may be more likely that someone clicks on a webpage with a bad ad, or falls prey to a phishing attack etc., but devices that pay no heed to security can be used for, if not ingress to a network, lateral movement within the network.

Before buying a "smart TV" ask:

  • "How long is the manufacturer going to support this device with functionality and security updates?"
    ... and not just the base environment - if you bought the TV for use with streaming services, how long before those streaming services won't be supported by the TV anymore?
  • "If this TV's features are no longer supported, how useful will the TV be?"
    Is the model you're considering buying as good as the other options when you take out the "smart" features? Is it even properly functional? Might a cheaper model with an external set top box work better?
  • "Has this manufacturer made devices that have been hacked before, and if so, how did they respond?"
    ... were the devices already out of support, or did the manufacturer release a patch?
    ... if they released a patch, did it disable functionality or fix it?
Whilst it may not be as nice as an all in one solution, the use of external set top boxes (often not actually on top of a set these days because of flatscreens, but the name has stuck) is often a better solution. Manufacturers of these STBs (if they manufacture for retail, and not to cable companies and the like) have to work harder to get your business, and... if they should fail... you can replace the box. Integrated smarts, you can't swap them out, and you can't always disable them.

Food for thought :)

No comments:

Post a Comment