Needing protection from hackers, Samsung’s smart TVs get an app that controls how viewer data is shared

January 18, 2020, 1:00 PM UTC
Patrick T. Fallon/Bloomberg

Earlier this month at CES 2020, Samsung unveiled a new app for its smart TVs called Privacy Choices. The app will arm Samsung TV owners with the abilities to see how their television is tracking them and to turn that tracking off. With televisions among the most ubiquitous devices in homes, Samsung’s timing to announce this app is right—or maybe overdue some experts argue, as smart TVs are increasingly becoming a security and privacy concern. And some experts believe the trouble could get worse.

The new app is the latest in a string of acknowledgements that televisions are collecting information on viewers. There’s also mounting evidence that malicious hackers are targeting internet-connected televisions that have video cameras and microphones to spy and steal data.

Last month, the FBI warned consumers that internet-connected smart televisions are vulnerable to hacks ranging from the annoying to the downright creepy. “At the low end of the risk spectrum, (hackers) can change channels, play with the volume, and show your kids inappropriate videos,” the FBI said. “In a worst-case scenario, they can turn on your bedroom TV’s camera and microphone and silently cyberstalk you.”

It’s not often consumers think about the security implications of their televisions, as typical hacking stories center on smartphones, computers, networks, and websites. But consumers should be ready for more television hacks, says Rishi Kaul, a television and security expert at Ovum.

“As our televisions become home to increasingly sensitive information (e.g. financial info, health data, etc.), the devices become more attractive targets for hacking,” Kaul says.

Moreover, hackers have become emboldened by television manufacturers seeing security as an after-thought—if they think about it at all. “[TVs] have not been designed with security considerations in mind,” IHS Markit analyst Paul Gray says.

Ken Munro, a security expert at Pen Test Partners, says for years there’s been evidence that hackers are increasingly targeting televisions and finding new methods to attack TVs. And in large part, he blames the TV-makers themselves.

“Security research, over the last 5 years, has shone a light on poor behavior by TV manufacturers,” Munro says. He adds that TV manufacturers are only starting to come around to the idea of safeguarding against “audio listening and improved privacy controls.”

To date, there have been precious few ways for TV owners to protect themselves from hacks. Samsung sells televisions with McAfee Security for TV software built-in, which lets users to scan their TVs for malware—but it’s only available in a handful of models. Most other manufacturers don’t bundle anti-malware software with their televisions and fail to provide an easy method for getting a malware scanner on the device.

Instead, TV users need to be informed and actually take action, Munro says. From turning off cameras to adjusting network settings, the only way to come close to safeguarding a television is to spend time tweaking.

“I spent about 30 minutes working through the various settings on my latest Samsung TV, switching off functionality and deselecting various options,” Munro says of his own efforts to protect his television. But even after all that time, he acknowledges that his television still isn’t perfectly secure.

An eye on privacy

Although Samsung’s Privacy Choices app won’t necessarily harden security against hacks—because it doesn’t provide tools to stop hackers; it gives people control over how their data is shared—all three analysts believe it’s a step in the right direction.

“The company is hamstringing its own data collection capabilities in pursuit of stronger transparency and privacy controls,” Kaul says. It’ll remain unclear, however, what other kind of data Samsung might be able to collect until the Privacy Choices app is actually released and its final slate of user controls is made public.

Munro agrees that Samsung’s app is a welcome addition. But he notes that users still need to get the app on their televisions, review their settings, and turn off what they don’t like.

“I would really like to see data privacy options switched on by default, so the consumer has to make a conscious decision to share their data,” he says.

Looking ahead, analysts are concerned about the prospect of television security and privacy. While Samsung has taken some steps in addressing the problem, it has 31% market share of global television sales, according to IHS Markit. The rest of the market needs to follow Samsung’s lead to create a broader security net for consumers.

But whether the competition actually follows remains to be seen. Munro fears that TV makers have a “financial incentive” to limit privacy controls and increase their per-unit margins by selling consumer data. For its part, Samsung has said on several occasions that it doesn’t collect or sell user data from its televisions.

Ultimately, the only way to safeguard consumer privacy might be through lawmakers regulating the industry and requiring TV makers to think about privacy. The problem, however, is that such regulation has been slow going.

In 2018, Senators Edward J. Markey (D-MA.) and Richard Blumenthal (D-CT.) called on federal regulators to investigate smart TV privacy and protect American users. However, the request didn’t compel federal regulators to actually investigate, and given the FBI’s warning last month, little has changed.

That said, the U.S. Federal Trade Commission (FTC) has, at times, targeted TV makers for violating user privacy. In 2017, for instance, the FTC fined Vizio $2.2 million after discovering that the company’s smart TVs were collecting “as many as 100 billion data points each day from millions of TVs.” Vizio was then selling that information, which included what people were watching and when, to third-party advertisers. It was an important indicator to TV makers that the government stepped in, but little has happened since.

As Munro suggests, the onus is still on TV makers to use the tools at their disposal and protect user privacy. The question centers on whether they will. “It is perfectly possible to create a much more secure TV,” Munro says “if the manufacturer is so motivated.”

More must-read stories from Fortune:

Food-delivery services feeling pressure to finally turn a profit
—Beware: Iranian cyberattacks may actually be false flags
—How to avoid the growing ‘fleeceware’ scam
—What $1,000 in 10 top stocks a decade ago would be worth today
—Jack Dorsey makes it clear: Twitter will never get an edit button

Catch up with Data Sheet, Fortune’s daily digest on the business of tech.

Read More

Artificial IntelligenceCryptocurrencyMetaverseCybersecurityTech Forward