Connect with us

Expert Speak

How to Protect Your Smart TV from Security Threats

Published

on

Written by Gabrielle Ladouceur Despins, writer at WeLiveSecurity-ESET

The final stretch of 2018 approaches. For parents of young children, this means that lunch boxes and homework are back. It is also the season, for many of us, when trees start to change color before the arrival of the cold season. It is also the time when entertainment companies try to entice viewers back to the sofa to discover what new treats they have in store.

Your couch is ready, you’ve possibly stocked up on popcorn, and maybe you’ve invited friends to celebrate the return of your favorite show. But have you thought about securing your connected TV (Smart TV)? Smart TV, like all connected devices, can present various types of threats, including the risk of having your conversation recorded and using security vulnerabilities that can allow attackers to take control of your device.

We have published several articles in the past on the security of connected devices. In the meantime, here are some steps you can take to use your Smart TV more safely:

1 – Protect your router credentials
To take advantage of the technology of connected televisions, the use of the router is a very popular avenue, due to its practicality and the flexibility it offers. This device allows you to connect several devices to your network, without using a large number of cables, which would reduce the versatility of IoT devices.

However, a router that hasn’t yet been secured could put your Smart TV and your entire network at risk. For example, a Man-in-the-Middle (MITM) attack could allow a criminal to install malware on your Smart TV. To achieve this, the cybercriminal needs to have access to your network. Access to your network – which the attacker will have, if s/he has your Wi-Fi , or has otherwise hacked into your router.

To ensure the security of your router, the admin username, along with the provided password should be changed, if you haven’t already done so! It really is the first step you should take. Make sure you use a strong and unique username and password. In order to prevent access to your network without your consent, you should also make sure to disable any features you do not use, such as any features you are not using that could facilitate access to your network without your consent.

Also, always make sure to update your router, if and when such an update is available, as well as all your connected devices, to be protected against newly discovered and fixed vulnerabilities. If you need to purchase a new device, you should look for a device that complies with and supports the new WPA3 protocol. You will find several other tips in this blog article.

2- Sort your networks and devices
Many devices are probably linked to your router. A good practice for securing your home network is to list devices and create separate networks with custom permissions to better protect the most sensitive devices. Viewing the list of devices will allow you to turn off those you do not use or no longer use. This step will make it easier to detect an intrusion attempt, since you will already be familiar with the names of devices using your network.

The creation of a separate network offers other advantages. For example, you may decide to separate sensitive devices such as surveillance cameras, storage devices or home automation devices from the rest of your connected devices, including your Smart TV, to avoid the risk of breaches. You can also choose to share only certain devices with your guests at home.

3- Configure your Smart TV
Just like all your connected devices – and your router – your Smart TV must be properly configured to ensure security and functionality. If the features vary from device to device, check the manual. First, make sure you configure the privacy settings and information you allow your provider to collect – or share with third parties. Several Smart TV vendors have found themselves in the spotlight for collecting a great deal of information from their customers – including voice recordings.  To prevent this, and other possible violations, make sure you configure your router’s settings for both privacy and the information you allow your provider to collect – or share with third parties.

If your Smart TV also includes a camera, remember that it too can put your privacy at stake. Cybersecurity researchers have identified attacks where Smart TV cameras were accessed via the internet. Once again, caution should be exercised. Turn off the camera when not in use. You can even place a piece of tape on the lens, to prevent anyone from getting in and watching you even when your Smart TV is off.

Remember also that any enabled features may pose a risk. Indeed, uncorrected loopholes in them can serve as an opening through which cybercriminals can sneak in. So remember to disable the features you are not using. Even if it means reactivating them in the future, if you wish to use them.

Also think about adjusting the configuration of protection measures offered by the provider, updates – we will come back to this below – and, if necessary, parental control! Most of today’s devices are equipped with user-friendly graphical interfaces, so it only takes a few minutes to properly protect you.

4- Install the latest updates
Criminals are always looking for new vulnerabilities that they can use to infiltrate their victim’s device, network or computer. A vulnerability is an exploitable weakness in an application that makes it possible to perform an unwanted or wrong action that cybercriminals can use to attack your devices. Connected devices, like your Smart TV, have firmware. Like all computer systems, Smart TV firmware must be regularly updated so that you have all the patches in place, especially to avoid bugs and vulnerabilities.

Unlike your computer’s operating system or smartphone, most Internet of Things (IoT) devices do not update firmware automatically. However, many IoT devices offer you the option to put the firmware directly into your console, which makes your task easier. If not, you must download and install the updates yourself. In both cases, you then have to install the updates if applicable.

5- Use a complete security solution
Like your computer or mobile phone, your smart devices can be infected with malware or other threats created by cybercriminals. You should therefore use a complete security solution from a trusted provider to protect these devices as well. There are several options, including ESET Smart TV security available on Google Play Store, that offers you real-time protection against viruses and ransomware, in addition to automated virus database updates. Test some of these products as they usually offer you a trial period. When you find the one that suits your needs we strongly suggest you secure your Smart TV with it.

6- Download applications with caution
We often discuss this issue of malicious applications and potentially unwanted applications (PUAs) on WeLiveSecurity. And with good reason! Malware and PUAs are a major problem: in 2017 Google removed approximately 2000 applications per day that violated its policies.

Banking Trojans, fake security applications, paying applications pretending to be legitimate free applications, or malicious software disguised as games or legitimate applications — cybercriminals have numerous tactics up their sleeves. Malicious applications can also affect your Smart TV so, as with any other device, you should take special care with the applications you download to it.

The first advice is of course to always download applications directly from the Google Play store or the App Store. Always check the name of the software author, the number of installations and other users’ evaluations before downloading an application. If in doubt, wait before installing an application that you think might be questionable.

7- Use streaming with caution
Now that your devices themselves are secure, remember that your web browsing is also a preferred entry point for cybercriminals. Attackers do use streaming sites to deliver various types of threats, ranging from social engineering campaigns to malicious code downloads, cryptojacking and potentially unwanted Applications (PUAs). Choose the streaming sites you consult with caution.  Actively search for and use reliable and legitimate websites for online viewing.

Now that you have implemented these measures to improve the security of your Smart TV, you can sit back and enjoy the upcoming season safely. However, remember that IT security is not limited to individual actions taken on a specific date. Keeping your Smart TV and connected devices safe requires continuous effort and monitoring.

Be sure to implement these security measures and review your cyber security practices in IoT regularly. This way, you can not only enjoy the next season of your favorite shows but can continue to use all your connected devices safely, including in coming seasons.

 

Click to comment

Leave a Reply

Your email address will not be published.

Expert Speak

Top 10 Steps to Securing Your New Computer

Published

on

Written by Phil Muncaster, guest writer at ESET

With Windows 11 making headlines for all the right reasons, it could be a great time to invest in a new PC for the family or the home office. But any new household computing device should come with an attendant safety warning. Hackers will be after your data the minute it’s connected to the internet. And they have numerous ways to get it.

That’s why you need to think about cybersecurity even before plugging your machine in and switching it on. Take time out now to refresh your memory and make cyber-hygiene a number one priority.

What are the main threats to my PC?
As soon as you’re connected to the internet, malicious actors will be looking to steal your data, encrypt and hold your machine ransom, lift financial details, secretly mine for cryptocurrency, and much more. They’ll do so via some tried and true methods, which often rely on cracking, stealing or guessing passwords, or exploiting software vulnerabilities. Top threats include:

Phishing: One of the oldest con tricks in the book. Cybercriminals masquerade as legitimate and trustworthy sources (banks, tech providers, retailers, etc) and try to persuade users into clicking on links and/or open attachments in emails. Doing so will take users to a spoofed site requesting that they fill in personal information (like logins and/or address/financial details) or could trigger a covert malware download.

Drive-by downloads and malicious ads: Sometimes merely visiting an infested website or a site running a malicious ad could trigger a malware download. We may think that well-known sites may be less compromised in this way as they are better resourced and can afford enhanced protection. But there have been plenty of counter-example through the years showing that it’s not always the case. That’s why its essential to invest in security software from a reputable provider and ensure that your browser’s security settings are correct.

Digital skimming: Hackers may also compromise the payment pages of e-commerce sites with malware designed to silently harvest your card data as it is entered. This is difficult to guard against as the issue is with the provider. However, shopping with better-known sites can reduce risk.

Malicious apps and files: Cybercriminals also hide malware inside legitimate-looking applications and downloads. Many of these are posted to online forums, P2P sites, and other third-party platforms. That’s why it makes sense to download only from trusted sources, and to use an effective security software tool to scan for malicious software.

Ten tips to keep your computer safe
Many of the below steps may be taken care of automatically by your PC manufacturer/Microsoft, but it pays to dig a little deeper to make sure all the settings are as secure as you need them to be. Here are our top 10 tips for computer safety:

  1. Apply automatic updates for the OS and any software running on the PC
  2. Remove bloatware that often comes with PCs. Check beforehand if you don’t recognize any software to ensure removing it won’t degrade the performance. The fewer pieces of software on the machine, the less opportunity for attackers to exploit bugs in it
  3. Install multi-layered security software from a reputable third-party vendor and keep it up to date
  4. Configure backups, and ideally back up a copy of data to a remote storage device kept offline
  5. Secure the browser by adjusting privacy and security settings and ensuring it is on the latest version
  6. Switch on and configure your firewall on the OS and home router, ensuring it is protected with a strong password
  7. Download a multi-factor authentication app in order to help protect your accounts from being hijacked via phishing and other attacks
  8. Avoid using USBs that you don’t own, in case they are loaded with malware
  9. Use a password manager to ensure that all your credentials are unique, strong, and hard-to-crack
  10. Only download apps/files from trusted sources and avoid pirated material, which can often be booby-trapped with malware

It goes without saying that, even by following these best practices, you could still be at risk when browsing online. Always proceed with caution, don’t reply to unsolicited emails/online messages, and ensure device encryption is switched on.

Continue Reading

Expert Speak

Why You Should Use a VPN While Traveling

Published

on

According to a survey conducted by NordVPN, 50% of travellers use public Wi-Fi while on the road. However, only 20% of them use a VPN (a virtual private network) to protect themselves while being connected to a public network. “Travelers connect to public Wi-Fi in airports, cafes, parks, and trains. Some even use public computers to print their visa information or flight tickets. A VPN in those cases is crucial if you want to make sure that your vacation will not be ruined by cyber criminals. Nobody wants to lose access to their device or their bank account during a trip to a foreign country,” says Daniel Markuson, a cybersecurity expert at NordVPN.

As International VPN day (August 19th) is just around the corner, Markuson lists all the benefits offered by the service.

Enhanced online security
The main purpose of a VPN is to keep its user’s online connection secure even when they are away from home. Hackers can set up fake hotspots or access unsecured public routers and this way monitor users’ online activity. Once a user is connected, criminals can intercept their internet traffic, infect the device with malware, and steal their victim’s personal information.

When authenticating themselves on public Wi-Fi, users often need to type in their email address or phone number. However, if a user has accidentally connected to a hacker’s hotspot, they could be exposing themselves to real danger.

A VPN hides users’ IP addresses and encrypts their online activity. That means that, even if a user is using a malicious hotspot, the hacker behind it won’t be able to monitor their activity. Therefore, getting a VPN for travelling abroad is essential if you want to stay secure and private online.

Grab the best deals
Depending on the country in which you’re located, the prices for airline tickets, car reservations, and hotels might vary. That’s because businesses know that people in different countries can and will pay higher amounts for certain products and services. If you use a VPN for travel, you can hop between servers in different countries and find the best deals available.

Make the best of additional VPN features
As the industry is evolving, many VPN providers add new features to make their users’ experience even more wholesome. NordVPN, for example, recently added the Meshnet feature that lets travellers connect to other devices directly no matter where in the world they are. This enables users to form a remote connection with their home or office PC from anywhere in the world to share files or for other uses.

However, having said that, please check local laws and regulations about using VPN services on your devices, before you do.

Continue Reading

Expert Speak

Social Media Data Leaks Account for 41% of All Records Breached

Published

on

Written by Edward G, Cybersecurity Researcher and Publisher at Atlas VPN

Social media is quickly turning into a primary security weak point. A single data breach within one of the major social media networks can result in millions of records being stolen. Within the past few years, we have seen multiple large-scale data breaches involving companies like Facebook and Twitter. Yet, we rarely see the bigger picture.

Luckily, data presented by Atlas VPN gives insight into the scope of the issue. It turns out that 41% of all compromised records in 2021 originated from social media data leaks, which is a significant upsurge compared to 25% in 2020. The data presented is based on the 2022 ForgeRock Consumer Identity Breach Report, which gathered data from various sources, such as 2021 Identity Theft Resource Center, IBM Ponemon, TechCrunch, Forrester Research, as well as UpGuard, and IdentityForce.

A few other factors make social media a security weak point within the current online landscape. First, criminals can prey on business clients by posing as the company in order to obtain credentials. This is becoming especially prevalent since companies increasingly use social networks to communicate with customers.

Second, fraudsters frequently attempt to infiltrate businesses by leveraging mutual connections, which create a false sense of security. Moreover, people who overshare on social media make it simple for thieves to locate personal information that aids in company breaches.

Besides social networks, another major source of leaked information is the retail sector, which accounted for nearly a quarter of all records breached in 2021. According to the U.S. Department of Commerce Retail Indicator Division, e-commerce sales increased by 50% during the pandemic. Retail data breaches increased in frequency and severity during the same period.

While the average cost of a retail breach was $2.01 million in 2020, it increased by 63% to $3.27 million in 2021. Customer credit card, payment information, and personal data were the principal targets of retail data breaches. E-commerce websites and applications sometimes skip security precautions like two-factor authentication (2-FA) as they seek a simple user experience.

When the enormous volumes of personal data that retail websites collect are not adequately protected, it creates the ideal environment for breaches and subsequent fraud. Finally, the healthcare sector is worth mentioning with only 1% of records, yet, at the same time, the information leaked is usually particularly sensitive.

Data compromised from healthcare institutions tend to include name, address, SSN, date of birth, and, in two-thirds of the breaches, actual medical history information. With this information in hand, cybercriminals can blackmail companies or even particular individuals.

To round up the findings, it’s obvious that retail and social media companies should go the extra mile in securing their customer information. In addition, even though healthcare providers leak only a fraction of the data, they should still safeguard their client data with particular care due to the sensitive nature of the information.

Some services offer data breach monitoring tools. Data breach monitors track any data breaches related to your online accounts. It automatically scans leaked databases and informs you of any past or recent breaches where your personal information was exposed.

As always, we must mention the most effective countermeasure against data leaks. It is advised to enable multi-factor authentication on all of your accounts that offer the functionality. This way, even if your credentials are compromised, threat actors will not be able to access your account unless you lose your phone, and it is also found by ill-meaning individuals, which is less than likely.

Continue Reading
Advertisement
Advertisement
Advertisement
Advertisement

Latest Reviews

Follow us on Facebook