With a price tag of $1,000 USD or more, one would think that a Smart TV should be able to automatically do what it needs to do to stay safe. Why then did Samsung make a Tweet suggesting users should manually virus scan their TVs? Included in the Tweet was this video displaying how to initiate the virus scan. The Tweet has since been removed, more than likely due to the influx of ludicrous responses.
Here is a screenshot archived by the Internet Archive’s Wayback Machine that TechRadar’s Olivia Tambini found:
Continued reading can be found in BBC’s post about Samsung’s Tweet, including additional images of responses from Twitter users, and responses to BBC contacts. BBC’s post goes on to state that Samsung TV’s actually utilize a proprietary operating system, yet have partnered with McAfee for their TV antivirus software. This begs the question: shouldn’t Samsung developers develop their own antivirus product seeing they are (well, should be at least) aware of the codebase’s intricacies? Why would an outside entity have the know-how of scanning proprietary operating systems?
Some takeaways and additional thoughts.
Either don’t connect your Smart TV in a smart way (e.g., don’t connect your TV to your network), or segment your TV onto a separate network. The former ensures no network access, thus avoiding concern of malware attacks. Obviously, this reduces the “Smart” aspect to, well, just a plain old dumb TV. The latter option allows for continued “Smart” usage but on a network that doesn’t permit access to other networked devices.
Seeing that the TV operating system is proprietary, are common vulnerabilities still of a concern? How would malware attacks work if the codebase is custom-written? Should pre-loaded apps be scrutinized? What about Samsung TV’s SmartHub?