McAfee Blogs

How To Tell If Your Smart TV Spying on You

From their original design as simple broadcast receivers, today’s televisions have evolved into powerful, internet-connected entertainment hubs. Combining traditional viewing with online capabilities, smart TVs provide instant access to streaming platforms, web browsing, voice assistants, and personalized recommendations. 

As our TVs have grown smarter, however, they’ve also become gateways to new privacy and security challenges. In a chilling echo of George Orwell’s dystopian novel 1984, it’s possible that Big Brother, or in this case, Big Hacker, might be surveilling you through your own television.

In 2013, evidence emerged that smart TVs can be just as vulnerable to hacking as home computers, following an investigation by security analysts Aaron Grattafiori and Josh Yavor at iSEC Partners. Working with smart TV manufacturers to address potential vulnerabilities, the analysts presented their findings at the Black Hat network security conference in Las Vegas. Their demonstration highlighted the concerning possibility of smart TVs not only physically surveilling you through the built-in camera but also prying deeper into your personal life by collecting data on your web searches, app usage, and preferences.

Smart TV hacking entry points

Smart TVs can be hacked in several ways, but the gateway that opens your smart TV to these attacks is the IP address, which links with internet-driven apps such as Facebook and YouTube, as well as video streaming services, microphones, and even internal cameras. Because smart TVs often run the same code as computers and smartphones, such as JavaScript or HTML5, they are also susceptible to malware and spyware attacks. These are some of the ways your device can be hacked:

• Outdated firmware: When you don’t regularly update your TV’s software, you leave known security holes wide open for cybercriminals to enter. These updates often include security patches, but many users ignore update notifications.
• Unsecure downloads or sideloads: When you download apps from unofficial sources or use older apps with poor security, you invite malware into your living room. Additionally, weak Wi-Fi settings at home create an opening for hackers to access not just your TV but your entire network.
• Weak login habits: Using the may include background services you are unaware of, which allow criminals to access your smart TV once they’ve compromised your other accounts. Smart TVs could even have background services you might not know about, creating additional attack points.
• Compromised physical connections: Infected HDMI devices or USB drives could introduce malware into your system. Once hackers gain access to your smart TV, they can use it to move through your home network and other connected devices.

Spying beyond physical surveillance

Once a hacker has compromised your smart TV, they can spy on you through several built-in technologies that collect data on your viewing habits, conversations, and online activities.

• Automatic Content Recognition (ACR): This is a common spying method that analyzes audio or video snippets from your content. It then packages and sells this data to advertisers, who use it to create profiles of your entertainment preferences for customized advertising. 
• Voice assistants and listening microphones: Many smart TVs include voice control features that activate when you say specific wake words. These microphones can capture private conversations, even when the TV is “off” and on standby mode. This data could be processed by third-party voice recognition services, creating potential eavesdropping risks.
• Built-in or plug-in cameras: These enable video calling and gesture control features, but they also create opportunities for unauthorized surveillance and privacy vulnerabilities. Smart TVs with cameras could be accessed by hackers or malicious software.
• App-level tracking and advertising IDs: Similar to smartphone apps, smart TV apps also collect data on your usage and preferences through unique advertising identifiers, which build comprehensive profiles for targeted marketing. Your Netflix viewing habits might influence ads you see on YouTube or other platforms.
• Data sharing with third parties: TV manufacturers often share collected data with advertising networks, content providers, and data brokers to create extensive digital profiles. This information can include viewing schedules, app usage, voice recordings, and even household demographic insights.
• Privacy settings: Most smart TVs offer settings to disable ACR, limit voice recording, and opt out of personalized advertising. Look for “Privacy,” “Viewing Data,” or “Interest-Based Advertising” options in your TV’s settings menu. However, these settings may reset after software updates.
• Network behaviors: Your smart TV communicates with various servers, sending viewing data, software telemetry, and usage statistics even when you’re not actively using smart features. Router logs often show smart TVs making hundreds of network connections per day to advertising and analytics services.

The key to managing these privacy risks is understanding what data your TV collects and taking control through privacy settings, network restrictions, and informed usage decisions. 

Types of data that smart TVs collect

• Viewing history, content preferences, and navigation patterns: Your smart TV tracks what shows, movies, and channels you watch, how long you view them, and when you pause or skip content. This data helps TV manufacturers and streaming app providers understand your entertainment preferences and suggest personalized content.
• Device identifiers and technical data: Your TV collects unique device identifiers, IP addresses, Wi-Fi network information, and technical specifications. In turn, manufacturers use this data for device management, software updates, and to link your viewing activity across different sessions and devices.
• Advertising IDs and marketing data: Smart TVs generate unique advertising identifiers that track your activity for targeted advertising. Third-party advertisers and data brokers use these IDs to build detailed profiles for marketing campaigns and to measure ad effectiveness across different platforms.
• Voice recordings and search queries: Your voice commands or searches are recorded and processed by the manufacturer’s servers or third-party speech-recognition services to improve voice-recognition accuracy and deliver search results.
• Geolocation and network information: Your smart TV can determine your approximate location through your IP address and Wi-Fi network details. This geographic data helps content providers offer region-specific programming and advertising.
• Diagnostic and performance data: Smart TVs collect technical performance metrics, error logs, and usage statistics to help manufacturers and software partners identify issues, improve software performance, and develop new features. 

Take control of your data

Your smart TV data typically flows to multiple parties. It starts with the device manufacturer for product improvements, then to streaming app providers for content recommendations, on to advertising networks for targeted marketing, and analytics companies for usage insights. Recent regulatory guidance emphasizes that you should have clear visibility into these data-sharing relationships through your TV’s privacy policy.

You can limit data collection by disabling Automatic Content Recognition (ACR) in your TV’s privacy settings, turning off personalized advertising, and regularly reviewing app permissions. Consumer protection agencies require smart TV manufacturers to provide opt-out mechanisms for advertising personalization and data sharing with third parties.

Stop the spying

Fortunately, you can significantly reduce your smart TV risks with some simple preventive measures:

1. Check your TV’s privacy and ACR settings: Navigate to your smart TV’s settings menu and look for privacy, data collection, or “Automatic Content Recognition” (ACR) options, and disable or limit that function to prevent the tracking of your viewing behaviors and preferences. 
2. Review consent prompts after software updates. When you see pop-ups asking for consent to new terms, take a moment to read what you’re agreeing to. You can often decline optional data sharing while keeping essential functionality. 
3. Monitor your ad personalization settings: Look for advertising or marketing preferences in your settings menu, and opt out of personalized advertising to reduce the data collected about your viewing patterns.
4. Audit app permissions and microphone access: Smart TV apps may request access to features such as your microphone, camera, or network information. Review which apps have these permissions. Voice assistants and video calling apps may need microphone access, but streaming apps typically don’t require these sensitive permissions.
5. Monitor network activity: Check your router’s device list to see if your smart TV is unusually chatty with unknown servers. Many modern routers also offer parental controls or privacy features that can limit your TV’s internet access to only essential functions.
6. Perform security audits on major platforms: Roku, Samsung Tizen, LG webOS, and Android TV each offer basic privacy controls in their main settings. Look for “Privacy,” “Ads,” “Data Collection,” or “Viewing Information” to take control regardless of your TV model.
7. Check for physical indicators and hardware controls: Many newer smart TV models don’t include cameras, but if yours does, you’ll often find a physical privacy shutter or the ability to disable it in settings. For voice features, look for microphone mute buttons on your remote or TV itself.
8. Stay updated: Ensure your apps are updated regularly to maintain the security of your TV and its apps. The digital world is full of bugs waiting for a chance to invade your device, so don’t let outdated apps provide them the perfect entry point. 
9. Use social media sparingly: Social media sites are notorious hunting grounds for identity thieves. Restrict the use of these apps to your computer, smartphone, or tablet, and ensure they have comprehensive security protection to guard your devices, identity, and data.

Standby versus fully off

Most smart TVs don’t fully turn off when you press the power button; they enter standby mode to enable quick startup. In this state, certain components may remain active and continue collecting data. It might maintain network connectivity to receive software updates, keep microphones and voice assistants ready to respond to wake words, or continue ACR that tracks your viewing habits.

To truly disconnect your TV from potential monitoring, you have several options:

1. Look for a physical mute switch on your remote or TV for the microphone. This provides a hardware-level disconnect that software can’t override.
2. You can unplug your TV entirely when not in use or connect it to a power strip that you can easily switch off to cut all power.
3. For a more permanent solution, dive into your TV’s privacy settings to disable ACR tracking, turn off voice activation features, and restrict background data collection. 
4. You can also disconnect your TV from Wi-Fi entirely if you primarily use external streaming devices, which gives you more control over what data gets shared.

FAQs about Smart TVs

Do all smart TVs have cameras?

It depends on your specific smart TV model and its manufacturing date. Most modern smart TVs manufactured after 2022 do not include built-in cameras. Major manufacturers such as Samsung, LG, Sony, and TCL have largely moved away from integrating cameras directly into their television sets due to privacy concerns and limited consumer adoption. 

Some premium models and older smart TVs from 2018-2021 may still feature built-in cameras designed typically used for:

• Video calling: Apps such as Zoom or Google Meet allow you to make calls from your TV
• Gesture control: Hand movements enable you to navigate menus and control functions 
• Facial recognition: Based on who is watching, smart TVs can personalize content recommendations
• Voice assistant integration: Some cameras work with microphones to enhance smart assistant features

If your smart TV does have a camera, you still have control, as most smart TVs with cameras include physical privacy shutters, software controls to disable the camera, or the option to cover the lens. For external USB cameras, simply unplugging it ensures that no one can see you through the smart TV.

How do I know if my smart TV has a camera?

To determine if your smart TV has a camera, check the following:

1. The physical TV: Check the top, bottom, and side edges of your TV screen for a small circular lens, typically about the size of a coin. Built-in cameras are typically small lenses located on the top bezel or may retract into the frame. 
2. Quick detection test: In a dimly lit room, shine a flashlight across your TV’s bezel while looking for reflective surfaces. Camera lenses will reflect light differently than the surrounding plastic, appearing as small, glassy circles that catch and reflect the light beam.
3. Camera shutter or privacy cover: TVs with built-in cameras often include a sliding privacy shutter or removable cover. Look for a small plastic piece that can slide over the camera lens area, or a hinged cover that flips up and down.
4. User manual: Your manual will clearly list the camera functionality if it is present. You can also find detailed specs on the product packaging. Look for terms such as “built-in camera,” “video calling,” or “gesture control” in the feature list.
5. Manufacturer’s website: Visit your TV manufacturer’s official support page and enter your exact model number. The detailed product specifications should confirm whether your model includes camera hardware.
6. Camera-related settings: Go to your smart TV’s main settings menu and look for sections labeled “Camera,” “Privacy,” “Microphone,” or “Gesture Control.” If these options exist, your TV likely has camera capability. Many TV models from 2023 include dedicated privacy toggles that let you fully disable camera functions.

If you discover your smart TV has a camera, you can take control of your privacy by disabling it in your TV’s settings, covering it with tape when not in use, or using any built-in privacy shutters.

How can I disable or manage my smart TV camera?

Aside from the precautions listed above, there are other ways you can disable your smart TV’s camera:

• Privacy settings: Navigate to your smart TV’s Settings menu, then look for “Privacy,” “Security,” or “Camera” options. Most modern TVs group these controls together to limit the data your device collects and shares.
• Specific apps: Review which apps have camera permissions by going to Settings > Apps > [App Name] > Permissions. Turn off camera access for apps that don’t need it, like streaming services or games. Video calling apps will need camera access to function properly.
• Gesture and voice control: Disable motion-sensing and voice-recognition features in your TV’s accessibility or interaction settings, as these features often require the camera and microphone to be active.
• System update resets: Smart TV updates can sometimes reset your privacy settings to defaults. After each update, take a few minutes to verify your camera and microphone settings remain off as you configured them.
• Network-level protection: For tech-savvy users, consider setting up router-level controls to monitor or restrict your smart TV’s internet connections. Some routers allow you to block specific domains or limit device communication, adding another layer of control over what data your TV can share.
• Automatic security updates: Keep your smart TV’s firmware up to date by enabling automatic updates. Manufacturers regularly release security patches that address vulnerabilities to protect you from potential threats.
• Dedicated guest network: Consider connecting your smart TV to a separate Wi-Fi network from your main devices. This limits potential access to other connected devices in your home if your TV’s security is ever compromised.

Final thoughts

If the thought of your living room turning into a hacker’s surveillance paradise sends a chill down your spine, you’re not alone. Fortunately, you can take some protective measures that keep your smart TV safe.

One of the best ways to protect yourself is to stay informed about the latest developments in smart TV security. Attend webinars, read articles, and follow experts in the field to stay current with the latest security threats and fixes. 

Just as importantly, small but effective digital habits will also fortify your smart TV security: keep your TV’s firmware updated, stick to official app stores, secure your home Wi-Fi with strong encryption, use unique passwords for your devices, limit the use of social media and messaging apps on your TV, and be cautious about what you plug into your TV’s ports. 

By following these recommendations, you can continue to relax in your living room and enjoy your digital entertainment experience without compromising your privacy and security.

The post How To Tell If Your Smart TV Spying on You appeared first on McAfee Blog.

McAfee Blogs

How to Protect Your Social Media Passwords with Multi-factor Verification

Two-step verification, two-factor authentication, multi-factor authentication…whatever your social media platform calls it, it’s an excellent way to protect your accounts.

There’s a good chance you’re already using multi-factor verification with your other accounts — for your bank, your finances, your credit card, and any number of things. The way it requires an extra one-time code in addition to your login and password makes life far tougher for hackers.

It’s increasingly common to see nowadays, where all manner of online services only allow access to your accounts after you’ve provided a one-time passcode sent to your email or smartphone. That’s where two-step verification comes in. You get sent a code as part of your usual login process (usually a six-digit number), and then you enter that along with your username and password.

Some online services also offer the option to use an authenticator app, which sends the code to a secure app rather than via email or your smartphone. Authenticator apps work much in the same way, yet they offer three unique features:

• They keep the authentication code local to your device, rather than sending it unencrypted over email or text.
• This makes it more secure than email- and text-based authentication because they can be intercepted.
• It can also provide codes for multiple accounts, not just your social media account.

Google, Microsoft, and others offer authenticator apps if you want to go that route. You can get a good list of options by checking out the “editor’s picks” at your app store or in trusted tech publications.

Whichever form of authentication you use, always keep that secure code to yourself. It’s yours and yours alone. Anyone who asks for that code, say someone masquerading as a customer service rep, is trying to scam you. With that code, and your username/password combo, they can get into your account.

Before we talk about multi-factor verification, let’s talk about passwords

Passwords and two-step verification work hand-in-hand to keep you safer. Yet not any old password will do. You’ll want a strong, unique password. Here’s how that breaks down:

• Strong: A combination of at least 12 uppercase letters, lowercase letters, symbols, and numbers. Hacking tools look for word and number patterns. By mixing the types of characters, you break the pattern and keep your account safe.
• Unique: Every one of your accounts should have its own password. Yes, all. And if that sounds like a lot of work, a password manager can do the work for you. It creates strong, unique passwords and stores them securely.

Now, with strong passwords in place, you can get to setting up multi-factor verification on your social media accounts.

Multi-factor authentication for Facebook

1. Click on your profile picture in the top right, then click  Settings and Privacy.
2. Click Settings.
3. Click Accounts Center, then click Password and Security.
4. Click Two-factor authentication, then click on the account that you’d like to update.
5. Choose the security method you want to add and follow the on-screen instructions.

When you set up two-factor authentication on Facebook, you’ll be asked to choose one of three security methods:

• Tapping your security key on a compatible device.
• Login codes from a third-party authentication app.
• Text message (SMS) codes from your mobile phone.

And here’s a link to the company’s full walkthrough: https://www.facebook.com/help/148233965247823

Multi-factor authentication for Instagram

1. Click More in the bottom left, then click Settings.
2. Click See more in Accounts Center, then click Password and Security.
3. Click Two-factor authentication, then select an account.
4. Choose the security method you want to add and follow the on-screen instructions.

When you set up two-factor authentication on Instagram, you’ll be asked to choose one of three security methods: an authentication app, text message, or WhatsApp.

And here’s a link to the company’s full walkthrough: https://help.instagram.com/566810106808145

Multi-factor authentication for WhatsApp

1. Open WhatsApp Settings.
2. Tap Account > Two-step verification > Turn on or Set up PIN.
3. Enter a six-digit PIN of your choice and confirm it.
4. Provide an email address you can access or tap Skip if you don’t want to add an email address. (Adding an email address lets you reset two-step verification as needed, which further protects your account.
5. Tap Next.
6. Confirm the email address and tap Save or Done.

And here’s a link to the company’s full walkthrough: https://faq.whatsapp.com/1920866721452534

Multi-factor authentication for YouTube (and other Google accounts)

1. Open your Google Account.
2. In the navigation panel, select Security.
3. Under “How you sign in to Google,” select 2-Step Verification > Get started.
4. Follow the on-screen steps.

And here’s a link to the company’s full walkthrough: https://support.google.com/accounts/answer/185839?hl=en&co=GENIE.Platform%3DDesktop

Multi-factor authentication for TikTok

1. TapProfileat the bottom of the screen.
2. Tap the Menu button at the top.
3. Tap Settings and Privacy, then Security.
4. Tap 2-step verification and choose at least two verification methods: SMS (text), email, and authenticator app.
5. Tap Turn on to confirm.

And here’s a link to the company’s full walkthrough: https://support.tiktok.com/en/account-and-privacy/personalized-ads-and-data/how-your-phone-number-is-used-on-tiktok

The post How to Protect Your Social Media Passwords with Multi-factor Verification appeared first on McAfee Blog.