Many smart TVs may not be supported beyond two years, leaving them potentially vulnerable to hackers, new studies find.
Smart TVs and other smart devices could lose features and become a security risk after as little as two years, according to a report from the consumer group Which?.
After approaching 119 brands about hundreds of smart device products, Which? found that very few even came close to matching their expected lifespan with their smart update policies.
LG smart TVs, for example, are only guaranteed support for just two years after launch — although the company did tell Which? that its TVs might get up to five years of support for critical security vulnerabilities.
Meanwhile, Sony only offers guaranteed support for its smart TVs for two years from launch, with Samsung promising just three years.
Some manufacturers are better, with Hisense promising to support its smart TVs for 10 years — more than a smart TV's expected lifespan.
"It’s unfair for manufacturers to sell expensive products that should last for many years and then abandon them," says Rocio Concha, Which? director of policy and advocacy.
"This means the product could lose the features that justified the hefty price tag and potentially create a security risk, or add to the electrical waste mountain if it has to be replaced."
How devices are vulnerable
According to research from NordVPN, more than half of households in the UK, Canada, Australia, the US, and Germany have an internet-connected TV. Many come with cameras and microphones built in, and as they generally run over Wi-Fi, could give hackers access to other devices on the same network, including the router.
In 2017, indeed, researchers at Trend Micro discovered that a ransomware variant called FLocker, initially targeting mobile Android devices, was also being used to attack Android-based smart TVs and collect location data, phone numbers, contacts, and uploaded photos.
Before that, in 2013, a bot was found to be collecting login credentials from smart TVs, amongst other devices.
And in 2018, a Consumer Reports investigation found that millions of smart TVs from Samsung and TCL could potentially be taken over by hackers through easy-to-find security flaws, allowing them to change TV channels, turn up the volume, play unwanted YouTube videos, or disconnect the TV from its Wi-Fi connection.
And meanwhile, TV manufacturer Vizio was fined $2.2 million by the Federal Trade Commission (FTC) in 2017 for tracking what its customers were watching and selling the information to advertisers.
What to look out for
Signs that a smart TV might have been hacked or infected with malware include unexpected pop-up ads or messages, slow performance, unfamiliar applications, a change in settings, or an unresponsive remote control.
To an extent, users may be able to opt out of some data collection through the manufacturer's privacy pages. However, it's important to make sure that doing this doesn't mean opting out of updates as well — which are, of course, the best defense against security vulnerabilities and other bugs.
It's also a good idea to secure Wi-Fi routers with strong passwords, and perhaps by installing a virtual private network (VPN) if possible.
Users should be careful about content from unfamiliar sources and avoid connecting any unsecured devices. And it will also reduce the chances of malicious activity by disabling any unused features, restricting always-on access by microphones or cameras, or even covering up the webcam.
There are in the UK moves to force product manufacturers to provide support for a reasonable length of time through the recently-passed Product Security and Telecommunications Infrastructure (PSTI) Act.
Similarly, in the EU, a planned Cyber Resilience Act would introduce mandatory cybersecurity requirements for products with digital elements throughout their whole lifecycle.
Such moves, though, should be accelerated, according to Which?.
"Manufacturers must up their game and provide vital tech updates for their smart products for longer," says Concha. "Otherwise, the government should consider further intervention in this area, including specifying a minimum number of years that these products have to be supported for."
More from Cybernews:
Subscribe to our newsletter