Smart TVs (and hybrid TVs) are Internet-enabled, which means they have functions above and beyond simply outputting TV signals on screen. For example, smart TVs let you surf the Internet and stream films from online video stores. Plus the powerful hardware installed in these TVs and their large, often high-resolution, screens mean they have even more potential uses, such as controlling your smart home components and monitoring them for your own purposes.

Smart TVs: their features and possibilities

Since smart TVs are connected to the Internet, they come with myriad control options. You can get high-tech remote controls with a built-in microphone that records voice commands and sends them to a cloud server via the smart TV's Internet connection, for instance. The server then converts the recorded audio signal into a command that the smart TV can understand and carry out.

Control and information via HbbTV

You can also replace or enhance your remote control with a corresponding app on your smartphone or tablet. This is a popular alternative with some users, who prefer the convenience of a touch pad and to keep that collection of remote controls on the coffee table to a minimum.

A special feature of smart TVs is that they support hybrid broadcast broadband TV (HbbTV), a type of "modern teletext" that incorporates online content provided by the broadcaster. This content can be retrieved in real time. HbbTV content is mostly transmitted over the Internet, although some broadcasters do offer simple HbbTV services via the TV signal. If the TV signal is the transmission channel, this means it cannot transmit any outgoing messages from the smart TV, hence these simple services do not allow for any interaction with the viewer.

Smart TVs:s: built-in app stores

Certain manufacturers have included something similar to an app store on their smart TVs, where users can find additional applications (some free of charge, some for a fee). They can download these apps to expand the functions their device can perform and tailor it to their needs. For example, users can easily access their social networks via their smart TV, stream audio and video from various providers or install game apps. Some smart TVs come with a built-in webcam and microphone, or one can be connected to the device as an added extra. This opens up a whole host of functions, such as the ability to have video chats or take part in video conferences.

Internet-enabled TVs: a gateway for cyber criminals

Browsing the Internet, installing apps and holding video conferences are all activities we would initially associate more with a computer or smartphone than a TV. But as the hardware in our smart TVs becomes more powerful and the additional functions they offer continue to expand, they too will be exposed to online threats, similar to a computer. Smart TV models that do not receive state-of-the-art security updates represent a risk to their users.

To spy on a device or infect it with malware, an attacker will usually need at least one vulnerability they can exploit. Such vulnerabilities might be errors in the software or insecure, preset authentication data, e.g. the user name "user" and the password "1234". In addition, the user may download malware onto the device inadvertently by visiting websites, streaming video or installing certain apps (especially if they come from sources that are not trustworthy).

Once a smart TV is infected with malware, the attacker has plenty of opportunities to cause damage. For example, they could steal the user's digital identity or incorporate the smart TV into a botnet, which in turn sends out spam e-mails or crashes websites via coordinated denial-of-service (DoS) attacks.

Smart TVs: choosing and using them safely

It is helpful to bear the following security recommendations in mind in order to minimise the risks that come with using smart TVs for yourself and others:

Things to find out when making your purchase

Before you buy your device, as well as considering the price and the hardware features, you need to find out some important information about the security features of the products you are considering. These questions will give you a good starting point:

• Security updates: Can I take it that the manufacturer will maintain the product sufficiently? This should include them providing secure operating software, together with security updates, for the product's whole lifespan, whatever that is typically expected to be, and protecting their associated cloud infrastructure with state-of-the-art technology.
• Encryption: Will my data be transmitted in encrypted format? Can I trust that only authorised persons will receive this data and to a reasonable extent? Is there any information on how the manufacturer protects the stored data?
• Access control: Are there enough settings available to control access to the device? On the one hand, in terms of the TV's user interface, you may want to switch the smart TV on with just a password or a PIN, for example, so is that possible? And can additional functions also be requested or installed with the right password alone? On the other hand, only authorised persons should be able to make changes to the smart TV's configuration or settings, e.g. the connection to the home network or to a cloud. It should therefore be possible to protect these areas from unauthorised access.
• Functional adaptations: Can I adapt the product's functions, such as a webcam, to my needs and disable any functions I don't require?

It is difficult for non-experts to assess the security features of specific products and the information required to do so is not always publicly available, so any potential customers should consult various sources for advice. Technical magazines, assessments by independent experts, customer reviews or a salesperson at a specialist retailer's are all good places to start. Ultimately, you need to have well-founded confidence in the manufacturer's product and the infrastructure provided for it.

How to use the device safely at home

• App security: Before installing more apps, you should check that they are secure. As the potential purchaser, you should find out how the manufacturer or provider guarantees the data security of the app and what authorisation is required to access the app. In addition, appropriate updates should be provided to ensure the software remains state of the art.

  You should only ever download apps from a trustworthy source. You should also think about whether you really need such apps in the long run, considering the rights you have to grant them. After all, any software that has been programmed insecurely, whether deliberately or not, can be a gateway for cyber criminals. The more apps are installed on your smart TV, the more likely you are to be affected by vulnerabilities.

• Security updates: If the manufacturer of your smart TV or the publisher of the apps you have installed provides software updates, you should perform them promptly, as they often resolve vulnerabilities. If you have enabled the corresponding function, these updates can sometimes be installed automatically. This function is highly recommended, because we do not expect users to install updates manually on a regular basis. If you do not enable this function, you should instead activate the setting, if possible, that allows notifications to be sent whenever an update is ready. Devices which no longer receive the latest security updates represent a particular risk. If the corresponding device software is no longer maintained, you should think about disconnecting your smart TV from the Internet and your home network or uninstalling any apps that have vulnerabilities.
• Settings: Various settings menus for your smart TV and corresponding apps offer you the user a great degree of control. You can disable any features you do not need, such as the built-in webcam, microphone for voice commands or remote access features. In contrast, you should enable security features like access control, transport encryption or update notifications as mentioned above. You should cast a critical eye over the privacy settings too and tailor them to your needs on a regular basis.
• Safe surfing: Generally speaking, you should exercise caution when surfing the Internet (see the "Surf, but be safe!" brochure). Since smart TVs often do not have an up-to-date web browser or anti-virus software with the latest databases, it is not advisable to enter valuable passwords into them nor to use critical services, e.g. online banking.
• Disable: You should disable or delete additional services or functions that are not required (e.g. HbbTV, apps that are not used), since these too can contain vulnerabilities, especially if they do not have the latest security updates. For example, if a video streaming app that is installed on your smart TV has a vulnerability, an attacker can exploit it to gain control of your device.
• Home network: How your smart TV is integrated into your home network and accesses the Internet is controlled by a router, just like with a computer. For information on what you should bear in mind, see: "Secure LAN and WLAN set-up".
  

Disposing of old devices

If you no longer need your smart TV and are therefore selling it, giving it away or disposing of it, you should delete all personal data from it. Your login details for networks or online accounts and other personal data stored on the TV must not get into the wrong hands. Smart TVs often come with a function to reset to factory settings. Unfortunately, these functions do not always delete all the required data. If you do use such a function, we recommend checking the TV afterwards, so you can delete any remaining data manually wherever possible. If this proves impossible, you can try contacting the device manufacturer.