Can your smart TV catch a Virus?
No, not right now....but...
A Twitter post by Samsung became fodder for the internet outrage machine by suggesting that users should periodically run a virus scan on their smart TVs.
“Prevent malicious software attacks on your TV by scanning for viruses on your TV every few weeks,” Samsung’s support account wrote, following up with a video tutorial on how to launch the McAfee virus scanner built into its latest smart TVs.
Samsung deleted the offending advice soon after, perhaps because it realized the absurdity of encouraging people to treat their TVs like Windows PCs from the 1990s. Still, the damage was done. The company was promptly mocked in articles, snarky tweets, and forum posts, many of which also sneered at smart TVs in general. Ahh, they said, if only our TVs were dumb, we wouldn’t have this problem.
Missing from all the melodrama, however, was any evidence of smart TVs actually being infected by viruses or malware, probably because the odds of this happening are almost nil. Smart TVs are not inherently more dangerous than dumb TVs connected to external streaming devices, and while pre-loading anti-virus software is a bad look for Samsung, it doesn’t mean using a smart TV is a bad idea.
In search of smart TV malware
After reading Samsung’s anti-virus advice and the resulting fallout, I was curious to see whether anyone had reported getting a virus or malware on their smart TV—Samsung or otherwise—in the real world. I searched Google for examples of people reporting viruses, then looked through forums like Reddit and AVForums. Here’s what I came up with:
In 2015, someone infected their Samsung TV by plugging in a thumb drive that already had malware on it.
Also in 2015, a security researcher willingly infected an unnamed Android-based TV, using an attack that required access to his home network.
In early 2016, a Reddit user claimed that their sister’s LG TV was attacked by malware while browsing the web. (SecureList replicated the issue, but found that closing the browser window prevented anything bad from happening.)
In December 2016, a Twitter user reported ransomware on his family member’s four-year-old LG TV, which was running the long-defunct Google TV operating system. (A factory reset eventually solved the problem.)
The common thread here, aside from all these incidents being at least a few years old, is that they all involve unusual behavior. If you’re using a smart TV to access streaming services like Netflix and Hulu from an app store, catching a virus is extremely unlikely. (In fact, the one clear-cut case of malware on streaming devices that I found was not strictly on smart TVs, but on Amazon Fire TV devices with sideloaded apps.) The only reasonable takeaway here is that you should avoid downloading apps from untrustworthy sources, or using your TV’s web browser to visit sketchy websites—advice that applies to pretty much any computing device.
And while it’s true that researchers found vulnerabilities in Samsung’s software a couple years ago, the company has responded with patches and new security measures, just like any other company would when presented with security flaws. In the meantime, we haven’t seen any evidence of those exploits turning up the wild.
So why does Samsung have a McAfee virus scanner on its TVs in the first place? It seems to be part of a broader agreement between the two companies, in which McAfee also preloads its software on Samsung phones and PCs. In these deals, McAfee presumably pays for the privilege, so it can upsell antivirus subscriptions and possibly turn usage data into targeted ads. The good news is that as with any app, McAfee’s smart TV software can also be uninstalled.
In defense of smart TVs (again)
Instead of merely mocking Samsung for embarrassing itself, many commenters spun this PR blunder into a broader indictment of smart TVs, noting that the hardware is often subsidized by targeted ads, sponsorships, and content sales.
If that’s the concern, I’ve got bad news for you about cheap external streaming players, such as Roku’s Streaming Stick and Amazon’s Fire TV Stick: Roku, Amazon, Google, and even Apple are all in the business of making money from users after the initial device sale, and Roku proudly admits that it sacrifices hardware profits to grow its user base, which it then monetizes through aggressive ad targeting.
We can certainly debate about the business models of streaming platforms in general, and the privacy we’re giving up with cheap, ad-subsidized hardware, but let’s not pretend smart TVs are uniquely evil in this regard. Although smart TVs do have an additional form of tracking called ACR, which can collect data on the programs you’re watching even though external devices, that’s easy enough to disable, and it isn’t even the most invasive form of tracking that streaming platforms employ. (Did you know, for instance, that Roku buys up information about your web-browsing history and uses that to improve its ad targeting?)
I suspect that a lot of the pearl-clutching over smart TVs comes from outdated perceptions of the software that vendors are loading onto their sets. Yes, smart TVs once had clunky interfaces and terrible app support, but they’ve steadily improved on both counts over the years, and in some cases, they offer features that external streaming players lack, such as over-the-air antenna integration.
All of which might explain why smart TVs are catching up to external streaming boxes and sticks in usage. According to Comscore, roughly 29.8 million households were streaming video on smart TVs as of March 2019, up 23 percent year-over-year. While streaming players are still ahead with 36.7 million households, they only saw 9 percent growth over the same period. ComScore also reported that data consumption on smart TVs increased 58 percent over the last year, versus just a 12-percent increase for streaming boxes and sticks.
If smart TVs were so bad, people wouldn’t be using them to stream video in record numbers. And if smart TV viruses were a genuine risk, surely we’d be hearing from some actual victims by now.