Skip to content   Skip to footer navigation 

How secure is your smart TV?

Smart TVs can contain a lot of personal information, which may make them a tempting target for hackers.

Last updated: 09 December 2019

Ever since TVs turned "smart" and started shipping with inbuilt internet access, they've adopted features and apps that were once reserved for games consoles, media hubs and PCs. Now, you can use a smart TVs as your sole media streaming device, as most support dedicated entertainment programs such as Apple TV+, Amazon Prime Video, Netflix, Stan and Foxtel Now.

But just because your TV can connect to the internet, doesn't mean it has to. In fact, you may find that removing it from the network is a safer option.

Do I disconnect?

This may seem like a strange idea at first. After all, if a device can connect to the internet, why not let it go online? Like your PC, smartphone and basically any other connected device, your TV runs the risk of being compromised by unscrupulous types if it's hooked up to a network. 

Smart TVs can be hacked with a number of vulnerabilities. These included:

  • Access to inbuilt cameras (in older TVs)
  • Files stored on the television either on the TVs memory or an attached storage device.
  • Personal and financial information in-services such as Amazon.
  • Social and communication apps such as Facebook.

Hackers aren't your only concern however. Samsung launched a range of smart TVs a few years ago, introducing a privacy policy that said spoken information "will be among the data captured and transmitted to a third party through your use of Voice Recognition". Customers, understandably, were unhappy with the notion that their TVs were listening to them 24 hours a day.

It turned out that all voice commands were being sent to an external server for analysis and interpretation, as the TVs didn't have enough processing power to handle the task on their own; however, the company's original, vaguely-worded privacy policy didn't make this clear.

Still, this, combined with the ever present risk of hacking, prompted people to disconnect their smart TVs. It's actually a viable option depending on your home media setup. In fact, a connected TV may be unnecessary depending on your media demands.

What are the security risks?

This is where the pros and cons of keeping a smart TV connected become a little harder to answer. Once any device goes online, it's potentially vulnerable – and your TV is no exception. However, you need to consider whether or not nefarious types would even be interested in cracking into your TV.

Things have improved over the years. Samsung now makes a point of highlighting security features in their TVs, for example. But protections like third-party anti-virus software that you can get for your PC, isn't really available for smart TVs.

So, yes, TVs can be compromised, and they are full of personal information that may be tempting to cyber-criminals. Whether they'll actually want to bother, however, is another story. Why? Because hackers tend to go after big targets that will yield a big data haul. Things like:

  • Company servers that store user information
  • Credit card companies
  • Online services and Social media servers.

Individual attacks generally exist to extort the user, steal personal information or just make their lives difficult. When you look at data stored on a smart TV compared to a games console, smartphone or PC, the time and effort required to crack in for a small cache of details seems impractical.

Is Android an issue?

One potential concern is the introduction of the Android operating system (OS) into some smart TVs. This could, theoretically, make things easier for hackers that have managed to crack smartphones and tablets. However, despite seeing a number of TVs from Sony, TCL and other smaller brands, we've seen no evidence of Android exploits.

Voice Assistant - friend or foe?

Almost every new TV includes a digital assistant that you activate with voice commands, such as Google, Alexa or Bixby. These are not to be confused with voice commands used to control the TV (though they can do that too). Instead, they're often used as a time saver for online queries or commands, e.g. "ok Google, play Stranger Things on Netflix." You can also use them to control other smart devices on your network, e.g. "Alexa, turn off the lights."

Treat these with the same level of security as your phone or a network connected wireless speaker. Consider your words and try not to provide too much personal information while asking your TV to order pizza.

Make sure you check the default settings as well, as most brands let you tweak them based on your needs. For example, new Sony TVs are always listening by default. However, you can turn this off, so Google Assistant will only activate when you press the corresponding button on the remote. You can also turn these features off altogether, but the steps to do so vary between brands and models. You can find this information in the instruction manual or online.

Can cameras be compromised?

You've probably heard a tale or two about hackers getting into webcams to take a look around your home and yes, this could technically occur on TVs too. However, it's been more than two years since a smart TV with an inbuilt camera has come through our labs.

If you do have an older TV with a webcam, you can turn it off by:
  • Sliding down the cover
  • Rotating it towards a wall
  • Taping over the lens (a last ditch alternative if the first two options aren't available).

Voice commands are still available on many models, but you can deactivate this feature on most TVs if you're concerned about prying ears listening in. If the remote control has an inbuilt microphone, try swapping it out for a third-party model that doesn't support voice commands.

Should I use a different media device?

Before smart TVs were mainstream, devices like games consoles (PlayStation, Xbox, Nintendo) and media hubs (Apple TV), were used to stream content. While these devices remain popular, it's not uncommon to see PCs plugged into TVs, or people streaming content from their smartphones and tablets to the big screen via devices such as Google Chromecast or the proprietary casting functionality built into the TV.

If you're using one of these devices for the bulk of your streaming, you may want to consider why you also have your TV connected to the internet 24/7 or even at all. However, if you're using the same set of apps across your TV and a device such as a PlayStation 4 (PS4), you may want to consider choosing between the two. The decision comes down to two points:
  • Software/service options
  • Preferred interface

Most entertainment apps on your smart TV – such as Netflix, Stan and free-to-air catchup services – can be found on media hubs and consoles. There may be minor variations in functions, menus and features, but the content will generally match up.

External devices can usually do a whole lot more as well – the PS4 supports video games, DVD and Blu-ray for example, while Apple TV makes it much easier to sync and stream content between Apple devices.

The cost of convenience

Almost any device and program connected to the internet is storing data on an external server of some kind. Unfortunately, that's the nature of the connected world, and the trade-off for the convenience of high-tech gadgets can be your digital privacy. How much of this you're willing to tolerate in exchange for the conveniences offered by devices that are always online is up to you.

If you use your TV as the primary entertainment device to access media streaming services, you'll need to keep it connected to the internet. Follow the same security steps as you would on a computer or smartphone:

  • Don't use "easy" or "quick" set-up when activating a new device. Look for "custom settings" that let you turn individual privacy features on or off. 
  • Look for a condensed version of the privacy policy, and read the notes when manufacturers or developers release a software update.
  • Don't download software that looks suspicious. This is particularly important as anti-virus software isn't really available for smart TVs.
  • Add two-step authentication to apps that require a login, if it's available.

Also, connect to the network via Ethernet if you can. It's much harder for hackers to break into a hardwired connection compared to Wi-Fi.

Although you probably don't need to connect your smart TV to the internet 24/7, you should log in every few months, as TV manufacturers often release important system updates and security patches.

We care about accuracy. See something that's not quite right in this article? Let us know or read more about fact-checking at CHOICE.

Stock images: Getty, unless otherwise stated.