Re: Internet security on smart tv

I am not aware of any smart tvs that have virus protection because the manufactures say they do not need any

Re: Internet security on smart tv

Indeed thats not quite necessary (yet), that ain` t even a lie^^. There are other, much worse problems, I will try to describe using the example of a typical dreambox :

The dreambox is running on Linux, and it has dropbear, telnet and other remote-access-utilities available by default. Just like a smart-tv, its rather a computer than a typical old-fashioned receiver.
Now imagine a user, thats not too aware of networking and security and stuff, and just wants to get his dreambox available over the internet, e.g. for mobile use with smartphone or whatever (or to share cards ;) ). Since he is not too familiar with portforwardings or just because he` s too lazy, or perhaps even because he`s a bit overmotivated, he opens up the ports for telnet/ssh/webinterface (with webadmin).
By default, most dreambox-images don`t use authentication on the webif.
Now, a hacker could get easily into the device, either because standard password is still set, or the attacker uses webadmin-scripts to change/set password, or, even more tricky, uses the web-remote and osd-screenshots, to install setpassword or just filemanager (rename passwd- (the backup original passwd) back).
If webadmin is activated and not secured, its even easier : just use a script to wget a private-ssh-key, and let the box connect back to the attacker, establishing all the (for the attacker) necessary tunnels when connecting.

What I want to say is :
There isn`t as much malware for Linux and android (yet) as there is for windows. Of course, the number will increase drastically in the near/mid future, but what I want to say is : Since more and more people start to use highend computers in their everyday life, without understanding the functionality completely, attackers will get more independent from using old-fashioned malware, since they simply needn`t. There are so many vulnerable hosts, that nowerdays its not a matter how to hack them, but rather how to identify these in the quickest possible way.

Brief : configure your home-network correctly, with nice safe ssh-tunneling and restrictive default settings (e.g. a default drop all rule in iptables of your NAT-device) nd so on, and you`ll be the safe side in 99,99999% of all cases, even if you have no antivirus on your smart-tv.

PS : Why I know all these methods ? I work as it-security-professional, and have seen these cases "in the wild". With private persons as victims, as well as organizations and companies. Just in case somebody should wonder xD