Skip to main content
  1. Home
  2. Computing
  3. News

Who’s watching what you’re watching? Avast finds vulnerabilities in Vizio smart TVs

By

VIZIO Reference Series Event
Jeffrey Van Camp/Digital Trends
Security researchers at Avast have demonstrated a number of vulnerabilities and potential attacks against Vizio smart TVs, including intercepting data that displays a person’s viewing habits.

Under the wide umbrella of the Internet of things and smart homes, Avast began to pull apart the security of a Vizio smart TV and found that it was susceptible to man-in-the-middle attacks due to HTTPS certificates that were not being validated.

Recommended Videos

Avast discovered that the TV was constantly accessing tvinteractive.tv, a website run by a company called Cognitive Networks. The service appears to gather a timestamp that reports what someone is watching and when, and then sends that info to the content provider or advertisers. Avast even discovered that the TV would accept a forged certificate when connecting to the site as it does not fully validate the HTTPS certificate. Instead it just validates the checksum at the end of the data being transferred.

Related

Essentially, the HTTPS certificate is what makes a connection secure, validating the information and telling the sender what a site actually is. Without it, a hacker could potentially steal the information. Carrying out a man-in-the-middle attack in which it impersonated the tvinteractive.tv with forged HTTPS credentials, Avast was able to crack the data that was being sent and view it.


“This data is the fingerprint of what you’re watching being sent through the Internet to Cognitive Networks. This data is sent regardless of whether you agree to the privacy policy and terms of service when first configuring the TV,” said the researchers.

The data is more like a snapshot of pixels rather than a clear view of what you are watching. Here’s an example from Avast. Vizio has a way of deactivating this tracking through the following commands: Menu -> Reset & Admin -> Smart Interactivity -> OFF.

Avast has dubbed its discovery as a possible attack vector into a person’s home network. It’s just the latest evidence that shows how a smart TV can make your local network vulnerable, and Avast claims that it could be a possible means to display content remotely on someone else’s TV.

“Further investigation is needed to demonstrate a proof of concept; however, this appears to be a potential attack vector for remotely displaying unwanted material on a person’s TV,” said Avast.

Vizio has patched these vulnerabilities and says the update will install automatically, but there is still no report on whether this update has been successfully delivered to all TV owners yet.

Editors’ Recommendations

Topics
Jonathan Keane
Jonathan Keane
Former Digital Trends Contributor
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
NFL buffering on YouTube TV? You’re not alone today
An error message for the NFL on YouTube and YouTube TV

We've got bad news for anyone who relies on YouTube and YouTube TV for their NFL games — there's some definite lag happening today. It's so bad and so apparent that there's a message atop the YouTube TV help pages.

The message reads: "If you're experiencing buffering issues on YouTube, our team is aware and working on a fix. YouTube TV or NFL Sunday Ticket may also be impacted."

Read more
Vizio’s new Quantum 4K QLED TVs hit 75 inches for $699
Vizio Quantum 4K QLED Smart TV.

It's been a very quiet year for Vizio so far. The company didn't bring any new TVs to CES 2023, and the welcome announcement that it was updating its aging smart TV software was tempered by the fact that Vizio wouldn't say when its customers would be getting the new experience, simply called Vizio Home Screen.

Our own editor-at-large and resident TV expert, Caleb Denison, penned an op-ed in July outlining his concerns about Vizio's apparent retreat to the TV sidelines and what the company would need to do in order to compete with the onslaught of excellent TVs from TCL and Hisense.

Read more
Vizio’s aging SmartCast reborn as Vizio Home Screen, with better content discovery features
Vizio SmartCast Home Screen 2023.

It's been a while since Vizio gave its SmartCast interface a fresh coat of paint and it was beginning to show its age when compared to Google TV, Apple TV, and Amazon's Fire TV. Today, that changes, with a new interface that ditches the "SmartCast" name, in favor of the simpler "Vizio Home Screen" -- it's a full refresh of many of the key interfaces that Vizio owners use to navigate and find their shows, movies, and apps.

The first thing you notice is the way the cover art for shows and movies now blends into the background of each screen instead of being presented as a rectangular billboard. It's a much more engaging format and mirrors what we've started to see from the other leading smart TV platforms.

Read more