Avast Uncovers Vizio Smart TV Security Flaw, Vizio Takes Quick Action

Avast uncovered a flaw in Vizio SmartTVs that could let an attacker into a home or office network. Vizio patched it quickly, but it brings to light security issues about the Internet of Things.

With more and more devices being attached to the Internet, it stands to reason that there will be security issues that surface around these devices. Avast isn't waiting around until these problems arise. The company said it has a wall of Smart TVs connected to a test network where it tries to uncover potential threats. In an effort to discover what kind of security and privacy implications such a threat could have, the company discovered a problem that could let an attacker gain access to your home network through a Vizio Smart TV. It was also discovered that the TV would send information about its own usage, even if the user disagreed to the privacy statement and terms of service.

The network that Avast has its Smart TVs connected to for research is routed through a system that captures all of the raw data passing through it. Avast is able to watch the packets in real time or store them for later analysis, and it has the capacity to intercept and modify the transmissions.

Using this data, the company was able to determine that the Vizio TV it was testing (the model is not discussed) makes an HTTP connection to a service that sends fingerprints sharing the details of what has been watched on the TV. With this knowledge, Avast was able to instigate a man in the middle (MITM) attack that revealed a possible entry point into a home or office network by hijacking the DNS and serving malicious commands to the TV.

Avast went into great detail explaining how it uncovered the vulnerability, which you can find on the company's blog. Fortunately, these details shouldn't be of much use to would-be attackers; Avast said that upon being notified of the security issues, Vizio took swift action to patch the problem. By the time the blog post was published, Vizio had already rolled out the patch to affected TVs. Provided your TV is connected to the network and has updates enabled, the patch should already be done. If you own a Vizio Smart TV, it might be wise to double check that updates are allowed.

Follow Kevin Carbotte @pumcypuhoy. Follow us on Facebook, Google+, RSS, Twitter and YouTube.

 Kevin Carbotte is a contributing writer for Tom's Hardware who primarily covers VR and AR hardware. He has been writing for us for more than four years. 

  • Achoo22
    It's awful that this TV exposes LAN security to threats but it is deplorable that it phones home in such a way, to begin with. Just because a TV can track and report viewing habits does not mean that it should. In fact, if the tracking is not required to support its advertised functions, then it should absolutely be illegal.
    Reply
  • nukemaster
    unfortunately everything seems to phones home.

    Big thumbs up for the quick patch and Avast being on top of this kind of testing.
    Reply
  • shloader
    Avast is doing what a lot of other private security companies and even some hobbyists are and have been doing for a long time; packet analysis of net connected devices from computers with a fresh OS install to a simple media player. Remember the phoning home of Windows XP? Didn't last long before that was patched. Knowing there's always someone watching companies, hoping for a chance to bust a large corporation on a flagrant privacy violation... it's comforting. Stories like this give me warm fuzzy feels.
    Reply