Avast uncovered a flaw in Vizio SmartTVs that could let an attacker into a home or office network. Vizio patched it quickly, but it brings to light security issues about the Internet of Things.
With more and more devices being attached to the Internet, it stands to reason that there will be security issues that surface around these devices. Avast isn't waiting around until these problems arise. The company said it has a wall of Smart TVs connected to a test network where it tries to uncover potential threats. In an effort to discover what kind of security and privacy implications such a threat could have, the company discovered a problem that could let an attacker gain access to your home network through a Vizio Smart TV. It was also discovered that the TV would send information about its own usage, even if the user disagreed to the privacy statement and terms of service.
The network that Avast has its Smart TVs connected to for research is routed through a system that captures all of the raw data passing through it. Avast is able to watch the packets in real time or store them for later analysis, and it has the capacity to intercept and modify the transmissions.
Using this data, the company was able to determine that the Vizio TV it was testing (the model is not discussed) makes an HTTP connection to a service that sends fingerprints sharing the details of what has been watched on the TV. With this knowledge, Avast was able to instigate a man in the middle (MITM) attack that revealed a possible entry point into a home or office network by hijacking the DNS and serving malicious commands to the TV.
Avast went into great detail explaining how it uncovered the vulnerability, which you can find on the company's blog. Fortunately, these details shouldn't be of much use to would-be attackers; Avast said that upon being notified of the security issues, Vizio took swift action to patch the problem. By the time the blog post was published, Vizio had already rolled out the patch to affected TVs. Provided your TV is connected to the network and has updates enabled, the patch should already be done. If you own a Vizio Smart TV, it might be wise to double check that updates are allowed.