Let’s point and laugh at Samsung for a bit:
— Nicuri (@Nicuriq) June 18, 2019
What are they making? Retro TV’s? Any self respecting malware creator would make the scanner actually launch the attack! https://t.co/ZR6ZloWVNQ — Greg Price (@ObscureBug) June 17, 2019 Now we’ve got that out of the way, let’s talk about where Samsung went wrong. To be fair, the company is right to take security seriously. But its implementation of its solution presents a poor user experience, to the point that it sounds absurd. Over the past several decades, no one’s ever had to run a virus scan on their TV set. And we’re now calling these internet-connected TVs – which come with a host of features designed to enhance your viewing experience and deliver a wide range of content – ‘smart.’ But Samsung’s smart QLED TV line – which features models priced as high as $15,000 – can’t run its own virus scan. Sounds dumb to me. As my colleague Matthew Hughes noted, when it comes to the Internet of Things, it’s really hard to give an example of something that, at some point, hasn’t been completely and utterly hacked. So it’s good to know that Samsung prioritizes security. Over the past four years, it’s detailed its extensive measures for protecting your smart TV. I imagine that’s more than can be said for many other brands. That said, the onus of keeping viruses at bay shouldn’t be on TV owners. Javvad Malik, a security awareness advocate at KnowBe4 (a security awareness training platform), explains: This is bad for a number of reasons. Just think about the process: you have to remember to scan your TV for viruses, hunt through on-screen menus to find the scan feature, and ultimately delay your imminent Chernobyl binge with a frustrating and unwanted side quest. Imagine having to remember to do this every few weeks: Sadly, we’re not done yet. Think about what happens if there is a virus. Are you supposed to sit there and figure out the next steps? Malik expands on how this could be difficult and cumbersome: Beyond baking security into the product from the start, I believe it’s important to automate processes like virus scanning. That way, human interaction isn’t necessary, and there’s no opportunity to blame owners for problems that arise as a result of poor security measures. That sounds more like the sort of smarts I want my TV to have. Until manufacturers figure this out, I’ll be fine with my dumb do-nothing set, thanks. This is why building in security from the design phase is so important, so that the right controls can be architected in from the beginning to provide robust security controls that don’t impede on the user experience.
