The Federal Bureau of Investigation has issued a warning to holiday shoppers who are planning to swap some of their hard-earned cash for a smart TV.
In a statement released by the Oregon branch of the FBI, members of the public were warned that an unsecured TV that is connected to the internet could be used as a conduit for cyber-criminals to gain virtual entry into a home.
The FBI said: "Beyond the risk that your TV manufacturer and app developers may be listening and watching you, that television can also be a gateway for hackers to come into your home. A bad cyber actor may not be able to access your locked-down computer directly, but it is possible that your unsecured TV can give him or her an easy way in the backdoor through your router."
Potential smart TV owners were advised that hackers who had taken control of an unsecured set could do anything from messing around with volume controls to showing inappropriately violent or sexually explicit videos to children.
"In a worst-case scenario, they can turn on your bedroom TV's camera and microphone and silently cyber-stalk you," said the FBI.
Shoppers were warned that they cannot rely on the default security settings of any devices that they might purchase to provide adequate protection for themselves and their families. Instead, agents urged anyone considering buying a smart TV to make sure that they fully grasp exactly what features their smart TV comes with and how to control them before making a purchase.
The FBI said: "Change passwords if you can—and know how to turn off the microphones, cameras, and collection of personal information if possible. If you can’t turn them off, consider whether you are willing to take the risk of buying that model or using that service."
As a back-to-basics option, smart TV owners who are unable to turn off cameras but wanted to were advised to place a piece of black tape over the set's camera eye.
Shoppers were also advised to check the privacy policy for the TV manufacturer and the streaming services they use and to confirm what data they collect, how they store that data, and what they do with it.
Javvad Malik, security awareness advocate at KnowBe4, commented: "The main takeaway from this advisory should be that keeping devices patched and secure should be the responsibility of the manufacturer; we cannot place the burden on the average consumer to be tech-savvy enough to check settings, permissions, and apply patches."