Commenting on the security vulnerabilities uncovered in smartphones, internet-connected TVs and other devices, Martijn Verbree, partner in KPMG’s cyber security practice said:
“It may come as shock but security vulnerabilities exist in pretty much every internet connected device. When internet connected devices are made, security may be an afterthought in the design process and not part of the initial thinking. Many connected TVs were designed to be TVs first and then with some computing functionality, an operating system, apps, a few sensors and Wi-Fi connection bolted onto it.
“The lack of security by design will change over time when the industry matures: we have already seen this take place with smart phones, which are now a lot better protected and better patched, although far from secure.
“The vulnerabilities uncovered pose a low risk to the general public at the moment. However, you can imagine that a lot of security folks will try to reverse engineer it right now – including criminals, hostile nation states, universities etc. With the exploits most likely requiring a piece of malware to be installed on the TV itself - either through physical access, or the consumer clicking on a bad link or by downloading an infected app – it makes it relatively hard to target specific individuals.
“Fixing this will be hard and the most likely fix will be via a software patch. But the challenges are, what other vulnerabilities already exist and how manufacturers get the patches out? Yes, some TVs are internet-connected and could have the firmware updated remotely. However this typically requires some consumer intervention and that being manually done by a consumer isn’t easy to achieve.
“Vendors will need to take responsibility and provide fixes to vulnerable devices, even if they’re over their normal warranty period.”
For media enquiries, please contact:
Nahidur Rahman, Senior PR Manager
T: +44 (0) 20 7694 8812
M: +44 (0)73 9376 0775
Follow us on twitter: @kpmguk
KPMG Press Office:
T +44 (0)207 694 8773
Notes to Editors:
KPMG LLP, a UK limited liability partnership, operates from 22 offices across the UK with approximately 13,500 partners and staff. The UK firm recorded a revenue of £2.07 billion in the year ended 30 September 2016. KPMG is a global network of professional firms providing Audit, Tax, and Advisory services. It operates in 152 countries and has 189,000 professionals working in member firms around the world. The independent member firms of the KPMG network are affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. Each KPMG firm is a legally distinct and separate entity and describes itself as such.