(credit: Vizio)
The cautionary tales just keep coming for Internet-connected TVs, thermostats, and other so-called "Internet-of-Things" devices. Today's lesson comes courtesy of a smart TV from Vizio that was subjected to a man-in-the-middle attack because it couldn't be bothered to validate the HTTPS certificates of servers it connected to.
Researchers from security firm Avast found that the Vizio model in their lab broadcasted fingerprints of users' viewing habits, even when owners hadn't consented to a privacy policy displayed during set up. What's more, the researchers uncovered a vulnerability in the smart TV that could act as a potential attack vector for a hacker attempting to access a user's home network.