Morning Overview

The FBI warns your smart TV’s built-in camera can open a path into your home network.

The FBI has warned American households that smart TVs with built-in cameras and microphones can serve as entry points for attackers seeking access to home networks. The bureau’s Portland Field Office spelled out the risk in a Tech Tuesday advisory, stating that unsecured internet-connected devices can provide “a path into your router,” giving an intruder access to every other device on the same network. A separate 2025 FBI cyber alert documented real cases in which compromised consumer devices, including TV streaming hardware, were enrolled into botnets and residential proxy services used to mask criminal traffic.

How a smart TV camera becomes a network-wide threat

The core danger is not the camera alone. It is what happens after an attacker gains a foothold through a poorly secured television. The FBI’s IoT guidance explains that once a smart TV or similar device is compromised, the attacker can pivot through the home router to reach laptops, phones, and network-attached storage. That single weak link turns a living-room screen into a surveillance tool and a launchpad for deeper intrusion.

A related FBI Oregon advisory described a concrete abuse pattern: attackers hijacking the live camera streams and speakers on internet-connected devices with camera and voice capabilities. The technique has been used in swatting attacks, where intruders watch and taunt victims through their own devices while simultaneously calling armed law enforcement to the address. This is not a theoretical scenario. The bureau published specific anti-swatting advice precisely because these incidents had already occurred.

The hypothesis that households leaving TV cameras uncovered and firmware unpatched face higher rates of unauthorized outbound traffic is consistent with the FBI’s documented findings, though the bureau has not published incident-level statistics isolating smart-TV cameras from other IoT devices. What the evidence does show is a clear chain: default passwords and outdated firmware create openings, and attackers are actively exploiting those openings to enroll consumer devices into proxy networks that route illicit traffic through ordinary homes.

FBI and FTC records trace the data trail from screen to server

Smart TVs are not passive screens. They collect granular data about viewing habits, app usage, and connected accounts. Reporting by The Washington Post found that major brands track what viewers watch and feed that information into advertising ecosystems. That data richness makes a compromised TV especially valuable to an attacker: it offers not just network access but also behavioral profiles tied to real households.

Regulators have already acted on the privacy side of this problem. The FTC issued a stipulated federal order against a major TV maker in 2017 after the company collected viewing histories on millions of smart TVs without obtaining user consent. That enforcement action confirmed what security researchers had long suspected: manufacturers themselves were harvesting data at scale, and consumers had little visibility into what left their living rooms.

The FBI’s 2025 cyber alert on home devices and criminal activity added a new dimension. Compromised consumer devices, the bureau stated, provide unauthorized access to home networks and are being enrolled into botnets and residential proxy services. TV streaming devices appeared explicitly on the list of affected hardware. The alert tied these compromises to backdoors pre-installed or injected after sale, meaning some devices arrive already vulnerable before a consumer even plugs them in.

Taken together, the FBI and FTC records describe a two-sided exposure. On one side, manufacturers collect and transmit user data through channels most owners never audit. On the other, criminal actors exploit weak security to commandeer those same data-rich, always-connected devices. A smart TV sitting on a home’s primary Wi-Fi network, running outdated firmware, with its camera uncovered, sits at the intersection of both risks.

Gaps in the evidence and what households should do first

The FBI advisories establish that smart TVs and streaming devices are targets, but they stop short of publishing case counts or forensic breakdowns specific to television cameras. The bureau’s guidance groups TVs with other IoT hardware, such as doorbell cameras, baby monitors, and voice assistants, without isolating how often each device category leads to a confirmed breach. That gap makes it difficult to rank smart-TV cameras against other weak points in a typical home network.

Manufacturer responses to the FBI’s warnings are also absent from the public record. Samsung, LG, Roku, and other major brands have not issued detailed public statements addressing the specific risks the bureau outlined. Without that transparency, consumers cannot easily compare models on the basis of security practices, such as how quickly vulnerabilities are patched or how clearly camera and microphone controls are documented.

In the absence of device-by-device risk rankings, security professionals point to a set of practical, first-step defenses that apply across brands. The most important move is to change any default passwords on the TV itself, the associated streaming devices, and the home router. Default credentials are a recurring theme in FBI advisories because automated attack tools can scan the internet for devices that still use factory logins.

Keeping firmware updated is the second critical measure. Many televisions and streaming boxes can install updates automatically, but users often disable that feature or delay reboots. Given the FBI’s finding that some devices may ship with backdoors or exploitable flaws, promptly applying vendor patches is one of the few defenses an ordinary household can control without specialized tools.

Network segmentation is another practical safeguard. Placing smart TVs and other IoT hardware on a separate guest network or VLAN can limit the damage if one device is compromised. The FBI’s description of attackers using a single vulnerable gadget as a bridge into the wider home network underscores why this separation matters. If the TV cannot directly “see” laptops or network-attached storage, the attacker’s ability to pivot is reduced.

Physical controls still have a role. Covering or disabling the camera when it is not needed reduces the risk of visual surveillance, especially in bedrooms or children’s play areas. While this does not stop an attacker from using a compromised TV as a network proxy, it does blunt one of the most invasive forms of abuse documented in smart-device swatting incidents.

Households should also review privacy and data-sharing settings on their televisions. Turning off viewing data collection where possible, limiting app permissions, and signing out of unused accounts can shrink the volume of sensitive information available to both manufacturers and any intruder who gains access. Even if not all data flows can be disabled, reducing them narrows the potential payoff for attackers.

Finally, consumers can factor security into purchasing decisions. Looking for products that receive regular firmware updates, offer clear privacy controls, and support easy network isolation can shift demand toward safer designs. While the FBI and FTC records highlight serious systemic issues, they also imply that individual configuration choices still matter. A smart TV will always be more than a screen, but with deliberate setup, it does not have to be an open door into the rest of the home.

More from Morning Overview

*This article was researched with the help of AI, with human editors creating the final content.