Samsung’s ham-handed handling of a recent corporate tweet is further evidence that companies aren’t very good at security messaging.
Initially, the company tweeted out a warning that users should run an AV scan on their smart TVs every few weeks.
What followed was a video on how to do this. The Verge refers to the practice of running such a scan as “laborious,” while Gizmodo states that the process is reasonably straightforward. “Just head into the General Settings, choose System Manager and then Smart Security and hit Scan.” Regardless, there is no way to automate the scan.
Samsung has since removed the tweet, presumably after being criticized for reminding people how annoying it is to own a smart TV in the first place, and how poor some of Samsung’s previous security practices have been. There’s also been speculation that a new security flaw or attack may have been discovered that hits Samsung TVs in particular. Regardless, the company’s decision to pull this messaging is a mistake.
Smart TVs are annoying. Even if you have no choice but to buy one, I’d still recommend hooking it to an HTPC and using it as a dumb display. But this isn’t how most people use televisions, and it’s foolish to think everyone is going to change just because it makes good security sense to do so. Given that smart TVs are increasingly ubiquitous, customers are going to either have to learn to secure them. Samsung doesn’t yet seem to understand that part of teaching your customers to practice good security is accepting that you’ll occasionally be the company on the firing line. Companies should absolutely build AV scanners that work and provide effective security, but reminding people to periodically use the security tools you provide is not akin to kicking off a panic.
The reason for these kinds of occasional messaging collisions, in my view, is that the principles of security are almost entirely opposed to principles of marketing. Security requires vigilance. Marketing emphasizes ease-of-use and the concept of “just works.” Security requires monitoring and, in some cases, a deep understanding of the underlying product and how it functions.
Marketing understands that the last thing people want to do is worry about whether something is safe. Good security requires acknowledging that all security is a matter of degree and that absolute safety is a myth. The goal of marketing is to minimize the perception that future problems could occur for any reason, but especially reasons that might imply that the manufacturer didn’t do its job right the first time around. Good security starts by acknowledging that no one’s system can be assumed to be secure.
There are a lot of practical security questions to be raised about the state of smart TVs. Given how bad mobile phone antivirus tools are, it would be worth knowing whether smart TVs are any better, for one thing. But at heart, the idea that people should think about the security of internet connected devices is a good one, not a bad one. It may be annoying. It may be a good example of a product category where we’ve increased the annoyance factors that clutter up our lives rather than sticking with the simple usefulness of a “dumb” TV. But so long as smart TVs represent potential attack vectors, people need to be aware of it.
- ATT Cancels Samsung Galaxy Fold Pre-Orders
- Samsung’s Latest Galaxy Tab S5e Has an Enormous Wi-Fi Flaw
- Samsung Unveils Vertical TV Aimed at Millennials