A study by KU Leuven shows that built-in web browsers in devices such as tablets, smart TVs, e-readers and cars are often outdated and rarely receive security updates, which entails an increased risk of security problems.
Built-in browsers in less obvious smart devices such as smart TVs or cars are often severely outdated. That is the conclusion of KU Leuven after its own research. Manufacturers neglect the browsers and do not provide updates, so that security problems increase over time. For example, in an office environment, the smart TV in the relaxation area poses a security risk.
Outdated upon delivery
KU Leuven examined 53 digital devices that use built-in web browsers to display websites or online content. The research shows that the browsers on many of these devices run on severely outdated software. In some cases, the browser was already based on a version that was more than three years old upon delivery.
In contrast to browsers on computers and smartphones, which regularly receive automatic updates, built-in browsers in other devices often remain untouched. “The browsers often closely resemble Chrome or Firefox. The difference is that browsers on computers and smartphones are automatically updated at least monthly with much-needed security updates, while browsers on those other devices often are not,” says researcher Gertjan Franken.
According to the researchers, there is little transparency. Consumers usually cannot check whether and when a browser is updated. Some manufacturers promise free security updates, but leave the browser untouched. This leads to a false sense of security. That is why the researchers themselves have developed an online tool: Check Engine. With it, you can check whether a browser on one of your smart devices is up to date.
Consistently exploitable
The researchers also carried out a technical analysis to test how vulnerable the outdated browsers are. In any case, they were able to break through the security and gain access to sensitive data. “The biggest problem is not that the browsers are built unsafely, but that they are not maintained,” says professor Lieven Desmet. According to him, regular updates are crucial to address new threats.
The researchers call on manufacturers to not only focus on user-friendliness and design, but also on structural maintenance and openness about security. They refer to the upcoming EU Cyber Resilience Act, which will require manufacturers to provide security updates for digital products throughout their lifespan from the end of 2027.
read also
The blind spot of IoT: how safe are smart devices?
No quick solution
For users, it is currently difficult to protect themselves. Many devices do not offer the option to update the built-in browser. In a business context, the problem illustrates how important it is to only allow suitable devices on the network. Smart devices with browsers are sometimes in the same boat as IoT devices and can pose a security risk. Devices that do not receive sufficient updates do not belong on the company network.