Slashdot Mirror

← Back to Stories (view on slashdot.org)

Samsung and Roku Smart TVs Vulnerable To Hacking, Consumer Reports Finds (consumerreports.org)

Posted by BeauHD on from the heads-up dept.

An anonymous reader quotes a report from Consumer Reports: Consumer Reports has found that millions of smart TVs can be controlled by hackers exploiting easy-to-find security flaws. The problems affect Samsung televisions, along with models made by TCL and other brands that use the Roku TV smart-TV platform, as well as streaming devices such as the Roku Ultra. We found that a relatively unsophisticated hacker could change channels, play offensive content, or crank up the volume, which might be deeply unsettling to someone who didn't understand what was happening. This could be done over the web, from thousands of miles away. (These vulnerabilities would not allow a hacker to spy on the user or steal information.) The findings were part of a broad privacy and security evaluation, led by Consumer Reports, of smart TVs from top brands that also included LG, Sony, and Vizio. The testing also found that all these TVs raised privacy concerns by collecting very detailed information on their users. Consumers can limit the data collection. But they have to give up a lot of the TVs' functionality -- and know the right buttons to click and settings to look for.

2 of 102 comments (clear)

  1. What we've been saying by Gaygirlie · · Score: 5, Insightful

    In fact, one TV requires that you accept a broad privacy policy during setup before you can use the most basic, internet-free functions, such as watching TV using an antenna.

    This is exactly the kind of stuff many of us have expected to happen and it'll most likely happen more and more in the future; companies see you as a product and whatever they sell you is still their property in their view, not yours. Don't want to be spied on? Tough shit, it's not your decision!

  2. From Roku by Anonymous Coward · · Score: 5, Informative

    https://blog.roku.com/consumer-reports-got-wrong

    Gary Ellison - February 7, 2018

    Consumer Reports issued a report saying that Roku TVs and players are vulnerable to hacking. This is a mischaracterization of a feature. It is unfortunate that the feature was reported in this way. We want to assure our customers that there is no security risk.

    Roku enables third-party developers to create remote control applications that consumers can use to control their Roku products. This is achieved through the use of an open interface that Roku designed and published. There is no security risk to our customers’ accounts or the Roku platform with the use of this API. In addition, consumers can turn off this feature on their Roku player or Roku TV by going to Settings>System>Advanced System Settings>External Control>Disabled.

    In addition the article discusses the use of ACR (Automatic Content Recognition). We took a different approach from other companies to ensure consumers have the choice to opt-in. ACR is not enabled by default on Roku TVs. Consumers must activate it. And if they choose to use the feature it can be disabled at any time. To disable consumers have to uncheck Settings > Privacy > Smart TV experience > Use info from TV inputs.

    We take the security of our platform and the privacy of our users very seriously.

    Happy Streaming!