The American Consumer Reports today revealed it has found that Samsung smart TVs and TVs using the Roku TV smart TV platform, can be easily controlled by hackers. The TVs contain security flaws that can be easily discovered and exploited according to Consumer Reports. Also, several Roku streaming devices are affected.
When hackers obtain access to the TV, they can remotely change channels, play (offensive) content or change the volume. Consumer Report stresses that the security flaw don't allow hackers to spy on users, or obtain (sensitive) data.
The organization tested smart TVs from Samsung, LG, Sony, TCL, and Vizio for privacy and security. They found that all TVs collected detailed information on their owners. It also found that while users can limit the amount of data collected, they can only do so when they give up parts of the 'smart' functionality. Also, the settings to restrict the data collection were relatively hard to find and require a rather tech-savvy user.
Consumer Reports, together with cybersecurity and privacy organizations, has developed a new 'Digital Standard' that should help TV manufacturers on how they should deal with privacy, security and other digital rights.
“The goal is to educate consumers on their privacy and security options and to influence manufacturers to take these concerns into consideration when developing their products,”, Consumer Reports writes on its website.
In the future, privacy and security test results will become part of the overall score of smart TV ratings.
It's not the first time smart TVs are in the news. Previously, smart TV manufacturers were found to collect all kinds of data on users. Wikileaks also leaked instructions from the CIA on how to eavesdrop on users using smart TVs.
Update: Roku has issued a statement on the issue:
Consumer Reports issued a report saying that Roku TVs and players are vulnerable to hacking. This is a mischaracterization of a feature. It is unfortunate that the feature was reported in this way. We want to ensure our customers that there is no security risk. Roku enables third-party developers to create remote control applications that consumers can use to control their Roku products. This is achieved through the use of an open interface that Roku designed and published. There is no security risk to our customers’ accounts or the Roku platform with the use of this API. In addition, consumers can turn off this feature on their Roku player or Roku TV by going to Settings>System>Advanced System Settings>External Control>Disabled.
In addition the article discusses the use of ACR [ Automatic Content Recognition]. We took a different approach from other companies to ensure consumers have the choice to opt-in. Therefore, the feature called More Ways to Watch, which uses ACR, is not enabled by default on Roku TVs. Consumers must activate it. And if they choose to use the feature it can be disabled at any time. To disable consumers have to uncheck Settings > Privacy > Smart TV experience > Use info from TV inputs.
We take the security of our platform and the privacy of our users very seriously.
