Report: Your Smart TV may be vulnerable to hacking and aggressive data collection

Smart TVs and streaming devices from Samsung and Roku are being easily exploited by hackers, while a wide range of manufacturers are collecting alarming volumes of data on viewing habits, Consumer Reports says.

In an extensive investigation into the security of connected viewing devices and user privacy policies, top manufacturers were found wanting, according to the influential consumer advocate.

Firstly, the site said claimed “unsophisticated” hackers could change channels, alter the volume or even push offensive content to unsuspecting owners of Samsung TVs and users of the Roku TV platform.

By working with security firm Dissconnect, CR said the “relative simplicity” of hacking the sets was simply down to “basic security practices not being followed.”

Related: Best TV 2018

Eason Goodale, Disconnect’s lead engineer said the Roku TV platform left customers wide open to hackers.

He said: “Roku devices have a totally unsecured remote control API enabled by default.

“This means that even extremely unsophisticated hackers can take control of Rokus. It’s less of a locked door and more of a see-through curtain next to a neon ‘We’re open!’ sign.”

Samsung has attempted to make sure only authorised applications can control the TV, but a flawed mechanism makes it possible for hackers to take over, the report says.

In a statment Samsung said it was evaluating the issue and thanked CR for alerting it to the potential concern. Roku, on the other hand, hit back hard in a blog post entitled “Consumer Reports Got it Wrong“.

VP Gary Ellison wrote: “Consumer Reports issued a report saying that Roku TVs and players are vulnerable to hacking. This is a mischaracterization of a feature. It is unfortunate that the feature was reported in this way. We want to assure our customers that there is no security risk.”

Data collection is off the charts

When it comes to privacy, the investigation found sets from manufacturers like LG, Sony, TCL and Vizio were haemorrhaging viewing data.

It says the sets are transmitting “a remarkable amount of information about their users back to the TV manufacturers and their business partners.”

CR found consumers who race through the process of setting up the Smart TV end up agreeing to sharing too much; calling it “oversharing by design.”

It also says “a constant stream of viewing data will be collected through automatic content recognition” and encourages viewers to turn the feature off.

CR alleges consumers who don’t agree to a wide-ranging privacy policy face an “all or nothing” situation, where they choose between surrendering rights or their ability to access useful features.

The site also advises users who’re concerned about data gathering methods to turn off the set’s Wi-Fi, or restore the TV to factory settings and take a closer look at the privacy policies.

While we’re proud of our own testing processes here at Trusted Reviews, it’s fair to say Consumer Reports carries a lot of weight with shoppers, especially in the US.

The site’s “Recommended” tag can make or break a product, which is why you see companies like Apple, Microsoft and Tesla treading carefully when that recommendation is not forthcoming.

Do you think you play too fast and free with privacy policies? Are you worried about smart TV data collection practices? Share your concerns with us @TrustedReviews on Twitter.