large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

Report: Your Smart TV may be vulnerable to hacking and aggressive data collection

Smart TVs and streaming devices from Samsung and Roku are being easily exploited by hackers, while a wide range of manufacturers are collecting alarming volumes of data on viewing habits, Consumer Reports says.

In an extensive investigation into the security of connected viewing devices and user privacy policies, top manufacturers were found wanting, according to the influential consumer advocate.

Firstly, the site said claimed “unsophisticated” hackers could change channels, alter the volume or even push offensive content to unsuspecting owners of Samsung TVs and users of the Roku TV platform.

By working with security firm Dissconnect, CR said the “relative simplicity” of hacking the sets was simply down to “basic security practices not being followed.”

Related: Best TV 2018

Eason Goodale, Disconnect’s lead engineer said the Roku TV platform left customers wide open to hackers.

Roku-Express-2

He said: “Roku devices have a totally unsecured remote control API enabled by default.

“This means that even extremely unsophisticated hackers can take control of Rokus. It’s less of a locked door and more of a see-through curtain next to a neon ‘We’re open!’ sign.”

Samsung has attempted to make sure only authorised applications can control the TV, but a flawed mechanism makes it possible for hackers to take over, the report says.

In a statment Samsung said it was evaluating the issue and thanked CR for alerting it to the potential concern. Roku, on the other hand, hit back hard in a blog post entitled “Consumer Reports Got it Wrong“.

VP Gary Ellison wrote: “Consumer Reports issued a report saying that Roku TVs and players are vulnerable to hacking. This is a mischaracterization of a feature. It is unfortunate that the feature was reported in this way. We want to assure our customers that there is no security risk.”

Data collection is off the charts

When it comes to privacy, the investigation found sets from manufacturers like LG, Sony, TCL and Vizio were haemorrhaging viewing data.

It says the sets are transmitting “a remarkable amount of information about their users back to the TV manufacturers and their business partners.”

CR found consumers who race through the process of setting up the Smart TV end up agreeing to sharing too much; calling it “oversharing by design.”

It also says “a constant stream of viewing data will be collected through automatic content recognition” and encourages viewers to turn the feature off.

CR alleges consumers who don’t agree to a wide-ranging privacy policy face an “all or nothing” situation, where they choose between surrendering rights or their ability to access useful features.

The site also advises users who’re concerned about data gathering methods to turn off the set’s Wi-Fi, or restore the TV to factory settings and take a closer look at the privacy policies.

While we’re proud of our own testing processes here at Trusted Reviews, it’s fair to say Consumer Reports carries a lot of weight with shoppers, especially in the US.

The site’s “Recommended” tag can make or break a product, which is why you see companies like Apple, Microsoft and Tesla treading carefully when that recommendation is not forthcoming.

Do you think you play too fast and free with privacy policies? Are you worried about smart TV data collection practices? Share your concerns with us @TrustedReviews on Twitter.

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have 9 million users a month around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.