Smart TVs evolved from entertaining gimmick to the only option in a shockingly short window of time. It’s now next to impossible to find a new HDTV or 4K TV that doesn’t have some smart features included, but according to Consumer Reports, this might be opening us all up to a new kind of hacking that we aren’t prepared for.
After analyzing top TV brands in a broad privacy and security evaluation, Consumer Reports found that Samsung and TCL’s Roku TVs both have security flaws that can be easily exploited by hackers. Without much effort, a hacker could take control of a flawed smart TV, change channels, mess with the volume, install apps and play inappropriate content from those apps. Most frightening of all — they can do all of this online, even if they’re miles away.
During its research, Consumer Reports, in conjunction with privacy-enhancing software developer Disconnect, found that TCL’s vulnerability — which also applies to Roku TVs from Insignia, Philips, Sharp and more — stemmed from an unsecured remote control API, which is enabled by default on all of these TVs. In order to put themselves in danger, a Roku TV owner would have to click on a malicious link on their phone or laptop while connected to the same network as the TV. Roku downplayed the threat, but all it takes is one wrong click.
“Samsung smart TVs attempt to ensure that only authorized applications can control the television,” said Disconnect lead engineer Eason Goodale in regards to the vulnerability that plagues Samsung’s smart TVs. “Unfortunately, the mechanism they use to ensure that applications have previously been authorized is flawed. It’s as though once you unlocked your door, the door would never lock again.”
The good news is that the security flaws don’t allow hackers to spy on you or steal your personal information. The bad news is that they’re incredibly easy to exploit. Roku notes that users can turn off the External Control feature while Samsung says that it is evaluating the issue and working on an update that should address some of Consumer Reports’ concerns. Until then, keep being smart about what you click online.