Does Your TV Have This Security Flaw?

CONSUMER REPORTS -- Could your TV be controlled by hackers? A new investigation by Consumer
Reports found millions of smart TVs don't  do enough to protect your security.

Consumer Reports has found millions of smart TVs from major manufacturers can
be controlled by hackers exploiting easy to-find security vulnerabilities. The
problems affect Samsung televisions along with TV models made by TCL and
other brands that use the Roku TV platform.

While evaluating smart TVs for data privacy and security, CR came across a vulnerability in some smart TVs that can be exploited by a hacker, who could write code to control the TV without the
user’s permission.

CR was able to demonstrate how a hacker could potentially take over your TV --
change channels, play offensive content, or turn the volume up to full blast. All
without your control.

This happens because many smart TVs have a programming interface, called an API, that lets you use for smartphone or tablet as a remote control over wifi. In some cases, CR found that this API was not properly secured and that could let a hacker control your TV.

This investigation marks Consumer Reports' first tests using the Digital Standard, which was developed to evaluate the privacy and security of products and services. When CR reached out to Samsung and Roku, both companies said they take privacy and security seriously. TCL referred to Roku's response.

What Consumers Can Do

You could just buy an old-fashioned “dumb” TV, without built-in streaming capabilities, but these are becoming harder to find. Of the nearly 200 midsized and large sets in Consumer Reports’ ratings, only 16 aren’t smart TVs. And those are 2017 models—in 2018 we expect to see even fewer internet-free televisions.


If you do buy a new smart TV, decide whether you want to block the collection of viewing data. If so, pay close attention during setup. There, you can agree to the basic privacy policy and terms of service—which still triggers a significant amount of data collection—while declining ACR.


And, if you already have a smart TV but would like to restrict data collection, you can do the following:


Reset the TV to factory settings. Then, as you go through the setup process, say yes to the most basic privacy policies and terms of service but don’t agree to the collection of viewing data.


Turn off ACR using the settings. These settings are typically buried three or four menus deep—but we’ve compiled directions for you. “And,” Brookman says, “if you can't figure it out, call customer support and make them walk you through it.” That will have the added benefit of letting companies know that you care about your privacy.


Turn off the TV’s WiFi connection. Do this, though, and you essentially don’t have a smart TV anymore. You’ll need to add a separate streaming media device to get web-based content. And, you won’t be surprised to hear, those devices may have their own expansive data collection practices.


© 2018 WFMY-TV


To find out more about Facebook commenting please read the
Conversation Guidelines and FAQs

Leave a Comment