Consumer Reports: Samsung and Roku ‘smart’ TVs vulnerable to hacking

“Consumer Reports has found that millions of smart TVs can be controlled by hackers exploiting easy-to-find security flaws,” Consumer Reports reports. “The problems affect Samsung televisions, along with models made by TCL and other brands that use the Roku TV smart-TV platform, as well as streaming devices such as the Roku Ultra.”

“We found that a relatively unsophisticated hacker could change channels, play offensive content, or crank up the volume, which might be deeply unsettling to someone who didn’t understand what was happening. This could be done over the web, from thousands of miles away. (These vulnerabilities would not allow a hacker to spy on the user or steal information),” CR reports. “The findings were part of a broad privacy and security evaluation, led by Consumer Reports, of smart TVs from top brands.”

“This is the first time Consumer Reports has carried out a test based on our new Digital Standard, which was developed by CR and partner cybersecurity and privacy organizations to help set expectations for how manufacturers should handle privacy, security, and other digital rights,” CR reports. “The goal is to educate consumers on their privacy and security options and to influence manufacturers to take these concerns into consideration when developing their products.”

“Smart TVs can identify every show you watch using a technology called automatic content recognition, or ACR, which we first reported on in 2015. That viewing information can be combined with other consumer information and used for targeted advertising, not only on your TV but also on mobile phones and computers,” CR reports. “We discovered flaws in sets from TCL and Samsung… The TCL vulnerability applies to devices running the Roku TV platform—including sets from other companies such Hisense, Hitachi, Insignia, Philips, RCA, and Sharp — as well as some of Roku’s own streaming media players, such as the Ultra.”

Read more in the full article here.

MacDailyNews Take: Caveat emptor.

[Thanks to MacDailyNews Reader “Whit D.” for the heads up.]


  1. All iot stuff is constantly phoning home, with many services like hulu sending analytics unsecured. Your isp knows exactly when your electronics are used, when you are home, and every bit of media you consume. Nest knows when you’re on vacation, Samsung knows what you eat from your fridge’s grocery list. Apple is no different, other than the corporate logo and the encryption to ensure only Apple uses the analytics it collects. But stop pretending Apple is any less of a snoop.

    1. And that is one of the important reasons why I stick with Apple. You can believe what you want but, in my opinion, you are not much of a “Mac Observer” if you believe that Apple does not care any more about consumer privacy than Samsung.

      Have you read the guidelines/restrictions on iOS apps regarding the types of data that can be collected and the requirement for user approval to obtain that data?

      Have you “observed” Apple’s push towards strong end-to-end encryption for its services and on its devices, even against the criticism of the U.S. government? Are you aware of the secure enclave chip? Please tell me that you post this type of comment based on more than pessimistic gut feel…

      1. If you took the time to monitor your network’s outgoing traffic, you might come away with a different impression of Apple. They are snatching analytics from you as much as any other company. While Apple claims to secure and anonymize the data, it never offers proof. No cloud company does.

  2. My “smart” Samsung has only been online once…to try the choppy as hell Amazon app. Took it offline when audio was constantly out of sync after a few minutes while watching movies. Known solution. Great TV, but not smart. Been offline ever since.

  3. I’ve guessed as much for a while now. When I got my second Western Digital Media Center I didn’t configure it to my wifi because frankly I didn’t know how secure it was.

    As far as I’m concerned if you link your smart TV to your wifi system then you’re just asking for trouble. Ditto with media players as well.

    We have a dedicated set top box for a streaming service (and I don’t know how secure it is) and that’s it. Even the hard drives (with our digitised media collection) are cabled to the media centre. When it gets replaced by a top end Roku the hard drives will be cabled to that media centre as well. I don’t have to have a computer running it’s just be treated a dumb media player.

    I’ve always taken the view that if software is written for a media centre or a smart television it can be hacked by someone else writing a different piece of software. It kind of vindicates people with dvds and blu-rays insofar as you just know that it’s locked down and safe.

  4. Wait just one minute…hasn’t MDN told us countless times that Consumer Reports doesn’t know what they’re talking about with regard to electronics? That CU should stick to washing machines?

    Now, since they are bashing Samsung we should listen to them, I guess…

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.