Consumer Reports tested five Smart TVs, running five different software platforms, and found that Samsung TVs as well as Rokus TVs and players are vulnerable to hackers. It also found that all of the TVs collect very detailed user information through ACR.
Vulnerable Smart TVs
The TVs tested were Samsung MU8000 (Tizen platform), LG UJ7700 (webOS platform), TCL P series (Roku platform), Sony X80E (Android TV platform), and Vizio P series (SmartCast/Chromecast platform).
- “Consumer Reports has found that millions of smart TVs can be controlled by hackers exploiting easy-to-find security flaws,” the report said. “The problems affect Samsung televisions, along with models made by TCL and other brands that use the Roku TV smart-TV platform, as well as streaming devices such as the Roku Ultra.”
Consumer Reports claims that “a relatively unsophisticated hacker could change channels, play offensive content, or crank up the volume” remotely over the web. However, a hacker could not extract personal information. It found Roku TVs to be the most vulnerable to this kind of attack and pointed out that the flaw had been discussed on forums since 2015.
Samsung has responded by saying that it will evaluate the issue. It will also fix other issues that CR uncovered in a “2018 update, to be determined”. Roku has released a statement saying that “Consumer Reports got it wrong” and that “there is no security risk to our customers’ accounts or the Roku platform with the use of this API”.
Your TV knows you
Consumer Reports further explains that all of the Smart TVs are using ACR, or automatic content recognition, to identify every show that you watch. This information is used for targeted advertisement, recommendations, marketing, and other purposes. Your data is also shared with third parties.
- ”The testing also found that all these TVs raised privacy concerns by collecting very detailed information on their users. Consumers can limit the data collection. But they have to give up a lot of the TVs’ functionality—and know the right buttons to click and settings to look for,” Consumer Reports said.
Vizio settled a case with FTC in 2017 for this type of data collection without the user’s consent. The report notes that all TV manufacturers require you to opt in but that if you do not, the TV’s features will be limited in various ways. The Sony TV, based on Google’s Android TV platform, was the “only one that required you to agree to a privacy policy and terms of service to complete the setup of the TV”. Sony responded by saying that the internal tuners still work even if the TV has been disconnected from the internet. This applies to all Android TVs.
Also read: Roku TVs will track what you watch to serve recommendations, target ads
The test was based on the so-called Digital Standard, developed in collaboration with cybersecurity and privacy organizations.
The report is the latest in a long string of reports to call out security issues and questionable data collection practices. Most recently, the New York Times reported that smartphone apps use audio recognition to track what you are watching on your TV.
How can you avoid this? Follow the steps in our guide here.
- Source: Consumer Reports
