New Analysis Claims Your Smart TV Might Be Vulnerable to Hacks

Thanks to their innovative combination of large displays and all-inclusive, Wi-Fi connected interfaces, Smart TVs have exploded in popularity among consumers, as their prices continue to normalize with the rest of the market.

However despite their perceived benefits, which include on-demand access to a wide range of internet connected services like Netflix, Hulu and more, a recent analysis of the market’s biggest Smart TV offerings has unsettlingly revealed how they might be vulnerable to hackers.

In fact, as conveyed in an exclusive, USA Today report published this morning, your Smart TV is “probably monitoring more of your viewing than you realize.”

That’s in part because they boast a technology dubbed Automatic Content Recognition, which is designed to monitor what you watch “in an attempt to do a better job than Nielsen at measuring viewership.”

Privacy and Security Concerns

Essentially, “several problems” were discovered during an analysis of Smart TV offerings from five of the market’s biggest vendors — Samsung, Sony, LG, TCL and Vizio, according to Consumer Reports, who not only said the units it tested were capable of tracking what you watch, but certain models from Samsung and TCL were found to have “failed basic security tests.”

In fact, the agency appears to boast the ease of which they were able to “take over complete remote control of the [Samsung & TCL/Roku] TVs” and carry out a variety of tasks including changing the channel, tweaking with the volume, installing apps and even downloading a range of  “objectionable content” from the web.

“What we found most disturbing about this, was the relative simplicity of” [how easy it was to hack in], said Consumer Reports’ senior director of content, Glenn Derene.

Derene added that it’s particularly “frightening” that some unknown, remote actor could do things like start typing into the search bar, launch or install apps, disable the TV’s Wi-Fi connectivity, and even use the hack to “harass and frighten someone.”

“Basic security practices were not being followed,” Derene concluded, noting how his firm was able to hack the TCL/Roku device using the manufacturer’s own feature which gives users the option to use devices like their smartphone as a remote to control Roku from afar.

Other Key Findings and Conclusions

In addition to the security risks, Consumer Reports found that the Smart TVs it tested “asked for permission to collect viewing data and other information” — and it wasn’t particularly easy for users to discern what information they were agreeing to share.

There was even a “tendency to request oversharing,” the agency said, pointing to the TVs apparent disposition to monitoring everything its watcher did — regardless of whether they were streaming a show on Netflix or merely playing a DVD.

Moreover, while most consumers might be aware (to a certain extent) that they’re being tracked by Internet-streaming services like Netflix and Hulu (who gather info so as to recommend the best new shows), “It’s just not the expectation of consumers that their TV will be tracking everything they watch, particularly if they’re not streaming.”

Samsung and TCL Respond

Both Samsung and TCL-owned Roku have since responded to Consumer Reports’ findings, with both firm’s reportedly indicating they “would take a closer look at the issues and address them,” USA Today said.

As of Wednesday morning, however, TCL appeared to push back on the findings, suggesting in a blog post published to its website that the agency simply “got it wrong,” and “there is no security risk” associated with its products, as they previously indicated.

“We take the security of our platform and the privacy of our users very seriously,” Roku vice president, Gary Ellison, said.

How to Fix These Issues?

Consumer Reports provides a few, hit-or-miss solutions which may help users avoid these complications with their Smart TV.

Since they’re equipped with the Automatic Content Recognition feature, which allow these Smart TVs to closely monitor what you watch and share that information, Consumer Reports recommends simply turning the feature off via your device’s settings menu.

Other interesting options include turning off your Wi-Fi box while you watch TV… though even Consumer Reports admitted that “doesn’t make sense” since the whole point of owning a Smart TV is that you’re able to connect to the web, right?

Alternatively, they suggest reverting to the use of a “dumb TV” to stream your content the old fashioned way (via set-top box) — though there’s no guarantee that will even help. They found that Roku’s streaming box, which utilizes the same operating system as Roku-branded TVs, was also vulnerable.

Interestingly, today’s findings come exactly a year after TV maker, Vizio, agreed to a $2.2 million deal that settled allegations from the Federal Trade Commission and the Office of the New Jersey Attorney General which concerned the company’s excessive collection of its users’ viewing data without their consent.