7 On Your Side, Consumer Reports Investigation finds millions of smart TV's can be hacked

Thursday, February 8, 2018
Investigation finds millions of smart TV's can be hacked
Could your TV be controlled by hackers? A new investigation by Consumer Reports found millions of smart TV's don't do enough to protect your security.

SAN FRANCISCO (KGO) -- Could your TV be controlled by hackers? 7 On Your Side's Michael Finney has details about a new investigation by Consumer Reports. It found millions of smart TV's don't do enough to protect your security.

Who's controlling your TV?

Consumer Reports has found millions of smart TV's from major manufacturers can be controlled by hackers exploiting easy to-find security vulnerabilities.

The problems affect Samsung televisions along with TV models made by TCL and other brands that use the Roku TV platform.

"While evaluating smart TV's for data privacy and security, we came across a vulnerability in some smart TV's that can be exploited by a hacker, who could write code to control the TV without the user's permission," revealed Maria Rerecich, Consumer Reports Electronics Testing.

Consumer Reports was able to demonstrate how a hacker could potentially take over your TV. They can change channels, play offensive content, or turn the volume-up to full blast. All without your control.

"This happens because many smart TV's have a programming interface, called an API, that lets you use for smartphone or tablet as a remote control over WiFi," said Rerecich. "In some cases, we found that this API was not properly secured and that could let a hacker control your TV."

This investigation marks Consumer Reports' first tests using the Digital Standard, which was developed to evaluate the privacy and security of products and services.

When Consumer Reports reached out to Samsung and Roku, both companies said, they "take privacy and security seriously." TCL referred to Roku's response.

To find out more about what you can do to protect your personal privacy, and limit the amount of data your smart TV is collecting about you, here is a link to Consumer Reports' website. You will find instructions specific to your TV.

Now a representative from Roku reached out to 7 On Your Side, on Wednesday morning, and released this statement:

"Roku takes security very seriously. There is no security risk to our customers' accounts or to the Roku platform as stated by Consumer Reports. Roku enables third party developers to create remote control applications that consumers can use to control their Roku devices. These applications are only accessible to those on a customer's Wi-Fi which we recommend consumers lock. If customers prefer, they can, turn off this feature by going to Settings>System>Advanced System Settings>External Control>Disabled. Any characterization of this feature as a vulnerability is inaccurate."

And we reached out to Samsung, and they provided us their statement:

"Protecting consumer data is one of our top priorities. Samsung's privacy practices are specifically designed to keep the personal information of consumers secure. Our Smart TVs include a number of features that combine data security with the best possible user experience. Before collecting any information from consumers, we always ask for their consent, and we make every effort to ensure that data is handled with the utmost care. We have been in contact with Consumer Reports regarding the evaluation of our Smart TV and are looking into the specific points made. To ensure the security of any device, we continue to evaluate the feedback we receive on all of our connected products."