Smart TVs and streaming devices are a vulnerable target for hackers, according to a new report.
Consumer research magazine Consumer Reports found that hackers can exploit “easy-to-find” security flaws in televisions from brands including Samsung and TCL, while streaming devices that use the Roku platform may also be vulnerable.
“We found that a relatively unsophisticated hacker could change channels, play offensive content, or crank up the volume, which might be deeply unsettling to someone who didn’t understand what was happening,” the Consumer Reports study claimed. “This could be done over the web, from thousands of miles away.”
The findings were part of a broad privacy and security evaluation, led by Consumer Reports, of smart TVs from top brands that also included LG, Sony and Vizio.
A smart TV user could be using a smartphone or laptop running on the same Wi-Fi network as their smart TV, visit a site or download something with the malicious code and be instantly affected.
“They [the flaws] allowed researchers to pump the volume from a whisper to blaring levels, rapidly cycle through channels, open disturbing YouTube content, or kick the TV off the Wi-Fi network,” Consumer Reports said.
“The exploits didn’t let us extract information from the sets or monitor what was playing. The process was crude, like someone using a remote control with their eyes closed. But to a television viewer who didn’t know what was happening, it might feel creepy, as though an intruder were lurking nearby or spying on you through the set.”
The TCL vulnerability applies to devices running the Roku TV platform — including sets from other companies such Hisense, Hitachi, Insignia, Philips, RCA and Sharp — as well as some of Roku’s own streaming media players, such as the Ultra, the report said.
The Samsung vulnerability was said to be harder to spot – exploited only if the user had previously employed a remote control app on a mobile device that works with the TV, and then opened the malicious webpage using that device.
Speaking to Consumer Reports, Samsung said that it was still evaluating the issue.
“We appreciate Consumer Reports’ alerting us to their potential concern,” a Samsung spokesperson said. “[These changes] will be in a 2018 update… as soon as technically feasible.”
Though Roku devices are not available in Australia, Telstra TV uses a rebranded Roku player and may also be vulnerable to hacks.
What TVs are affected and what can you do to stop hacking?
Smart TVs that use the Roku platform could be affected, according to Consumer Reports. Its researchers identified Samsung and TCL televisions as being at risk, but several other brands may also be vulnerable, including:
Consumer Reports advises that resetting to the factory TV settings and turning off your TV’s Wi-Fi connection can be beneficial. Paying attention to what you click ‘agree’ to in the TV’s set-up process could also curb potential hackers, as clicking disagree may block user information from being sent to the TV manufacturer.