Consumer Reports examined five of the top-selling brands of smart televisions Samsung, LG, Sony, TCL and Vizio and the events were not surprising. All five TVs traced users’ viewing habits, even when they were not running. This was something that most of us knew was going on now.
Tracking sounds bad but most of the data gathering going on is harmless. We put up with it to a particular extent every day when we visit Amazon, Facebook, Netflix and other big websites and services. What is more about is the potential for abuse or other security interests like vulnerabilities to hacking.
Two of the brands were touching in terms of security Samsung and TCL Roku-enabled TVs. Consumer Reports was able to hack into both of the Roku-branded sets easily. In fact, it happened with the Roku functionality itself that permitted the unauthorized access.
“What we found most difficult about this, was the relative integrity of gaining access,” said Glenn Derene, Consumer Report’s senior director of content. They were able to fully command the TVs raising the sound, changing the channel, pulling up “offensive” content, and even booting the device via WiFi. He said that the comparative ease of hacking the devices was due to “basic security practices not being replaced.”
The security risk includes a Roku functionality that is also being in its set-top boxes. The feature allows users to examine the TV or Roku box using their smartphone or tablet.
When told of the vulnerability, both Roku and Samsung told they would look into the stuff but this morning, Roku fired back saying that “Consumer Reports got it wrong.”
Roku calls CR’s report “a mischaracterization of a feature.”
“It is sad that the feature was reported in this way,” said Gary Ellison, a Roku vice president. “We want to guarantee our customers that there is no security risk.”
Ellison reveals that the feature in the problem is an open API that it uses to allow third-party developers to create command apps. He seems to ignore the opportunity of the API being misused and reasons that the vulnerability is not really a risk since the customer can disable it.
Take your time to comment on this article.