Samsung and Roku Smart TVs Vulnerable to Hacking, Consumer Reports Finds
Security and privacy testing of several brands also reveals broad-based data collection. How to limit your exposure.
By Consumer Reports
Feb 7 2018
https://www.consumerreports.org/televisions/samsung-roku-smart-tvs-vulnerable-to-hacking-consumer-reports-finds/
Consumer Reports has found that millions of smart TVs can be controlled by hackers exploiting easy-to-find security flaws.
The problems affect Samsung televisions, along with models made by TCL and other brands that use the Roku TV smart-TV platform, as well as streaming devices such as the Roku Ultra.
We found that a relatively unsophisticated hacker could change channels, play offensive content, or crank up the volume, which might be deeply unsettling to someone who didn’t understand what was happening. This could be done over the web, from thousands of miles away. (These vulnerabilities would not allow a hacker to spy on the user or steal information.)
The findings were part of a broad privacy and security evaluation, led by Consumer Reports, of smart TVs from top brands that also included LG, Sony, and Vizio.
The testing also found that all these TVs raised privacy concerns by collecting very detailed information on their users. Consumers can limit the data collection. But they have to give up a lot of the TVs’ functionality—and know the right buttons to click and settings to look for. (see below.)
Data Collection in the Living Room
This is the first time Consumer Reports has carried out a test based on our new Digital Standard, which was developed by CR and partner cybersecurity and privacy organizations to help set expectations for how manufacturers should handle privacy, security, and other digital rights.
The goal is to educate consumers on their privacy and security options and to influence manufacturers to take these concerns into consideration when developing their products.
“The Digital Standard can be used to evaluate many products that collect data and connect to the internet,” says Maria Rerecich, who oversees electronics testing at Consumer Reports. “But smart TVs were a natural place to start. These sets are growing in popularity, and they can transmit a remarkable amount of information about their users back to the TV manufacturers and their business partners.”
Smart TVs represent the lion’s share of new televisions. According to market research firm IHS Markit, 69 percent of all new sets shipped in North America in 2017 were internet-capable, and the percentage is set to rise in 2018. Eighty-two million of these sets have already found their way to consumers.
Internet connectivity brings a lot of appealing functionality to modern televisions—including the ability to stream content through popular apps such as Hulu and Netflix, as well as to find content quickly using voice commands.
But that functionality comes with substantial data collection. Smart TVs can identify every show you watch using a technology called automatic content recognition, or ACR, which we first reported on in 2015. That viewing information can be combined with other consumer information and used for targeted advertising, not only on your TV but also on mobile phones and computers. For instance, if you’re watching a particular sports event, you could see an online advertisement from a brand interested in reaching fans of that sport.
In 2017 Vizio got in trouble with federal and state regulators for collecting this kind of data without users’ knowledge or consent. The company settled with the Federal Trade Commission for $1.5 million and the state of New Jersey for $2.2 million. The FTC has now made it clear that companies need your permission before collecting viewing data—but consumers may not understand the details, says Justin Brookman, director of privacy and technology at Consumers Union, the policy and mobilization division of Consumer Reports.
“For years, consumers have had their behavior tracked when they’re online or using their smartphones,” Brookman says. “But I don’t think a lot of people expect their television to be watching what they do.”
And manufacturers are aiming to make smart TVs the centerpiece of consumers’ increasingly connected homes. Companies such as LG and Samsung have recently shown off sets with built-in digital assistants that let you control other smart-home devices ranging from thermostats to security cameras to washing machines to smart speakers.
In a recent Consumer Reports subscriber survey of 38,000 smart-TV owners, 51 percent were at least somewhat worried about the privacy implications of smart TVs and 62 percent were at least somewhat worried about the sets’ security practices.
[snip]
Dewayne-Net Archives 