In this smart and connected world of technology, security has become the primary concern for many. Every gadget in our homes could connect and communicate with one another. This opens up the possibility of a large-scale cyber-loot if the security gets breached. And it’s very much possible. Even tech companies of stature as big as Google and Amazon have been victims of such security vulnerabilities. Now a recent finding by Consumer Reports says that a number of popular smart TV brands including Samsung are vulnerable to some easy-to-exploit security flaws.
Smart TVs from Samsung and other brands that use the Roku smart-TV platform are vulnerable to a number of easy-to-find security flaws that hackers can exploit easily, claims Consumer Reports. The flaws could allow the hackers to pump the volume of the TV, change channels, open offensive YouTube content, or kick the TV off the Wi-Fi network. This could be done over the web, from thousands of miles away and the user won’t even understand what’s happening. However, these vulnerabilities limit the hackers to illegal control of the TV only. They couldn’t perform more complicated threats such as spying on the user or stealing sensitive information.
Consumer Reports conducted a test on five different smart TVs from different brands, namely Samsung, TCL, Sony, LG and Vizio. They also used a digital security tool in an effort to include a “digital privacy and security standard” to the products before conducting the tests. They also made sure that the tested TVs were powered by different platforms. The TCL product runs on Roku while the Sony and Vizio TVs used a variety of Google-developed systems. The Samsung and LG smart TVs run on their own platforms, Tizen and WebOS, respectively.
According to Consumer Reports, Samsung and TCL TVs are vulnerable to some security flaws, that could allow their researchers to remotely control the TVs. They couldn’t, however, breach the security of the tested LG, Vizio, and Sony TVs. Consumer Reports further state that other smart TVs that run on the Roku platform, such as Hisense, Hitachi, Insignia, Philips, RCA, and Sharp, are also vulnerable to the flaws. They also claim that even Roku’s own hardware products are not secure.
Disconnect, Consumer Reports’ partner cyber-security firm, says Roku products used “a totally unsecured remote control API.” The API was also the default tool used on Roku devices, allowing even extremely unsophisticated hackers to take control of Roku powered devices. Roku, however, has refuted the claims and issued a statement saying Consumer Reports “got it wrong.” The company is fully assured that there is no security risk in their products.
“This is a mischaracterization of a feature. It is unfortunate that the feature was reported in this way. We want to assure our customers that there is no security risk,” said Gary Ellison, Roku’s VP of trust engineering. He also claimed that the supposedly unsecured remote control API could only be activated when users choose to.
“In addition, consumers can turn off this feature on their Roku player or Roku TV by going to Settings>System>Advanced System Settings>External Control>Disabled,” he explained.
Samsung is yet to comment on these findings by Consumer Reports.