Millions of smart TVs can be hacked, Consumer Reports says

Millions of popular smart TVs can be easily controlled by hackers, product review magazine Consumer Reports has found.

Unsophisticated hackers can easily access smart TVs and play graphic content, turn up the volume and change channels on them.

They can do this over the web from the comfort of their own home, which could be thousands of miles away, according to the experts.

The findings detailed which products are the most vulnerable to hacking, including devices from Samsung and TCL.

A new study from Consumer Reports has found that millions of popular smart TVs can be accessed by unsophisticated hackers. Roku platforms, which are featured in televisions made by TCL, Hitachi, Insignia, RCA, Philips, Sharp and Hisense, are among the most vulnerable, the report said (file photo)

Their research also outlines which television manufacturers can easily spy on you and your family if you purchase their products.

Smart TV popularity in the US is on the rise. Consumer Reports cited research that showed 69 percent of new TV sets that were shipped within North America last year were internet capable. That percentage is supposed to rise this year, the report said.

The prevalence of the technology has grown so quickly that old-fashion TVs that cannot be connected to the internet are now hard to come by.

Out of the nearly 200 large and midsized TV sets that Consumer Reports evaluates, a mere 16 are not of the smart TV variation.   

While smart TVs may allow for more convenience, that convenience comes at a cost, Consumer Reports warned.

All five of the TVs used different smart TV platforms. Models made by Samsung and LG featured platforms designed by their own companies, but the TCL, Sony and Vizio televisions the magazine tested used platforms made by outside companies.

The TCL smart TV that Consumer Reports researchers tested was easily hacked. Hackers can blare the volume or change the channel on the machines from thousands of miles away (file photo)

The TCL smart TV that Consumer Reports researchers tested was easily hacked. Hackers can blare the volume or change the channel on the machines from thousands of miles away (file photo)

WHAT SMART TVS ARE AT RISK OF HACKING?

Consumer Reports has found millions of popular smart TVs can be easily controlled by hackers.

Samsung smart TVs are particularly vulnerable to hackers, according to the new analysis (file photo)

Samsung smart TVs are particularly vulnerable to hackers, according to the new analysis (file photo)

They found that the televisions made by Samsung and TCL were not secure, and the report described the flaws in the television sets.

The vulnerable Roku platform used by the TCL television can be found in sets from manufacturers Hitachi, Insignia, RCA, Philips, Sharp and Hisense, in addition to Roku’s own media streaming players, including the Ultra.

A Roku spokeswoman told Consumer Reports, ‘There is no security risk to our customers’ accounts or the Roku platform with use of this API [application programming interface],’ contradicting what the magazine had learned.

Samsung, on the other hand, said: ‘We appreciate Consumer Reports’ alerting us to their potential concern.’ It also said it is looking into the problem.

The Sony model featured in the study used Google’s Android TV platform, which is also found in LeEco and Sharp TVs.

The TCL model used the Roku platform, and the Vizio featured Chromecast, which is also made by Google. 

Consumer Reports analyzed two characteristics of the televisions featured in the study: their data collecting tendencies and hackers’ ability to access the machines.

‘Our security testing focused on whether basic security practices were being followed in the design of each television’s software,’ the report said.

Pictured is an LG smart TV that was evaluated by Consumer Reports. The model was not flagged for particularly bad security or privacy flaws in the new analysis (file photo)

Pictured is an LG smart TV that was evaluated by Consumer Reports. The model was not flagged for particularly bad security or privacy flaws in the new analysis (file photo)

They found that the televisions made by Samsung and TCL were not secure, and the report described the flaws in the television sets.

It said: ‘They allowed researchers to pump the volume from a whisper to blaring levels, rapidly cycle through channels, open disturbing YouTube content or kick the TV off the WiFi network.

‘To a television viewer who didn’t know what was happening, it might feel creepy, as though an intruder were lurking nearby or spying on you through the set.’

However, the researchers were not able to discern what was being played on the television while they were hacking it. The process was compared to someone controlling a remote with closed eyes.

The vulnerable Roku platform used by the TCL television can be found in sets from manufacturers Hitachi, Insignia, RCA, Philips, Sharp and Hisense, in addition to Roku’s own media streaming players, including the Ultra.

A platform made by Google found in Sony televisions makes it hard for users to deny the company when it asks to gather data about their habits (file photo)

A platform made by Google found in Sony televisions makes it hard for users to deny the company when it asks to gather data about their habits (file photo)

The problematic design was described as ‘totally unsecured’ in the report. Engineer Eason Goodale explained: ‘This means that even extremely unsophisticated hackers can take control of Rokus.

‘It’s less of a locked door and more of a see-through curtain next to a neon “We’re open!” sign.’

Consumer Reports noted that it was not the first whistle blower to notice the problem. It has been discussed in forums since 2015.

A Roku spokeswoman told Consumer Reports, ‘There is no security risk to our customers’ accounts or the Roku platform with use of this API [application programming interface],’ contradicting what the magazine had learned.

The Samsung television’s vulnerability was not as obvious. Even so, hackers could access the product in a relatively easy fashion.

Goodale said: ‘Samsung smart TVs attempt to ensure that only authorized applications can control the television.

‘Unfortunately, the mechanism they use to ensure that applications have previously been authorized is flawed.

The Sony television that Consumer Reports researchers evaluated was one of the worst in terms of collecting users' data, the new study said. If a user refuses to agree to Google agreements when setting up their new TV, basic functions  disappear, making the point of investing in a 'smart' TV unclear (file photo)

The Sony television that Consumer Reports researchers evaluated was one of the worst in terms of collecting users’ data, the new study said. If a user refuses to agree to Google agreements when setting up their new TV, basic functions disappear, making the point of investing in a ‘smart’ TV unclear (file photo)

‘It’s as though once you unlocked your door, the door would never lock again.’

Samsung said: ‘We appreciate Consumer Reports’ alerting us to their potential concern.’ It also said it is looking into the problem.

Consumer Reports found that the Sony TV, using Google’s Android TV platform, was the most invasive in terms of privacy.

During the setup process users are forced to agree to Google’s privacy policy. If they do not, users are not able to access some of the TV’s most basic functions. 

The report said: ‘The Sony television was the only one that required you to agree to a privacy policy and terms of service to complete the setup of the TV.

‘Consumers have to click yes to Google agreements, even if they don’t plan to connect to the internet. That could be a frustrating thing to discover only after you’d bought the big-screen TV at the store, lugged it home, and maybe mounted it to the wall.’

Samsung televisions were among those flagged as likely to be hacked. The company told Consumer Reports that it is looking into the issue, which could allow hackers to play graphic content on televisions thousands of miles away (file photo)

Samsung televisions were among those flagged as likely to be hacked. The company told Consumer Reports that it is looking into the issue, which could allow hackers to play graphic content on televisions thousands of miles away (file photo)

Sony told Consumer Reports: ‘If a customer has any concerns about sharing information with Google/Android [they] need not connect their smart TV to the Internet or to Android servers to use the device as a television.’

Consumer Reports found that the problem with turning down access to data collection is that many functions that make a television ‘smart’ disappear when you do so.

This can be irritating if you have paid for a TV based on its internet capability. 

DO SMART TV MAKERS HAVE TO HAVE YOUR PERMISSION TO ‘SPY’ ON YOU?

An analysis from Consumer Reports has described the amount of data smart TV manufacturers – and companies that work with them – can access about you and your family.

One of the television makers evaluated in the report, Vizio, has already been in trouble because of this trend.

In 2017 the company was sued by both state and federal regulators because it had not asked for users’ permission before gathering their data.

Vizio had to shell out $1.5million to settle a case brought against it by the Federal Trade Commission.

Television manufacturer Vizio has been sued for 'spying' on users. It had to shell out more than $2million between a federal and a state lawsuit last year (file photo)

Television manufacturer Vizio has been sued for ‘spying’ on users. It had to shell out more than $2million between a federal and a state lawsuit last year (file photo)

Additionally, it paid $700,000 to settle with the state of New Jersey.

The Federal Trade Commission has been clear about the fact that companies have to ask you before accessing your data.

Five television manufacturers were evaluated in the new Consumer Reports study: Vizio, TCL, Sony, LG and Samsung.

The report said that all of the companies were following this Federal Trade Commission rule.

‘Every smart TV we evaluated asked for permission to collect viewing data and other kinds of information,’ the report said.

Consumer Reports suggested being cautious when setting up your TV and making sure you understand what you are agreeing to.

The report pointed out that the data collection TV manufacturers – and their partners – are capable of goes beyond recommending a show based on your viewing habits.

These companies can access your location, specifics about the apps you click on and more.

‘Pay close attention during setup. There, you can agree to the basic privacy policy and terms of service,’ Consumer Reports said.

It recommended resetting your television to factory settings if you want to rethink what you have already agreed to. ‘Then, as you go through the setup process, say yes to the most basic privacy policies and terms of service, but don’t agree to the collection of viewing data.’

Technology privacy expert Justin Brookman said, ‘And, if you can’t figure it out, call customer support and make them walk you through it,’ suggesting a move that will also inform the maker of your television that you value your privacy.



Read more at DailyMail.co.uk