Samsung & Roku Smart TV’s Are Vulnerable To Pwnage Study Finds

Consumers Reports is running a story that claims that smart TV’s made by Samsung and Roku have security flaws in them that make them easy to pwn:

Consumer Reports has found that millions of smart TVs can be controlled by hackers exploiting easy-to-find security flaws. The problems affect Samsung televisions, along with models made by TCL and other brands that use the Roku TV smart-TV platform, as well as streaming devices such as the Roku Ultra. We found that a relatively unsophisticated hacker could change channels, play offensive content, or crank up the volume, which might be deeply unsettling to someone who didn’t understand what was happening. This could be done over the web, from thousands of miles away. (These vulnerabilities would not allow a hacker to spy on the user or steal information.) The findings were part of a broad privacy and security evaluation, led by Consumer Reports, of smart TVs from top brands that also included LG, Sony, and Vizio. The testing also found that all these TVs raised privacy concerns by collecting very detailed information on their users. Consumers can limit the data collection. But they have to give up a lot of the TVs’ functionality — and know the right buttons to click and settings to look for.

Well, that’s not good. And it reinforces why I will never have a smart TV in my home. Though I will admit that I do have a Roku device which I use frequently. But that’s likely not going to get disconnected anytime soon.

Having said that, Roku shot back at this report very quickly by saying that there’s no risk and giving details on how one can protect themselves. Which to me seems a bit counterintuitive seeing as there’s supposedly no risk according to the company. Samsung on the other hand had something different to say:

In an emailed statement, Samsung said, “We appreciate Consumer Reports’ alerting us to their potential concern,” and that the company was still evaluating the issue. The company also said it would update the API to address other, less severe problems related to data security that CR uncovered. Those changes “will be in a 2018 update, [with timing] to be determined, but as soon as technically feasible,” the spokesman said.

The bottom line is this. If you put anything on the Internet, your car, a light bulb, or whatever, it can get pwned by hackers. Thus before you put anything on the Internet, think long and hard about the risk that may present to you. Because this sort of thing isn’t going to go away anytime soon.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: