Skip to main content
  1. Home
  2. Audio / Video
  3. News

Your Samsung or Roku smart TV could be vulnerable to hackers, but don’t panic

By

samsung roku tv remote control vulnerabilities tcl 50 1080p 50fs3800 smart led 2015
If your smart TV suddenly begins changing channels on its own, you might be sitting on the remote, or — according to a recent report from Consumer Reports — it could be a hacker. The publication tested multiple smart TVs and says it found vulnerabilities in some Samsung smart TVs as well as models powered by the Roku TV platform. Fortunately, while both could pose problems, neither vulnerability could allow an attacker access to any sensitive data like your credit card information.

In the case of Roku TV, Consumer Reports tested a TCL model (the specific model is not mentioned), but says that the vulnerability is present in other TVs. It says the Roku platform has a remote control API that is turned on by default, potentially allowing someone from thousands of miles away to change channels, adjust the volume, or play offensive content. In order for this to actually happen, you would need to be using a mobile device or laptop on the same network as the Roku device, then accidentally visit a malicious website or click a link in a phishing email, giving an attacker remote access to the system.

Recommended Videos

Roku, however, says that Consumer Reports is making a big deal out of something much smaller. In a blog post titled “Consumer Reports Got It Wrong,” Roku’s vice president of trust engineering, Gary Ellison, says that Consumer Reports’ take is a “mischaracterization of a feature,” and says that there is no security risk for customers. The post also mentions that if you want to be extra safe, you can turn this API off by setting Remote Control to “disabled” in the Advanced System Settings.

Related

Additionally, a Roku representative told Digital Trends: “Roku takes security very seriously. There is no security risk to our customers’ accounts or to the Roku platform as stated by Consumer Reports.”

In the case of Samsung TVs, the vulnerability is very specific, and Consumer Reports says it was “harder to spot.” In this case, the user would have had to previously used a remote control app for the TV on a mobile device, then open a malicious website using that same device, giving an attacker remote control of the same features that the remote control app would have been able to control. Samsung says it plans to change this API to eliminate this vulnerability in a 2018 update. The company hasn’t given exact timing, but says the update will be released “as soon as technically feasible.”

In the meantime, this doesn’t seem to be enough of a reason to stay away from buying products from either of these companies. Samsung makes some very impressive TVs and the Roku Ultra remains our current top pick for the best streaming device available, continuing to add features and channels as time goes by.

Even so, this type of thing is always a concern, so we’ve reached out to both Roku and Samsung on this matter and will update this story as we receive the companies’ responses.

Update: Added response from Roku.

Editors’ Recommendations

Topics
Kris Wouk
Kris Wouk
Former Digital Trends Contributor
Kris Wouk is a tech writer, gadget reviewer, blogger, and whatever it's called when someone makes videos for the web. In his…
4 years of Fire TV Omni updates are good, and bad, and don’t matter
The Amazon Fire TV Omni Series.

If you purchase a new Amazon Fire TV Omni today, it'll receive software security updates through at least 2025. That's a reason to celebrate. Or lament. Or just not care at all. All three are valid responses to the idea of Amazon's first self-branded television getting four years of security updates.

Amazon Fire TV Omni | Unboxing, Setup, Impressions

Read more
Don’t let your cable company sell you a TV
X Class Xfinity TV

In a matter of weeks, Comcast is going to try to sell you a TV. I can understand if you might be tempted by the idea of no longer needing a cable box to get cable TV. But, I implore you: Don’t do it.

One exception: If you love your cable box -- and I mean if you really enjoy your cable box and its remote control and can’t imagine how you could ever watch TV without them -- then maybe go ahead and buy one of the TVs they’ll be hawking.

Read more
The Roku-YouTube-YouTube TV impasse isn’t over yet
YouTube TV on Roku.

It's been several months since Roku and YouTube TV reached a cease-fire in their dispute over ... well, over a few things. But it now looks like the war is heating back up.

To recap, Roku in April 2021 first announced that negotiations that would extend YouTube TV's availability on the Roku platform had broken down. In doing so, it said that "Roku cannot accept Google’s unfair terms as we believe they could harm our users." Exactly what those disputed terms are has been a little ambiguous. Roku has said it has to do with search results. Google calls any allegations baseless.

Read more