After PCs and smartphones, now is the time for smart TVs to fall prey to hacking attacks and compromise the privacy of users. Well, we certainly don’t want it to happen, but that’s exactly the chilling reality which device testing expert Consumer Reports has unearthed in its assessment of smart TVs from top brands like Samsung, LG, TCL, and Sony to name a few.

Consumer Reports has revealed that not only the smart TVs are surprisingly easy to hack, they are also collecting an uncomfortably high amount of user data for manufacturers and their media partners.

Millions of smart TVs can be controlled by hackers exploiting easy-to-find security flaws. We found that a relatively unsophisticated hacker could change channels, play offensive content, or crank up the volume, which might be deeply unsettling to someone who didn’t understand what was happening. This could be done over the web, from thousands of miles away.

Findings That Raise Concern

As part of a large-scale security evaluation of smart TVs conducted by Consumer Reports, experts discovered that smart TVs from Samsung, LG, Sony, and Philips, as well as streaming devices like the Roku Ultra, are riddled with vulnerabilities that can be exploited with relative ease. One can remotely play with the volume and change channels on smart TV, open undesirable online content or cut off your smart TV’s WiFi connection, thus leaving it vulnerable to other problems or defects.

The security assessment, which was conducted in collaboration with Disconnect, also uncovered grave security flaws in Roku streaming devices, whose security measures were worryingly easy to bypass.

Roku devices have a totally unsecured remote control API enabled by default. This means that even extremely unsophisticated hackers can take control of Rokus. It’s less of a locked door and more of a see-through curtain next to a neon ‘We’re open!’ sign.

But it’s not just the major brands that have left the privacy doors ajar, because smart TVs from relatively less popular brands like Hisense, Hitachi, Insignia, and RCA too were found to be vulnerable to hacking attacks. All in all, smart TV brands, big and small, failed on parameters like basic security practices, data encryption measures and timely addressal of vulnerabilities.

What The Brands Had to Say?

A Roku spokesperson denied the security risks and claimed that “There is no security risk to our customers’ accounts or the Roku platform with the use of this API.” Samsung, on the other hand, promised to assess the potential flaws and fix them via an update later this year.

Sony’s approach to safeguarding user’s privacy was quite extreme, and they bluntly responded “If a customer has any concerns about sharing information with Google/Android [they] need not connect their smart TV to the Internet or to Android servers to use the device as a television, for example, using cable or over-the-air broadcast signals.”

Another Big Evil: Targeted Advertisements

But hacking is just one part of the problem. Another big issue is the vast amount of user data these smart TVs collect, which can be exploited by the content providers to push targeted ads by analyzing a user’s media consumption pattern.

But this problem is a tough nut to crack, primarily because during a Smart TV’s setup process, users agree to data collection for doling out recommendations and curating content for them. If they don’t agree with the terms, a lot of the functionality is stunted. Turning off location information access, for example, will cut the region-based content curation feature for the users. So, if you are into American or British TV shows, but aren’t based in either nation, you won’t get the content recommendations, or worst case scenario, you won’t have the access to such content at all.

So, Where Does This Leave The Consumers?

The first option would be to buy an old school TV without any streaming functionality or web-based features, but in an era of Netflix, such ‘antique’ TVs are becoming hard to find.

And what if you have already spent thousands on buying that brand new Smart TV?  Consumer Reports has recommended the following steps to tackle the concern:

  • Reset the Smart TV: You can factory reset your smart TV and re-sign the permissions by agreeing only to the core privacy policies and skipping the tenets that ask for user data collection.
  • Turning off the ACR Settings: The ACR (Automatic Content Recognition) option, which is employed in Smart TVs to identify the type of content consumed by users, can be turned off from the settings.
  • Disconnecting the Smart TV’s WiFi connection: This measure might sound a bit too extreme, as it will essentially transform your smart TV into a regular TV. And if you choose to proceed with the advice, you might have to use an external streaming device like a Chromecast to watch web-based content.