We've written in the past about Consumer Reports, as part of a broad privacy and security evaluation, has has found that millions of smart TVs are vulnerable to hackers and "raise privacy concerns by collecting very detailed information on their users.", and now
"We found that a relatively unsophisticated hacker could change channels, play offensive content or crank up the volume, which might be deeply unsettling to someone who didn't understand what was happening," Consumer Reports said. "This could be done over the web, from thousands of miles away."
The good news is these TVs' security vulnerabilities apparently won't allow hackers to spy on you or steal your information, according to Consumer Reports.
The report singled out Samsung, TCL and other Roku TVs as being vulnerable, but smart TVs from LG, Sony and Vizio were also evaluated. While they were cleared from a security standpoint, the testing found "that all these TVs raised privacy concerns by collecting very detailed information on their users."
Samsung told Consumer Reports it would update its API "as soon as technically feasible." In a rebuttal to the report, Roku said Consumer Reports got it wrong and that its users face no security risks.
"Roku enables third-party developers to create remote control applications that consumers can use to control their Roku products," Gary Ellison, vice president of trust engineering at Roku, wrote in a blog post. "This is achieved through the use of an open interface that Roku designed and published. There is no security risk to our customers' accounts or the Roku platform with the use of this API. In addition, consumers can turn off this feature on their Roku player or Roku TV by going to Settings > System > Advanced System Settings > External Control > Disabled."
Consumer Reports noted that consumers can limit the data collection from their TVs, "but they have to give up a lot of the TVs' functionality -- and know the right buttons to click and settings to look for."
Update, 10.32 a.m. ET: Added statement from Roku.