Your Samsung or Roku smart TV could be vulnerable to hackers, but don’t panic

samsung roku tv remote control vulnerabilities tcl 50  1080p 50fs3800 smart led 2015
If your smart TV suddenly begins changing channels on its own, you might be sitting on the remote, or — according to a recent report from Consumer Reports — it could be a hacker. The publication tested multiple smart TVs and says it found vulnerabilities in some Samsung smart TVs as well as models powered by the Roku TV platform. Fortunately, while both could pose problems, neither vulnerability could allow an attacker access to any sensitive data like your credit card information.

In the case of Roku TV, Consumer Reports tested a TCL model (the specific model is not mentioned), but says that the vulnerability is present in other TVs. It says the Roku platform has a remote control API that is turned on by default, potentially allowing someone from thousands of miles away to change channels, adjust the volume, or play offensive content. In order for this to actually happen, you would need to be using a mobile device or laptop on the same network as the Roku device, then accidentally visit a malicious website or click a link in a phishing email, giving an attacker remote access to the system.

Roku, however, says that Consumer Reports is making a big deal out of something much smaller. In a blog post titled “Consumer Reports Got It Wrong,” Roku’s vice president of trust engineering, Gary Ellison, says that Consumer Reports’ take is a “mischaracterization of a feature,” and says that there is no security risk for customers. The post also mentions that if you want to be extra safe, you can turn this API off by setting Remote Control to “disabled” in the Advanced System Settings.

Additionally, a Roku representative told Digital Trends: “Roku takes security very seriously. There is no security risk to our customers’ accounts or to the Roku platform as stated by Consumer Reports.”

In the case of Samsung TVs, the vulnerability is very specific, and Consumer Reports says it was “harder to spot.” In this case, the user would have had to previously used a remote control app for the TV on a mobile device, then open a malicious website using that same device, giving an attacker remote control of the same features that the remote control app would have been able to control. Samsung says it plans to change this API to eliminate this vulnerability in a 2018 update. The company hasn’t given exact timing, but says the update will be released “as soon as technically feasible.”

In the meantime, this doesn’t seem to be enough of a reason to stay away from buying products from either of these companies. Samsung makes some very impressive TVs and the Roku Ultra remains our current top pick for the best streaming device available, continuing to add features and channels as time goes by.

Even so, this type of thing is always a concern, so we’ve reached out to both Roku and Samsung on this matter and will update this story as we receive the companies’ responses.

Update: Added response from Roku.

Product Review

Hisense’s new H8E 4K TV serves up a pretty picture at a very nice price

Budget TVs continue to get more attractive and that includes the latest from Chinese TV maker Hisense. The company’s new H8E, which offers 4K resolution, HDR, and a slick design for well under $500.

Here are the best 4K TV deals for November 2018

There's no doubt that a good 4K smart TV is the best way to take your home entertainment setup to the next level to enjoy all your favorite shows, movies, and games in glorious Ultra HD. We've got the best 4K TV deals right here.
Home Theater

Google Chromecast and Chromecast Ultra: Everything you need to know

Google's Chromecast plugs into your TV's HDMI port, allowing you to stream content from your tablet, laptop, or smartphone directly to your TV. Here's what you need to know about all iterations, including the 4K-ready Chromecast Ultra.

Hacker finds Steam bug that unlocks free games, collects $20K for reporting it

Security researcher Artem Moskowsky discovered a Steam bug that allowed him to generate infinite free keys for any game. Instead of abusing the exploit, Moskowsky reported it to Valve, which gave him a $20,000 reward.
Movies & TV

The best shows on Netflix, from 'The Haunting of Hill House’ to ‘The Good Place’

Looking for a new show to binge? Lucky for you, we've curated a list of the best shows on Netflix, whether you're a fan of outlandish anime, dramatic period pieces, or shows that leave you questioning what lies beyond.
Home Theater

The best movies on Netflix in November, from 'Buster Scruggs’ to ‘Dracula’

Save yourself from hours wasted scrolling through Netflix's massive library by checking out our picks for the streamer's best movies available right now, whether you're into explosive action, witty humor, or anything else.
Emerging Tech

Awesome Tech You Can’t Buy Yet: A.I. selfie drones, ‘invisible’ wireless chargers

Check out our roundup of the best new crowdfunding projects and product announcements that hit the web this week. You may not be able to buy this stuff yet, but it sure is fun to gawk!
Movies & TV

Out of movies to binge? Our staff picks the best flicks on Hulu right now

From classics to blockbusters, Hulu offers some great films to its subscribers. Check out the best movies on Hulu, whether you're into charming adventure tales or gruesome horror stories.
Movies & TV

Stay inside this fall with the best shows on Hulu, including 'Castle Rock'

It's often overwhelming to navigate Hulu's robust library of TV shows. To help, we've put together a list of the best shows on Hulu, whether you're into frenetic cartoons, intelligent dramas, or anything in between.

Cyber Monday 2018: When it takes place and where to find the best deals

Cyber Monday is still a ways off, but it's never too early to start planning ahead. With so many different deals to choose from during one of the biggest shopping holidays of the year, going in with a little know-how makes all the…
Movies & TV

The best new movie trailers: ‘Alita: Battle Angel,’ ‘Detective Pikachu,’ and more

Everyone loves a good trailer, but keeping up with what's new isn't easy. That's why we round up the best ones for you. This week, it's new trailers for cyberpunk adventure Alita: Battle Angel, game adaptation Pokémon Detective Pikachu…

All the best Target Black Friday deals for 2018

The mega-retailer opens its doors to the most competitive shoppers at 6 p.m. on Thursday, November 22, and signs indicate that the retailer means business this year. We've sifted through all of the deals, from consumer electronics to small…
Movies & TV

Best new shows and movies to stream: The Coen brothers ride again and more

Need something to watch this weekend? Check out our list of the best new shows and movies to stream right now. On the list this week: The Ballad of Buster Scruggs, Pacific Rim: Uprising, Nnarcos: Mexico, and more.
Movies & TV

The best movies on Amazon Prime right now (November 2018)

Prime Video provides subscribers with access to a host of fantastic films, but sorting through the catalog can be an undertaking. Luckily, we've done the work for you. Here are the best movies on Amazon Prime Video right now.