Skip to main content

Your Samsung or Roku smart TV could be vulnerable to hackers, but don’t panic

samsung roku tv remote control vulnerabilities tcl 50  1080p 50fs3800 smart led 2015
Image used with permission by copyright holder
If your smart TV suddenly begins changing channels on its own, you might be sitting on the remote, or — according to a recent report from Consumer Reports — it could be a hacker. The publication tested multiple smart TVs and says it found vulnerabilities in some Samsung smart TVs as well as models powered by the Roku TV platform. Fortunately, while both could pose problems, neither vulnerability could allow an attacker access to any sensitive data like your credit card information.

In the case of Roku TV, Consumer Reports tested a TCL model (the specific model is not mentioned), but says that the vulnerability is present in other TVs. It says the Roku platform has a remote control API that is turned on by default, potentially allowing someone from thousands of miles away to change channels, adjust the volume, or play offensive content. In order for this to actually happen, you would need to be using a mobile device or laptop on the same network as the Roku device, then accidentally visit a malicious website or click a link in a phishing email, giving an attacker remote access to the system.

Roku, however, says that Consumer Reports is making a big deal out of something much smaller. In a blog post titled “Consumer Reports Got It Wrong,” Roku’s vice president of trust engineering, Gary Ellison, says that Consumer Reports’ take is a “mischaracterization of a feature,” and says that there is no security risk for customers. The post also mentions that if you want to be extra safe, you can turn this API off by setting Remote Control to “disabled” in the Advanced System Settings.

Additionally, a Roku representative told Digital Trends: “Roku takes security very seriously. There is no security risk to our customers’ accounts or to the Roku platform as stated by Consumer Reports.”

In the case of Samsung TVs, the vulnerability is very specific, and Consumer Reports says it was “harder to spot.” In this case, the user would have had to previously used a remote control app for the TV on a mobile device, then open a malicious website using that same device, giving an attacker remote control of the same features that the remote control app would have been able to control. Samsung says it plans to change this API to eliminate this vulnerability in a 2018 update. The company hasn’t given exact timing, but says the update will be released “as soon as technically feasible.”

In the meantime, this doesn’t seem to be enough of a reason to stay away from buying products from either of these companies. Samsung makes some very impressive TVs and the Roku Ultra remains our current top pick for the best streaming device available, continuing to add features and channels as time goes by.

Even so, this type of thing is always a concern, so we’ve reached out to both Roku and Samsung on this matter and will update this story as we receive the companies’ responses.

Update: Added response from Roku.

Editors' Recommendations

Kris Wouk
Former Digital Trends Contributor
Kris Wouk is a tech writer, gadget reviewer, blogger, and whatever it's called when someone makes videos for the web. In his…
What is the Samsung Smart TV web browser?
A man watching the Samsung 75-inch Q84A in his living room.

If you have a Samsung TV, there’s an interesting feature that could save you some time: the ability to browse the internet right from your TV at any time with Samsung's native browser.

Hopping onto a browser on your TV often requires an additional device (like a set-top box or game console) or some type of screen mirroring. But with Samsung’s Tizen-powered TV web browser, you can go online immediately without any complex workarounds. That means it takes only seconds to look up scores, check acting histories, look for tips on games in Samsung's Gaming Hub, and more. Here’s everything you should know!
Samsung Smart TV web browser basics

Read more
What is a smart TV? Everything you need to know
vizio 65inch oled 4ktv deal best buy december 2020 tv 768x768

Smart TVs are everywhere. In fact, you'd be hard-pressed to find a TV on a store shelf these days that doesn't do clever things like play movies and TV shows from the latest streaming services while you ask it to do so with (gasp!) your voice through an intelligent voice assistant. Widgets and apps open up possibilities like gaming, weather, video calling, and smart home features that would make your old TV fear for the curb. 

But what makes a TV smart, and why should you care? Is it as simple as an internet connection and an operating system? If it's just a more direct route to streamers like Netflix and Disney+, then is that better or worse than my trusty Apple TV or Roku set-top box? Who makes smart TVs, and does it matter which I choose? We decided to weigh in on the matter.

Read more
How to watch Super Bowl 2022 on a Samsung Smart TV
A Samsung 8K TV in a living room.

It's that time of year again. You've got the biggest game in the NFL, and you've got your Samsung TV. All you need now is to know how to watch Super Bowl 2022 on your Samsung TV.

If you've done any searching for a new big-screen to ring in Super Bowl 2022, one brand that we're sure is dominating the ads of your browser is Samsung. Nestled comfortably in the top-five brands, Samsung Smart TVs are one of the best ways to experience any sporting event. Packed with industry-leading picture features and an intuitive streaming portal, you'll be hard-pressed to beat the way the Super Bowl looks and feels on a Samsung set.

Read more