Skip to main content

Your Samsung or Roku smart TV could be vulnerable to hackers, but don’t panic

samsung roku tv remote control vulnerabilities tcl 50  1080p 50fs3800 smart led 2015
If your smart TV suddenly begins changing channels on its own, you might be sitting on the remote, or — according to a recent report from Consumer Reports — it could be a hacker. The publication tested multiple smart TVs and says it found vulnerabilities in some Samsung smart TVs as well as models powered by the Roku TV platform. Fortunately, while both could pose problems, neither vulnerability could allow an attacker access to any sensitive data like your credit card information.

In the case of Roku TV, Consumer Reports tested a TCL model (the specific model is not mentioned), but says that the vulnerability is present in other TVs. It says the Roku platform has a remote control API that is turned on by default, potentially allowing someone from thousands of miles away to change channels, adjust the volume, or play offensive content. In order for this to actually happen, you would need to be using a mobile device or laptop on the same network as the Roku device, then accidentally visit a malicious website or click a link in a phishing email, giving an attacker remote access to the system.

Related Videos

Roku, however, says that Consumer Reports is making a big deal out of something much smaller. In a blog post titled “Consumer Reports Got It Wrong,” Roku’s vice president of trust engineering, Gary Ellison, says that Consumer Reports’ take is a “mischaracterization of a feature,” and says that there is no security risk for customers. The post also mentions that if you want to be extra safe, you can turn this API off by setting Remote Control to “disabled” in the Advanced System Settings.

Additionally, a Roku representative told Digital Trends: “Roku takes security very seriously. There is no security risk to our customers’ accounts or to the Roku platform as stated by Consumer Reports.”

In the case of Samsung TVs, the vulnerability is very specific, and Consumer Reports says it was “harder to spot.” In this case, the user would have had to previously used a remote control app for the TV on a mobile device, then open a malicious website using that same device, giving an attacker remote control of the same features that the remote control app would have been able to control. Samsung says it plans to change this API to eliminate this vulnerability in a 2018 update. The company hasn’t given exact timing, but says the update will be released “as soon as technically feasible.”

In the meantime, this doesn’t seem to be enough of a reason to stay away from buying products from either of these companies. Samsung makes some very impressive TVs and the Roku Ultra remains our current top pick for the best streaming device available, continuing to add features and channels as time goes by.

Even so, this type of thing is always a concern, so we’ve reached out to both Roku and Samsung on this matter and will update this story as we receive the companies’ responses.

Update: Added response from Roku.

Editors' Recommendations

TV brightness wars: how bright does your TV need to be?
TV Brightness Wars

If you’re really into the latest TV tech, the fact that Samsung, LG, Sony, Philips, TCL, Hisense, and Vizio are all caught up in a TV brightness battle isn’t exactly news. But if you’re just getting into some TV research and you’re starting to read and hear about nits, and how this TV is brighter than that TV, and you’re getting this feeling that brightness is some sort of yardstick for how good a TV is, then you might rightly wonder: How bright is bright enough? How many nits do I need?

So, let’s talk about TV brightness – why it’s important, how important it really is, and when enough is enough – or if it ever will be.

Read more
Watch every MLS game for free this weekend on Apple TV
MLS Season Pass on a TV.

The 2023 MLS season finally is upon us, with 13 games on Saturday, February 25, and one more on Sunday, February 26. And you can watch every minute of any game this weekend — for free — as part of the inaugural matches on MLS Season Pass.

Some other matches also will be available free on Apple TV the weekends of March 4 and March 11.

Read more
T-Mobile customers can now get MLS Season Pass for free
MLS Season Pass on T-Mobile Tuesday app.

As was foretold, T-Mobile customers can now grab their free subscription to MLS Season Pass on Apple TV. It's part of the "T-Mobile Tuesdays" incentive that gives subscribers free stuff throughout the year, and the latest in a string of streaming-related freebies made available by the wireless provider.

All you'll need to make good on the promotion is a T-Mobile account and the T-Mobile Tuesday app. From there, you'll be prompted to redeem a unique code. Log in to your Apple account, use that unique code, and you're good t ogo.

Read more