Skip to main content

Digital Trends may earn a commission when you buy through links on our site. Why trust us?

Why are current smart TVs still dumb enough to be hacked?

“Scanning your computer for malware viruses is important to keep it running smoothly. This also is true for your QLED TV if it’s connected to Wi-Fi!”

On June 17, this seemingly helpful tip shared by Samsung’s USA support account on Twitter touched off a massive reaction among the tech press and consumers alike: Virus scans on a TV? Sadly, the threat is very real, and many of us have simply chosen to ignore it. Samsung deleted the tweet hours after it was sent out, but the fact remains: Our smart TVs aren’t doing enough to protect us from potentially malicious attacks that could compromise our security and plunder our personal data. Here’s what you need to know to keep yourself as safe as possible.

Can smart TVs be hacked into?

In short, yes. The fact is that any device that is connected to the internet, or even just to your home router over Wi-Fi, is at risk of being accessed by an intruder. We tend to forget that smart TVs are actually powerful computers packing more capable processors than the ones smartphones had five years ago.

Chris Raymond/Digital Trends

That power, which is key to delivering the incredible audio, video, and streaming content we’ve become accustomed to, is also what makes these devices an ideal target for hackers. Once they have access to them, smart TVs can become a launchpad for spreading viruses to the rest of your network and potentially compromising the information on computers, smartphones, tablets, etc. At the moment, the ability to reach out to other devices from a TV is merely a byproduct of how all connected devices in your home share a common network, but Samsung’s planned Remote Access feature is actually designed to let you control a smartphone or a computer from your smart TV, which would create an even more tempting treasure box for digital thieves.

Is my TV at risk of being hacked?

If you’ve purchased a new TV at any point in the last three to four years, you probably own a smart TV. In Consumer Reports’ current TV ratings, of the 225 TVs with a screen size of 39 inches or larger, only 10 models aren’t smart TVs. If your TV is a smart TV, and you’ve connected it to your home router via Wi-Fi or Ethernet (and thus the internet), your TV is at risk. Shockingly, one recent proof of concept revealed that some smart TVs can be hacked even if they have no internet access at all.

How can we reduce the risk?

Smart TVs, like all internet-connected devices, run on software. It’s rare that a company will have discovered all of the possible security vulnerabilities in that software when a product goes on sale, so software updates are the standard way of patching these weaknesses as they’re discovered.

Your smart TV may only get one or two updates over its lifetime, if any, which over the course of a 10- to 15-year life span is insufficient.

“People should expect that the product they buy will be updated,” said Justin Brookman, director of privacy and technology policy at Consumer Reports. But software updates are problematic. Staying on top of these updates costs manufacturers money that must be spent long after the product in question has been sold, eating away at profits. A company with a broad range of connected devices, each with its own slightly different version of that software, has even greater costs than those with a relatively homogenous product line. The result: Unlike the operating system for your laptop, your smart TV may only get one or two updates over its lifetime, if any, which over the course of a 10- to 15-year life span is insufficient.

Then there’s the question of update installation. Computer users have rightfully insisted that they be able to choose whether or not to install a software update. An update that causes incompatibility issues with installed third-party software could be disastrous. Unfortunately, this cautious, user-driven approach to updates has carried over into the world of connected devices like smart TVs. But people just don’t think about their TVs as something that needs to be updated, so those updates don’t always happen.

LG TV Automatic Updates
Some manufacturers offer the option to enable automatic updates. LG

“When it comes to smart TVs,” said Casey Ellis, a cybersecurity expert, and founder of Bugcrowd, “these sorts of processes need to be transparent to the user. You can’t assume that my grandma is going to understand that there’s a threat.”

Brookman agrees. “Updates should really be done automatically, without the need for human intervention,” he said, pointing out that the same should be true of virus scans if a TV is equipped with such a tool, as is the case with Samsung Tizen-based smart TVs. Some TVs install updates automatically by default, but even Sony recommends that you check periodically to make sure you’re running the latest version of its software — just in case it discovers another bug that could let an outsider gain complete control over your TV.

What’s the worst that could happen?

In 2013, when we reported on a series of potential exploits, from making laser printers overheat to spoiling all the food in a connected refrigerator, a personal computer or smartphone were still the most “personal” devices in our homes. One year later, Amazon’s Alexa burst onto the scene, heralding a new era where digital assistants could exert tremendous control over our technology and our data. Smart TVs are now the latest devices to feature Alexa and Google Assistant built-in, with TV manufacturers starting to position the TV as a potential control center for your entire home. No longer a mere jumping-off point, TVs could become the main focus for hackers.

Just because we haven’t learned of any serious intrusions into smart TVs, doesn’t mean it hasn’t happened.

Now it’s true that there have been very few reported incidents of people’s TVs being hacked. Most of the stories you’ll find are all about weaknesses that researchers have discovered that could theoretically be used as a way to break into your devices. But keep in mind, many of the biggest data thefts at organizations like Sony, Starwood Hotels, and Yahoo were all discovered after the fact. In the most egregious cases, hackers had access to these groups for years before they were finally caught. Just because we haven’t learned of any serious intrusions into smart TVs, doesn’t mean it hasn’t happened.

In 2017, Wikileaks revealed that the CIA had developed software under the code name “Weeping Angel,” which was designed to make specific models of Samsung smart TVs appear to be fully asleep, while the built-in webcam and mic were kept on and used to record anything that happened in the room. The vulnerabilities that were exploited by Weeping Angel have since been patched, but it’s a stark reminder of how valuable our smart TVs are to those who would do us harm.

What are manufacturers doing to stop hackers?

We posed this question to representatives of several major manufacturers including Sony, Samsung, LG, Vizio, Roku, Apple, and Amazon. We also asked how each company communicates with its users in the event of serious security threats or concerns. What we got was a highly varied set of responses, which show that the smart TV industry still has a long way to go in terms of standardizing its approach to these issues.

Sony: Sony, which uses Google’s Android TV software for all of its current smart TVs, relies heavily on Google’s Play Store to provide protection from malware by scanning apps both before and after they’re installed on the TVs. For users who choose to load apps via USB, Sony provides security software known as “ESET,” which can be downloaded for free. Curiously, when asked about Sony’s non-Android TV products, the response was, “with regard to TVs that are not Android, the TV does not have the capability to install apps.” While this may be true, installing a malicious app is not the only way a smart TV can be compromised. Sony updates its support website with relevant issues and does not notify its customers directly.

Amazon: Amazon told us that it provides automatic security updates to customers who use the Fire TV platform. These don’t require any user action to be installed. It did not offer any details about how or if it informs customers about security concerns.

Apple: Apple told us that its Apple TV 4K, Apple TV HD, and 3rd-gen Apple TVs all receive regular software updates, though these are not automatically installed unless you select automatic updates from their respective settings menus. Apple’s security protocols extend to the App Store too, and each app is verified by Apple before it is made available for download.

LG: Declined our request

Vizio: Declined our request

Samsung: Samsung only commented on how it handles user privacy.

Unfortunately, not all smart TV makers are as diligent as these brands when it comes to software updates. “The really cheap vendors do tend to have a worse track record when it comes to identifying exploitable issues on their systems,” Ellis said.

So what happens when the maker of your smart TV or set-top box doesn’t patch its product to deal with a potential threat? “At present, there are no laws that hold a smart TV manufacturer liable for invasions of privacy due to malware,” said David Reischer, an attorney and the CEO of, which means a lawsuit would be your only recourse — and it would be far from a slam dunk. “Any lawyer can bring a class-action lawsuit for a manufacturer failing to protect consumers against a known security vulnerability. The issue of proving damages may, however, be difficult.”

What Samsung Is Doing to Keep Your Smart TV Secure
Samsung detailed their “Three Stage Model Security Solution” in a 2017 press release. Samsung

Over time, it may get easier to identify the brands that do the most to protect consumers. The Digital Standard is a new, open-source initiative backed by Consumer Reports that seeks to create an independent rating system that can be applied to consumer software, digital platforms and services, and Internet-connected products.

What should I be doing to keep my smart TV from being hacked?

The simplest way to keep yourself safe may require giving up a few of the bells and whistles of your shiny new TV. “Does your TV need to be connected to the Internet?” asked Ellis. “When you switch one of these things on, it encourages you to do that, and you’re probably going to do what it says.” Ellis encourages people to think hard about that choice: “What benefit do I get from that? Is this something I really need? Does this introduce risk into my home?”

If you decide that the rewards of being connected to the internet outweigh the risks, staying on top of software updates — as annoying as it may be — is your best bet in terms of keeping your smart TV as secure as possible. If your TV doesn’t get many updates, or worse, if it’s never received an update that you’re aware of, you might want to consider outsourcing its “smart” features to a more trustworthy device — preferably one that has an approach to security that you understand.

Despite the negative reaction toward Samsung’s awkward virus scan tweet, Ellis thinks the company deserves credit for raising awareness of the reality surrounding smart TVs. “It’s almost admirable,” he said, “because they know that there’s a threat that exists within a person’s home and they’re trying to enable users to do something about reducing that risk.”

What about my privacy?

Those seeking access to your devices are by far the biggest threat, but they aren’t the only area of concern when it comes to smart TVs and set-top boxes. Your personal data, like the shows and movies you watch, is a potential treasure trove for manufacturers, or anyone else who can collect it. In 2016, Vizio became the target of a Federal Trade Commission (FTC) investigation over its alleged collection of this data, which was reportedly happening without its customers’ awareness or consent and was then sold to advertisers. In California, a class-action lawsuit was launched against the company over the same practices. The resulting proposed settlement not only included a financial penalty but also forced Vizio to delete all collected data and give users a clear way to opt-out of such collection in the future.

“There is no standard default setting for consumers to consent (or not) to data sharing among smart TV manufacturers.”

That tendency — to minimize or obscure how a TV collects your personal data — prompted two senators in 2018 to call for an investigation by the FTC into these practices. The senators referenced the Vizio case in their letter to the FTC, but it was a New York Times article about Samba, a company that uses third-party software on several smart TV platforms to collect viewer data, that caught their attention. “Regrettably,” the senators wrote, “smart-TV users may not be aware of the extent to which their televisions are collecting sensitive information about their viewing habits.”

These cases highlight just how much smart TVs have changed the relationship between TV viewers and companies that seek to track their behavior. We asked the same manufacturers above about their data-collection activities, but their responses once again varied considerably.

Samsung told us that “before collecting any information from consumers, we always ask for their consent, and we make every effort to ensure that data is handled with the utmost care.” The company did not provide examples of how this consent is requested, but requiring users to agree to a privacy policy is a common method for doing so.

Sony told us that when users choose to use third-party apps on its smart TVs, Sony doesn’t collect that data (if any) for itself. It also confirmed that its own apps’ data-collection activities are covered by the respective privacy policies for each app, and for its TVs.

Amazon appears to give its users a good amount of control over their data, with new privacy settings that let users opt-out of four areas of data collection: Personalized ads, app-based data, device-usage data, and data monitoring.

Skynesher/Getty Images

In other words, regardless of which smart TV or set-top box you own, you will need to read the fine print very carefully to know what personal data you are agreeing to share, and explore the settings menus to see what your opt-out options are. “There have been efforts among privacy rights groups to standardize notice and consent data-sharing opt-in default settings,” Reischer said, “but as of yet, there is no standard default setting for consumers to consent (or not) to data sharing among smart TV manufacturers.”

Trouble is, it can be difficult, or even impossible to prevent this data collection entirely. Heading into your TV’s settings will reveal ways to opt-out of these programs, but sometimes doing so will disable certain features like curated TV show and movie recommendations, or even entire services. LG’s Channel Plus and Live Plus features, which give you access to free streaming content, require that data collection be allowed. If you withdraw permission, these apps will be disabled.

It’s still the Wild West

If you’ve now reached the conclusion that there are no standards in place around either smart TV security or data collection, you’re right. It’s very much the Wild West out there, which means you’re going to have to be your own best resource when it comes to safeguarding your data. The most important thing is to realize that a smart TV — or a set-top box — is a full-fledged internet-connected computer and as such, it’s potentially vulnerable to the same security exploits as your laptop or desktop.

Disconnecting it entirely from the internet remains one of the few things you can do to prevent hackers from accessing it, though this is obviously the thermonuclear option. Staying on top of software updates — ideally by turning on automatic updates if your device has such a setting — is the biggest step you can take if you still want to enjoy your TV’s  “smart” features.

Always read the terms and conditions you are agreeing to when using a smart TV or any of its included apps or services. In many cases, these terms include language that provides manufacturers with your data-collection consent, even if they haven’t asked for that consent clearly and specifically on its own.

Simon Cohen
Simon Cohen covers a variety of consumer technologies, but has a special interest in audio and video products, like spatial…
Prime Day QLED TV deals: Save over $1,000 on Samsung and more
The Samsung QN900C Neo QLED 8K TV in a living room.

There's always a lot of attention on TVs whenever there are shopping events, and for this year's Prime Day deals, we recommend going for a QLED TV. Our QLED TV versus OLED TV comparison highlights several reasons why you should buy from QLED TV deals, including better brightness, longer life spans, no risk of screen burn-ins, and lower costs based on price-per-inch of screen size. They're still not cheap though, which is why you wouldn't want to miss the QLED discounts from Prime Day TV deals.
The best QLED TV Prime Day deal
Samsung 65-inch QN900C Neo QLED 8K TV -- $3,800, was $5,000

If you've got the budget for it, we highly recommend going for the 65-inch Samsung QN900C Neo QLED 8K TV. It's our top pick in our roundup of the best 8K TVs, partly because of the next-level picture upscaling that's provided by its Neural Quantum Processor 8K that makes up for the fact that there's not much 8K content available right now. You're going to want to invest in this 8K TV because it also features Samsung's Neo QLED technology, which further elevates the amazing picture quality that you would expect from a QLED TV. The Samsung QN900C Neo QLED 8K TV also supports Dolby Atmos surround sound and Object Tracking Sound Pro for immersive audio, and it's powered by Samsung's Tizen operating system for access to all of the popular streaming services.

Read more
Samsung Galaxy Buds Pro 2 are over half off in early Prime Day deals
Samsung Galaxy Buds 2 Pro.

Have you been scouring Amazon for true wireless earbud deals? Well we found one that’s going to knock your music-listening socks off: For a limited time, you’ll be able to purchase the Samsung Galaxy Buds Pro 2 through Amazon and save anywhere from 26% to 57% overall. Samsung doesn’t mess around when it comes to earbuds, and since the Galaxy Buds 3 and Buds Pro 3 are due to hit shelves by month’s end, there’s never been a better time to invest in Samsung audio. 

Why you should buy the Samsung Galaxy Buds Pro 2
First and foremost, the Galaxy Buds Pro 2 are part of Samsung’s active noise canceling (ANC) lineup of wireless buds. These little guys use something called Intelligent Active Noise Cancellation to hone in on the frequencies we don’t want to hear, while enhancing others. Other brands usually call this Hybrid ANC, and it’s perfect for eliminating sounds like engine noise and HVAC systems, while amplifying close-quarters conversations. 

Read more
The 42-inch LG C3 OLED TV is down to $800 — today only

There's a short-term deal going on right now with what we consider to be one of the best TVs. It's the LG C3 OLED, and in this case, the 42-inch version of the TV. Until 1 a.m ET on Saturday you can get this TV for just $800, a savings of $200 off of the regular $1,000. That means you don't have a lot of time to evaluate, but there's still no need to rush into the deal uninformed. You can always tap the button below to see the deal and TV for yourself (and its 4.8 rating from real Best Buy customers) but you can keep reading to see our take, and real experiences, with the TV before rushing into making a decision.

Why you should buy the 42-inch LG C3 OLED
This is a TV with a 4K resolution, OLED display, HDR 10 for great colors, and a smooth 120Hz refresh rate that will make it just as good at playing games as it is for watching TV and movies. Customers appreciate it for its picture quality and, though it has been pointed out that it isn't as bright as the G3 model, they're also quite enamored by its brightness.

Read more