Skip to main content

Your Samsung or Roku smart TV could be vulnerable to hackers, but don’t panic

samsung roku tv remote control vulnerabilities tcl 50  1080p 50fs3800 smart led 2015
Image used with permission by copyright holder
If your smart TV suddenly begins changing channels on its own, you might be sitting on the remote, or — according to a recent report from Consumer Reports — it could be a hacker. The publication tested multiple smart TVs and says it found vulnerabilities in some Samsung smart TVs as well as models powered by the Roku TV platform. Fortunately, while both could pose problems, neither vulnerability could allow an attacker access to any sensitive data like your credit card information.

In the case of Roku TV, Consumer Reports tested a TCL model (the specific model is not mentioned), but says that the vulnerability is present in other TVs. It says the Roku platform has a remote control API that is turned on by default, potentially allowing someone from thousands of miles away to change channels, adjust the volume, or play offensive content. In order for this to actually happen, you would need to be using a mobile device or laptop on the same network as the Roku device, then accidentally visit a malicious website or click a link in a phishing email, giving an attacker remote access to the system.

Roku, however, says that Consumer Reports is making a big deal out of something much smaller. In a blog post titled “Consumer Reports Got It Wrong,” Roku’s vice president of trust engineering, Gary Ellison, says that Consumer Reports’ take is a “mischaracterization of a feature,” and says that there is no security risk for customers. The post also mentions that if you want to be extra safe, you can turn this API off by setting Remote Control to “disabled” in the Advanced System Settings.

Additionally, a Roku representative told Digital Trends: “Roku takes security very seriously. There is no security risk to our customers’ accounts or to the Roku platform as stated by Consumer Reports.”

In the case of Samsung TVs, the vulnerability is very specific, and Consumer Reports says it was “harder to spot.” In this case, the user would have had to previously used a remote control app for the TV on a mobile device, then open a malicious website using that same device, giving an attacker remote control of the same features that the remote control app would have been able to control. Samsung says it plans to change this API to eliminate this vulnerability in a 2018 update. The company hasn’t given exact timing, but says the update will be released “as soon as technically feasible.”

In the meantime, this doesn’t seem to be enough of a reason to stay away from buying products from either of these companies. Samsung makes some very impressive TVs and the Roku Ultra remains our current top pick for the best streaming device available, continuing to add features and channels as time goes by.

Even so, this type of thing is always a concern, so we’ve reached out to both Roku and Samsung on this matter and will update this story as we receive the companies’ responses.

Update: Added response from Roku.

Kris Wouk
Former Digital Trends Contributor
Kris Wouk is a tech writer, gadget reviewer, blogger, and whatever it's called when someone makes videos for the web. In his…
This game lets hackers attack your PC, and you don’t even need to play it
Genshin Impact characters.

Hackers have been abusing the anti-cheat system in a massively popular game, and you don't even need to have it installed on your computer to be affected.

The game in question is called Genshin Impact, and according to a new report, hackers are able to utilize the game's anti-cheat measures in order to disable antivirus programs on the target machine. From there, they're free to conduct ransomware attacks and take control of the device.

Read more
What is the Samsung Smart TV web browser?
A man watching the Samsung 75-inch Q84A in his living room.

If you have a Samsung TV, there’s an interesting feature that could save you some time: the ability to browse the internet right from your TV at any time with Samsung's native browser.

Hopping onto a browser on your TV often requires an additional device (like a set-top box or game console) or some type of screen mirroring. But with Samsung’s Tizen-powered TV web browser, you can go online immediately without any complex workarounds. That means it takes only seconds to look up scores, check acting histories, look for tips on games in Samsung's Gaming Hub, and more. Here’s everything you should know!
Samsung Smart TV web browser basics

Read more
What is a smart TV? Everything you need to know
vizio 65inch oled 4ktv deal best buy december 2020 tv 768x768

Smart TVs are everywhere. In fact, you'd be hard-pressed to find a TV on a store shelf these days that doesn't do clever things like play movies and TV shows from the latest streaming services while you ask it to do so with (gasp!) your voice through an intelligent voice assistant. Widgets and apps open up possibilities like gaming, weather, video calling, and smart home features that would make your old TV fear for the curb. 

But what makes a TV smart, and why should you care? Is it as simple as an internet connection and an operating system? If it's just a more direct route to streamers like Netflix and Disney+, then is that better or worse than my trusty Apple TV or Roku set-top box? Who makes smart TVs, and does it matter which I choose? We decided to weigh in on the matter.

Read more