Hackers could potentially control millions of Roku Inc. streaming devices and Samsung Electronics smart TVs by exploiting "easy-to-find" security flaws, according to a study released by Consumer Reports on Feb 7.
Security researchers for the publication discovered what they deemed vulnerabilities that affect smart TVs made by Samsung, models made by TCL and other brands that use the Roku TV smart-TV platform, as well as streaming devices such as the Roku Ultra.
The security flaw does not allow hackers to spy on users or steal their information, the study said, but it does enable them to change channels, update volume settings and "play offensive content." These actions can be done over the web from thousands of miles away.
Consumer Reports also tested smart TVs from other well-known brands.
Responding to the findings in an emailed statement to S&P Global Market Intelligence on Feb. 7, Roku said there is no security risk to its customers' accounts or to its platform.
"Roku enables third-party developers to create remote control applications that consumers can use to control their Roku devices," the company said. "These applications are only accessible to those on a customer’s Wi-Fi, which we recommend consumers lock."
Roku maintained customers have the option to turn off this feature and "any characterization of this feature as a vulnerability is inaccurate."
A Samsung representative, in an email to S&P Global Market Intelligence on Feb. 7, said protecting consumer data is a top priority for the company and Samsung has been in contact with Consumer Reports and is evaluating the issues raised in its study.
"To ensure the security of any device, we continue to evaluate the feedback we receive on all of our connected products," the Samsung representative said.
