Millions of smart TVs sitting in family living rooms are vulnerable to hackers taking control — and could be tracking the household’s personal viewing habits much more closely than their owners realize, according to a new Consumer Reports investigation.
The non-profit consumer product testing organization examined five of the top smart TVs on the market and found that in several of them, “a relatively unsophisticated hacker” could conduct remote hijinks like cranking the volume to a roar, knocking the TV off the Wi-Fi network, quickly changing channels or forcing it to play objectionable YouTube content.
The vulnerability was found in sets by Samsung, TCL, and devices using the Roku TV platform, which can include brands like Philips, RCA, Hisense, Hitachi, Insignia, and Sharp, along with some of Roku’s own streaming players.
Testing found the televisions were also constantly tracking what their owners were watching and relaying it back to the TV maker and/or its business partners, using a technology called ACR, or “automated content recognition.”
ACR helps the TV recommend other shows you might enjoy watching, but can also be used to target your families with advertising. The data can also be combined with other aspects of your personal information to help build profiles on your behavior that are sold to other marketers.
The smart TVs typically ask for users’ permission during initial setup to collect their viewing data, while also warning they may miss out on some functionality, like being told if they watch one show they may also enjoy another, if they decline. Unaware or impatient consumers may breeze through the setup without reading or understanding what they’re agreeing to.