Security risks have reportedly been found on Samsung and Roku smart TVs according to a new set of findings from Consumer Reports, which states that various TVs from both brands have been tested with multiple potential vulnerabilities and security issues having been discovered. It's also worth pointing out that Samsung and Roku were not the only brands tested and that the entire test was much more wide-spanning including LG, Sony, Vizio, TCL, Hisense, Hitachi, Insignia, and others. In addition to the larger collection of brands of TVs, the issues were found across the varying spread of platforms including the Roku platform, Android TV, Tizen, Chromecast, and WebOS.
In terms of the security risks, for TVs running on the Roku platform the issues has to do with the remote control API that essentially lets users control their TVs via the Roku app. It's also worth noting that for someone to exploit this vulnerability a few key things would have to be in place, such as the user having connected their smartphone to the same Wi-Fi network as the TV, and having downloaded an app or visited a website that contains malicious code. As for the vulnerability, the exploit could let hackers remotely control various elements of the TV. Examples of such elements would be adjusting the volume up or down, changing the channels, or launching content through YouTube that the viewer may not want to be displayed.
The exploit would not, however, let hackers obtain sensitive data or information from the TV, such as the channels being watched at the time. Taking this into consideration the exploit could be seen as more of a prank than anything else. A way to get around this, short of making sure you don't download any malicious apps or visit malicious websites, would be to disable the remote control feature in the Roku app settings, though this would also disable the ability for the use to use the phone as a remote for the TV. Samsung smart TVs more or less had the same type of problem in regards to what the exploit would allow but would need to be accessed in a different way than that of the TVs which run on the Roku platform, with the user needing to have installed and used an app that would work with the TV for remote control purposes and then have visited a malicious website from that phone. Samsung reportedly states that it would be sending out updates this year that would fix security issues that were discovered.