Roku, Samsung Smart TVs Have Easy-to-Exploit Vulernabilities -- Security Today

Roku, Samsung Smart TVs Have Easy-to-Exploit Vulernabilities

Consumer Report says its testing found that Roku devices and Samsung Smart TVs have security flaws that make them vulnerabilities to hackers.

By Sydny Shepard
Feb 09, 2018

The basics of Internet connected things is that they can be vulnerable to hackers, but a lot of the time IoT devices have safeguards in place to ensure that customers and users are safe from cybercriminals. Consumer Reports, however, has found that Roku devices and Samsung Smart TVs might be missing some of the most basic safeguards that keep them from being vulnerable.

The magazine reported that Roku devices and Samsung Smart TVs have easy-to-exploit security vulnerabilities according to some tests they carried out. They found that a relatively inexperienced hacker could change channels, play offensive content or turn up the volume from thousands of miles away.

Problems with security vulnerabilities, according to Consumer Reports, seems to be present in all Roku devices. The publication wrote about similar instances with the TCL TV model using the Roku system. They said hackers could get in by manipulating the application programming interface, or API, which allows developers to make their own products work on the Roku platform.

"To become a victim of a real-world attack, a TV user would need to be using a phone or laptop running on the same WiFi network as the television, and then visit a site or download a mobile app with malicious code. That could happen, for instance, if they were tricked into clicking on a link in a phishing email or if they visited a site containing an advertisement with the code embedded," according to the report.

In a blog post, Roku's Gary Ellison said the report mischaracterizes the features of the platform and that the programming interface can be turned off to avoid these kinds of attacks.

The Samsung vulnerability was harder to "spot" according to the report. "It could be exploited only if the user had previously employed a remote control app on a mobile device that works with the TV, and then opened the malicious webpage using that device."

Samsung told the publication it would evaluate the situation.

About the Author

Sydny Shepard is the Executive Editor of Campus Security & Life Safety.

Elite Educates Law Enforcement on Power of Public-Private Partnering
04/10/2025
Digimat S.p.A Selects DataKrypto’s FHEnom for Images™ to Enable Secure, High-Performance Processing of Encrypted Satellite Images
04/09/2025
Milestone Systems Acquires brigther AI
04/09/2025
Motorola Solutions to Acquire InVisit, Cloud-Based Visitor Management Solution Provider
04/08/2025
Axis Cloud Connect Marks One Year of Growth
04/02/2025
Hanwha Vision Delivers “Innovation Beyond Expectations” at ISC West 2025
04/02/2025
Genetec to Showcase Latest Innovations at ISC West 2025
04/02/2025
Milestone Systems Showcasing New Solutions at ISC West 2025
04/02/2025

Featured

2025 Security LeadHER Conference Program Announced

ASIS International and the Security Industry Association (SIA) – the leading membership associations for the security industry – have announced details for the 2025 Security LeadHER conference, a special event dedicated to advancing, connecting and empowering women in the security profession. The third annual Security LeadHER conference will be held Monday, June 9 – Tuesday, June 10, 2025, at the Detroit Marriott Renaissance Center in Detroit, Michigan. This carefully crafted program represents a comprehensive professional development opportunity for women in security this year. To view the full lineup at this year’s event, please visit securityleadher.org. Read Now
- Industry Events
Report: 82 Percent of Phishing Emails Used AI

KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management, today launched its Phishing Threat Trend Report, detailing key trends, new data, and threat intelligence insights surrounding phishing threats targeting organizations at the start of 2025. Read Now
- Cybersecurity
NRF Supports Federal Bill to Thwart Retail Crime

The National Retail Federation recently announced its support for the Combating Organized Retail Crime Act of 2025. The act was introduced by Chairman Chuck Grassley, R-Iowa, Senator Catherine Cortez Masto, D-Nev., and Representative Dave Joyce, R-Ohio. Read Now
- Retail Loss Prevention
ISC West 2025 Brings Almost 29,000 Industry Professionals to Las Vegas

ISC West 2025, organized by RX and in collaboration with the Security Industry Association, concluded at the Venetian Expo in Las Vegas last week. The nation’s leading comprehensive and converged security event attracted nearly 29,000 industry professionals and left a lasting impression on the global security community. Over five action-packed days, ISC West welcomed more than 19,000 attendees and featured 750 exhibiting brands. Read Now
- Industry Events
- ISC West
Tradeshow Work Can Be Fun

While at ISC West last week, I ran into numerous friends and associates all of which was a pleasant experience. The first question always seemed to be, “How many does this make for you?” Read Now
- Industry Events
- ISC West

Security Today eNews

Sign up today for essential industry news and product information that can help you stay afloat in the fast-paced world of security.

Email Address*Country*

Please type the letters/numbers you see above.

Digimat S.p.A Selects DataKrypto’s FHEnom for Images™ to Enable Secure, High-Performance Processing of Encrypted Satellite Images

Webinars

Whitepapers

New Products

Camden CM-221 Series Switches

Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.
Camden CV-7600 High Security Card Readers

Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.
ComNet CNGE6FX2TX4PoE

The ComNet cost-efficient CNGE6FX2TX4PoE is a six-port switch that offers four Gbps TX ports that support the IEEE802.3at standard and provide up to 30 watts of PoE to PDs. It also has a dedicated FX/TX combination port as well as a single FX SFP to act as an additional port or an uplink port, giving the user additional options in managing network traffic. The CNGE6FX2TX4PoE is designed for use in unconditioned environments and typically used in perimeter surveillance.