Your smart TV or streaming device could be exploited by hackers, according to a new report.
Consumer Reports says that Samsung TVs and Roku devices are particularly susceptible. It reports that even "unsophisticated" hackers could change channels, the volume, or even send offensive content to the device.
It says that "basic security practices" haven't been followed.
"Roku devices have a totally unsecured remote control API enabled by default," according to Eason Goodale, lead engineer of security firm Disconnect, which worked with Consumer Reports on the study.
"This means that even extremely unsophisticated hackers can take control of Rokus. It's less of a locked door and more of a see-through curtain next to a neon 'We're open!' sign."
Roku denies the accusation in a blog post titled Consumer Reports Got it Wrong.
It accuses Consumer Reports of a "mischaracterisation" of a feature. "We want to assure our customers that there is no security risk," wrote Roku VP Gary Ellison.
The Consumer Reports study also found that smart TVs made by LG, Sony, TCL and Vizio were sending a huge amount of viewer data to the manufacturers and their business partners. It claims that people rushing through the set-up process of their new TV ended up agreeing to share too much data: what it terms "oversharing by design".
Viewers were stuck in an 'all or nothing' situation, the report claims: either surrender all rights to your data, or have to go without useful features.
Source: Consumer Reports