TCL Roku TV 6

Roku Says ‘No Your Roku Can NOT Be Easily Hacked’

You may have woken up this morning to a flood of stories talking about how your Roku Player and Roku TV can be hacked! The truth is NO your TV cannot be easily hacked but a flood of stories would make you think it could happen.

According to Roku “Consumer Reports issued a report saying that Roku TVs and players are vulnerable to hacking.  This is a mischaracterization of a feature. It is unfortunate that the feature was reported in this way. We want to assure our customers that there is no security risk.” So is there a reason to worry? Lets take a look at what Consumers Reports and Roku have to say.

The first major claim by Consumer Reports is that Automatic Content Recognition (ACR) can be used to easily take over a TV. What is Automatic Content Recognition? Well in short ACR allows your TV to see what you are watching and recommend content to you. Roku uses this to let owners of their Roku TVs use More Ways to Watch a system that pops up and will let you find similar shows or show you how to watch the next episode of the show streaming on Hulu for example.

According to Consumer reports ACR could be used to push you ads for other shows and movies but as Roku says that is the reason behind ACR. Not only is that why ACR was made it is an opt-in feature you have to manually enable to use. So yes ACR will show you recommendations for more ways to watch a show you are currently using, but that is what the feature is designed to do.

According to Roku “More Ways to Watch, which uses ACR, is not enabled by default on Roku TVs. Consumers must activate it. And if they choose to use the feature it can be disabled at any time.  To disable consumers have to uncheck Settings > Privacy > Smart TV experience > Use info from TV inputs.” So if you are worried hackers may someday find some way to take advantage of this you can easily turn it off if you had opted in to use it.

The other way Consumer Reports says your Roku TV can be hacked is through the External Control option. According to Consumer Reports they were able to take over complete remote control of the TVs from Samsung and TCL’s branded Roku TV, which included changing channels, upping the volume, installing new apps and playing objectionable content from YouTube. How could they do this? Well by using the Roku App’s remote control feature on Android or iOS. This feature lets anyone on the same WiFi network use their phone or tablet as a remote for their TV.

According to Roku “There is no security risk to our customers’ accounts or the Roku platform with the use of this API.” Yet if you are still worried Roku says “In addition, consumers can turn off this feature on their Roku player or Roku TV by going to Settings>System>Advanced System Settings>External Control>Disabled.”

So in short no your TV is not easily hacked these features are built into your Roku TV have to be turned on and all can be easily turned off. To “hack” your Roku or Roku TV someone would need to know your WiFi network password and be physically close enough to connect to your WiFi network. So we as always suggest using strong passwords on your WiFi network.

Roku ended their rebuttal by saying ““Roku takes security very seriously. There is no security risk to our customers’ accounts or to the Roku platform as stated by Consumer Reports.”

Please follow us on Facebook and Twitter for more news, tips, and reviews.

Need cord cutting tech support? Join our Cord Cutting Tech Support Facebook Group for help.


4 Responses to Roku Says ‘No Your Roku Can NOT Be Easily Hacked’

  1. Maelish February 7, 2018 at 9:42 am #

    I think it’s smart to say “not easily hacked” in your title. Companies often tout their security right before a failure. Let’s just keep our fingers crossed.

  2. mark pettigrew February 7, 2018 at 11:56 am #

    CR is either seriously desperate for traffic to their site and exploiting the explosive growth if the cord cutting community, or they’re really naive conspiracy theorists.

    From their own story…

    “To become a victim of a real-world attack, a TV user would need to be using a phone or laptop running on the same WiFi network as the television, and then visit a site or download a mobile app with malicious code. That could happen, for instance, if they were tricked into clicking on a link in a phishing email or if they visited a site containing an advertisement with the code embedded.”

    “The exploits didn’t let us extract information from the sets or monitor what was playing. The process was crude, like someone using a remote control with their eyes closed.”

    Instead of defaming Roku for clickbait, they should encourage consumers to not be stupid and leave networks open, use simple passwords, share those passwords with miscreants, or browse sites hawking pirated content!

    A little personal responsibility goes a long way! Irresponsible people can produce unwanted results from good things. (Tide pod challenge anyone?)

  3. Michael Smith February 7, 2018 at 12:17 pm #

    The only completely secure computing device is one that isn’t powered on or connected to any network. But CR was really reaching on this one. If someone hacked your WiFi you’ve got much bigger concerns than playing questionable content on the YouTube channel of your tv…

  4. Lynn Sanders February 8, 2018 at 11:06 am #

    CR’s message could be applied to any IOT’s devices in a home of a person who hasn’t set up a secure home WiFi network. Personal Responsibility is called for her to first make sure your home WiFi is secure then set up devices. If you don’t take that step, you’re Roku is the least of your worries when it comes to being hacked 😉 CR’s is in a way slandering Roku’s image by posting such a damaging report that indicates false issues on the side of the Roku. Maybe Roku should sue CR’s?