Consumer Reports has found that millions of smart TVs can be controlled by hackers exploiting easy-to-find security flaws. The problems affect Samsung televisions, along with models made by TCL and other brands that use the Roku TV smart-TV platform, as well as streaming devices such as the Roku Ultra. We found that a relatively unsophisticated hacker could change channels, play offensive content, or crank up the volume, which might be deeply unsettling to someone who didn’t understand what was happening. This could be done over the web, from thousands of miles away.
(These vulnerabilities would not allow a hacker to spy on the user or steal information.) The findings were part of a broad privacy and security evaluation, led by Consumer Reports, of smart TVs from top brands that also included LG, Sony, and Vizio. The testing also found that all these TVs raised privacy concerns by collecting very detailed information on their users. Consumers can limit the data collection.
But they have to give up a lot of the TVs’ functionality—and know the right buttons to click and settings to look for. This is the first time Consumer Reports has carried out a test based on our new, which was developed by CR and partner cybersecurity and privacy organizations to help set expectations for how manufacturers should handle privacy, security, and other digital rights. The goal is to educate consumers on their privacy and security options and to influence manufacturers to take these concerns into consideration when developing their products. “The Digital Standard can be used to evaluate many products that collect data and connect to the internet,” says Maria Rerecich, who oversees electronics testing at Consumer Reports.
“But smart TVs were a natural place to start. These sets are growing in popularity, and they can transmit a remarkable amount of information about their users back to the TV manufacturers and their business partners.”. Smart TVs represent the lion’s share of new televisions. According to market research firm IHS Markit, 69 percent of all new sets shipped in North America in 2017 were internet-capable, and the percentage is set to rise in 2018. Eighty-two million of these sets have already found their way to consumers. Internet connectivity brings a lot of appealing functionality to modern televisions—including the ability to through popular apps such as Hulu and Netflix, as well as to find content quickly using voice commands. But that functionality comes with substantial data collection.
Smart TVs can identify every show you watch using a technology called automatic content recognition, or ACR, which. That viewing information can be combined with other consumer information and used for targeted advertising, not only on your TV but also on mobile phones and computers. For instance, if you’re watching a particular sports event, you could see an online advertisement from a brand interested in reaching fans of that sport. In 2017 Vizio got in trouble with federal and state regulators for collecting this kind of data without users’ knowledge or consent. The company for $1.5 million and the state of New Jersey for $700,000. The FTC has now made it clear that companies need your permission before collecting viewing data—but consumers may not understand the details, says Justin Brookman, director of privacy and technology at Consumers Union, the policy and mobilization division of Consumer Reports.
“For years, consumers have had their behavior tracked when they’re online or using their smartphones,” Brookman says. “But I don’t think a lot of people expect their television to be watching what they do.” And manufacturers are aiming to make smart TVs the centerpiece of consumers’ increasingly connected homes. Companies such as LG and Samsung have recently shown off sets with built-in digital assistants that let you control other smart-home devices ranging from thermostats to security cameras to washing machines to smart speakers.
In a recent Consumer Reports subscriber survey of 38,000 smart-TV owners, 51 percent were at least somewhat worried about the privacy implications of smart TVs and 62 percent were at least somewhat worried about the sets’ security practices. We purchased five smart TVs from the most widely sold TV brands in the U.S. As we do for all products involved in, we bought our samples through regular retail outlets.
Each set we bought used a different smart-TV platform. Two of these were proprietary platforms. The incorporates the company’s Tizen system, and the uses LG’s webOS system. The other sets make use of smart-TV platforms that are incorporated into multiple brands.
The uses the Roku platform, which is also found in Hisense, Insignia, and other brands. The uses a version of Google’s Android TV, a platform also found in sets from LeEco and Sharp. And the we tested uses Chromecast, another Google platform. We didn’t incorporate our privacy and security findings into the Consumer Reports ratings of these televisions, and all these sets except the TCL are.
But Consumer Reports is planning to include privacy and security test results in a number of products’ Overall Scores in the future. For our security assessment we worked with engineers at, which makes privacy-enhancing software for consumers and is one of CR’s partners in developing the Digital Standard. We conducted our privacy investigation in collaboration with both Disconnect and, another of our Digital Standard partners. (Like most websites, ConsumerReports.org collects user data. You can get the details on and our approach to privacy, including our policy positions,.).
Our security testing focused on whether basic security practices were being followed in the design of each television’s software. “We were just looking for good security practices,” Rerecich says. “Encryption of personal or sensitive data, protection from common vulnerabilities, that sort of thing.” We discovered flaws in sets from TCL and Samsung.
They allowed researchers to pump the volume from a whisper to blaring levels, rapidly cycle through channels, open disturbing YouTube content, or kick the TV off the WiFi network. The exploits didn’t let us extract information from the sets or monitor what was playing. The process was crude, like someone using a remote control with their eyes closed. But to a television viewer who didn’t know what was happening, it might feel creepy, as though an intruder were lurking nearby or spying on you through the set. The TCL vulnerability applies to devices running the Roku TV platform—including sets from other companies such Hisense, Hitachi, Insignia, Philips, RCA, and Sharp—as well as some of Roku’s own streaming media players, such as the Ultra. The problem we found involved the application programming interface, or API, the program that lets developers make their own products work with the Roku platform.
“Roku devices have a totally unsecured remote control API enabled by default,” says Eason Goodale, Disconnect’s lead engineer. “This means that even extremely unsophisticated hackers can take control of Rokus.
It’s less of a locked door and more of a see-through curtain next to a neon ‘We’re open!’ sign.” And, it turned out we weren’t the first to notice this: The unsecured API had been discussed in online programming forums since 2015. To become a victim of a real-world attack, a TV user would need to be using a phone or laptop running on the same WiFi network as the television, and then visit a site or download a mobile app with malicious code. That could happen, for instance, if they were tricked into clicking on a link in a phishing email or if they visited a site containing an advertisement with the code embedded. TCL referred us to Roku for questions about data collection and this vulnerability. A Roku spokeswoman said via email, “There is no security risk to our customers’ accounts or the Roku platform with the use of this API,” and pointed out that the External Control feature can be turned off in the settings. However, this will also disable control of the device through Roku’s own app.
The Samsung vulnerability was harder to spot, and it could be exploited only if the user had previously employed a remote control app on a mobile device that works with the TV, and then opened the malicious webpage using that device. “Samsung smart TVs attempt to ensure that only authorized applications can control the television,” Goodale of Disconnect says. “Unfortunately, the mechanism they use to ensure that applications have previously been authorized is flawed.
It’s as though once you unlocked your door, the door would never lock again.” In an emailed statement, Samsung said, “We appreciate Consumer Reports’ alerting us to their potential concern,” and that the company was still evaluating the issue. The company also said it would update the API to address other, less severe problems related to data security that CR uncovered. Those changes “will be in a 2018 update, with timing to be determined, but as soon as technically feasible,” the spokesman said. Every smart TV we evaluated asked for permission to collect viewing data and other kinds of information. But we found that it’s not always easy to understand what you’re agreeing to as you proceed through the setup process. And if you decline permissions, you can lose a surprising amount of functionality. In fact, one TV requires that you accept a broad privacy policy during setup before you can use the most basic, internet-free functions, such as watching TV using an antenna.
Here are some of the key findings. Oversharing by design. Race through your TV’s setup, agreeing to everything, and a constant stream of viewing data will be collected through automatic content recognition. The technology identifies every show you play on the TV—including cable, over-the-air broadcasts, streaming services, and even DVDs and Blu-ray discs—and sends the data to the TV maker or one of its business partners, or both. ACR helps the TV recommend other shows you might want to watch. But it’s also used for targeting ads to you and your family, and for other marketing purposes. And you can’t easily review or delete this data later.
Your data or your internet. You can limit data collection, but you’ll lose functionality. Specifically, if you pay close attention, you can turn off ACR monitoring while still agreeing to a set’s basic privacy policy. But that may keep you from getting recommendations (“You liked ‘Westworld.’ Have you checked out ‘Godless’?”) And even the basic privacy policies may ask for the right to collect information on your location, which streaming apps you click on, and more.
If you say no to these basic policies, the sets revert to old-fashioned dumb TVs: You can hook up a cable box or an antenna, but you won’t be able to stream anything from Amazon, Netflix, or other web-based services. All-or-nothing privacy policy. The Sony television was the only one that required you to agree to a privacy policy and terms of service to complete the setup of the TV.
The set uses Google’s Android TV platform, and consumers have to click yes to Google agreements, even if they don’t plan to connect to the internet. That could be a frustrating thing to discover only after you’d bought the big-screen TV at the store, lugged it home, and maybe mounted it to a wall. Even though you can’t skip the Google privacy policy, you can say no to the user agreements from Sony itself and from Samba TV, a provider of ACR technology. And, Sony said in an emailed statement, “If a customer has any concerns about sharing information with Google/Android they need not connect their smart TV to the Internet or to Android servers to use the device as a television, for example, using cable or over-the-air broadcast signals.”. You could just buy an old-fashioned “dumb” TV, without built-in streaming capabilities, but these are becoming harder to find.
Of the nearly 200 midsized and large sets in Consumer Reports’ ratings, only 16 aren’t smart TVs. And those are 2017 models—in 2018 we expect to see even fewer internet-free televisions.
If you do buy a new smart TV, decide whether you want to block the collection of viewing data. If so, pay close attention during setup. There, you can agree to the basic privacy policy and terms of service—which still triggers a significant amount of data collection—while declining ACR. And, if you already have a smart TV but would like to restrict data collection, you can do the following: Reset the TV to factory settings. Then, as you go through the setup process, say yes to the most basic privacy policies and terms of service but don’t agree to the collection of viewing data. Turn off ACR using the settings. These settings are typically buried three or four menus deep—but for you. “And,” Brookman says, “if you can't figure it out, call customer support and make them walk you through it.” That will have the added benefit of letting companies know that you care about your privacy.
Turn off the TV’s WiFi connection. Do this, though, and you essentially don’t have a smart TV anymore. You’ll need to add a separate streaming media device to get web-based content. And, you won’t be surprised to hear, those devices may have their own expansive data collection practices.
Editor's Note: An earlier version of this story incorrectly stated that Vizio settled a case about consumer viewing data with the FTC for $1.5 million and the state of New Jersey for $2.2 million. The settlement with New Jersey was for $700,000.
So I was going through some of the old unread feeds in my Google Reader and came across on Dialog’s MyTV service. Had heard of MyTV, but didn’t have a time to try this out earlier. I started off by sending an SMS saying ‘MYTV’ (w/o quotes) to 678. It replied me back with a link to download the MyTV app. Actually it was a link to an apk file, so you have to have ticked the Unknown Sources option in Applications Settings. (I’m talking about the android app here.) The MyTV app lists the available TV channels divided into several categories. The choice of channels isn’t commendable, but it included many of my personal favorites.
Simply select the channel you wish to play. If you haven’t subscribed to the particular package that channel belongs to already, it presents you with an options screen. The gold package, which lets you watch many local channels and a few int’l ones like Al Jazeera, costs Rs 3.33 per day or Rs 100 per month (plus taxes, of course). Once you subscribe to a package, you can watch any channel that belongs to the package before its expiration. To activate the Platinum package, you need to have activated the Gold package first.
You can also pay in a per-channel basis for the channels in this Platinum pack. A comprehensive list of the available channels and their charges can be found.
No data charges! You won’t be charged for the data you stream, contrary to what Mayu says in his post. I verified this from two different sources. All it costs you is what you pay to activate the relevant packages. Be wary though, the packages automatically renew after they’re expired.
If you don’t want this to happen, make sure you manually unsubscribe from each package in Settings before logging out. A little more than 1MB had been downloaded per minute during the streaming. The quality isn’t spectacular, but I guess it’s optimized for the mobile network, so that’s okay.
Here’s a low-quality, no-sound video of Cartoon Network being played on MyTV. Was too bored to create a better quality one. П˜› Mayu has uploaded his own vid in. 17 responses on “ Watch TV on the go with Dialog MyTV”. Is that good when you’re in a HSDPA coverage? I mean is the stream continuous, without interruptions?.
Nayana sri Hi, did customer care agent told you about there are no other fees? Cos the web site faq says different. See; ” If you activate MyTV service, Rs. 300 rental will be charged monthly and you have unlimited access (no usage charge) to all streaming content hosted by Dialog. If not a MyTV user, no monthly rental charge and standard usage charges (per kilobyte charge as per the activated data package) will apply for all streaming content.
” I couldn’t decide which to believe. We are talking about Dialog Telekom after all nuh 😉 Its impossible that they have offered something this cheap 🙂. Wingnut Dialog is one of the leading Mobile service provider in Sri-Lanka. I was really surprised at how low they stooped, they blatantly steal money. My story in short: After about a week of using Dialog MSP, I got a strange message from Gamesclub saying that I have been subscribed to their service and WILL be charged 20Rs daily + tax.
OK, 20 rupee is nothing BUT I never subscribed to any stupid games, they just subscribed me automatically. I found Gamesclub page on the Dialog’s official website and the only option to unsubscribe is to “To unsubscribe please visit and click on the Unsubscribe link.” The web address did not work. So they automatically subsribed me to some paid bullshit games service and left me no option to unsubscribe. I went to their office in Hikkaduwa and they unsubscribed me from Gamesclub.
A week later I got another message from “MYTV”: “You are subscribed to Gold Month Pack (auto-renewing) with 30 days validity. You will be charged 100.0 + tax” Needless to say I have never subscribed to any bullshit TV. I do not watch TV. So now I got ripped off 100 rupees + tax with autorebill. Again no valid option to unsubscribe! I went to their office again. I complained that I have been charged for a service I never subscribed to and have never used.
They unsubscribed me from MYTV but refused to return me the money they’ve charged. They told me that it must have been me subscribing and fogetting. Cmon guys I’m and IT specialist. Subscribed and forgot! GFO, to me this means stealing. Yet they accepted my complaint and said that if they find out that the subscription was automatic they will get my money back. Haha, Santa Claus is real too.
To me the only thing I can do is NOT TO KEEP ANY MONEY on my number. And post this scam report so people know the thieves. DO NOT KEEP any substantional money on your phone number. It will get stolen my Dialog. When you get subscribed, GO TO THEIR OFFICE AND COMPLAIN.
I can see their point though. A lot of tourists coume here for a week or two and buy local SIM. When they leave they just toss the SIM and forget about any remaining rupee. This money must seem safe for Dialog to take.
Hack Dialog Mega Run Play Clone With
They just subscribe you to some daily package which will eventually eat your money to zero and then they will block your number and resell it to someone else. Makes sense, right? If you have any question or want proof of any kind(I still have all the messages) just call.
Yet, as TV sets get thinner and picture quality gets better, there's a nagging problem that you can never seem to fix. The sound quality is terrible. Tip in a tip: You can buy speaker bars and surround sound but still struggle to hear dialogue.
You know how it goes. You're watching a blockbuster movie and the sound effects are truly impressive.
Explosions are super loud and thunderous. The background music elevates the action and enhances the humor, sadness and horror you're watching on screen. Unfortunately, the dialog takes a major hit.
Have you ever watched a movie or TV show and spent most of your time adjusting the sound? You can make it louder or quieter and it doesn't matter, you still can't make out what the actors are saying. We've got a solution that will enhance the sound quality of the movie or TV show you're watching while making it easier to hear the dialog, which will improve your TV watching experience. Our sponsor, won three prestigious awards for outstanding innovation and design at showstoppers during the 2016 Consumer Electronics Show (CES) in Las Vegas, and it was developed by Hollywood sound engineers in the former music studio of Crosby, Stills, Nash & Young singer-songwriter Graham Nash. How Aftermaster Pro works Aftermaster Pro fits in the palm of your hand.
It's small yet it dramatically improves your TV's sound with its patented technology. It works with your TV and cable TV box, streaming TV device, video game console or any detached device you use to watch TV. Once you've connected it, Aftermaster Pro automatically remasters the sound in real time.
It equalizes the audio without taking away any of the sound that the creators of the TV show or movie intended for you to hear. That is how some competing systems work - they diminish the original sound. Aftermaster Pro keeps all that original sound quality in place and then improves on it, so you can hear what the actors are saying. It improves sound in every frequency range.
How to set up Aftermaster Pro in a few seconds The best part about Aftermaster Pro is that you can set it up in a few seconds. All you need is the Aftermaster Pro and plug in the HDMI cable into your cable TV box, streaming device or video game console.
Aftermaster Pro works with the speakers you're already using. In about 60 seconds, Aftermaster Pro begins remastering the sound so, after years of struggling to hear the dialog, you can clearly hear every word the actors are saying! Do you have questions about Aftermaster Pro? Make any TV have amazing sound You love watching TV. You're a movie buff and you binge-watch shows on Netflix, HBO and on broadcast networks like ABC, CBS and NBC. We've got great news. Now, you can get crisp, clear sound without any of the muffled noises or overly loud explosions that can make TV night less fun.
The best part is its simple setup. It works with cable TV boxes, video game consoles and streaming TV devices.
To unscramble scrambled channels, you needed to have box known as “ digital TV unscramble box” which is illegal or not allowed to use in some countries. Thanks to advancement in technology, now you don’t need to have it. If your decoder has a Usb or memory card slot, you can upgrade its software to Unscramble all available Digital TV channels. This way you will be able to view over 100 TV & radio channels, all subscription free. After downloading this firmware, save the files to a usb flash disk or memory card.
Turn on the tv box and insert your usb disc. Using your tv box remote control, press menu and select software upgrade via usb A dialog will pop requiring you to confirm.
Press ok to confirm upgrade and wait for it to upgrade. (This process takes about two minutes to complete.) NB. You can also return your decoder to its factory or original settings any time if you wish. When upgrade completes, switch the box off and on again and perform an automatic scan and you will be amazed to see that all the channels that were previously marked with $, € or £ are now unbscrambled and accessible free of charge. Download firmware video procedure.