Product designer and researcher, formerly at Consumer Reports.
Consumer Reports found that Samsung and Roku Smart TVs were vulnerable to hacking through a web-based attack. Photo: Michael A. Smith
Over the past few years, the Digital Lab evaluated and test a number of products and services informed by criteria, indicators and testing processes from the Digital Standard. To bring more transparency to the Digital Standard, we are launching a series of case studies aimed to highlight examples that will help clarify:
Our next case study covers Consumer Reports’ work on Smart TVs.
First test scores: February 2018
Latest update on test scores: May 2020
Smart TVs can monitor watching behavior: Smart TVs are sets that connect to the internet, making it easy to stream videos from services such as Hulu and Netflix. Most smart TVs are equipped with “automated content recognition” (“ACR”) that scans images on viewers’ screens and identifies the content by comparing it to its own known videos, shows, and movies. In doing so, smart TVs can generate a detailed log of what consumers watch — often without clear notice or permission. In addition, consumers often cannot buy a TV that is not smart these days, thus making them more likely to be creeped on by their TV manufacturer.
Data sharing to advertising companies: Other researchers have found much the same thing. In one study, researchers at Northeastern University and Imperial College London looked at smart TVs and other internet-connected devices and found that many of them sent data to Amazon, Facebook, and Doubleclick, Google’s advertising business. Nearly all the TVs sent data to Netflix even if the app wasn’t installed or the owner hadn’t activated it.
Many channels to share more data: Another study, by researchers at Princeton and the University of Chicago, looked not at TVs but at two popular set-top streaming devices from Roku and Amazon Fire TV. More than 2,000 channels were offered, and the researchers found trackers on 69 percent of Roku channels and 89 percent of Amazon Fire TV channels. The numbers are likely to be the same for smart TVs that have Roku or Amazon platforms built in.
Potential hacks or security issues: The smart TV itself may be subject to hacks or other security issues due to the connected nature of the product. Consumers often don’t know about how much data is collected about them while they use their tv and they often don’t know how or if they can change how much they share. Additionally, consumers have no way of evaluating the security of their smart tv. As part of one of our first case studies under the Digital Standard, we looked to evaluate smart tvs in order to respond to these two concerns.
[Excerpts gathered from CR Article: How to Turn Off Smart TV Snooping Features]
Full testing: In February 2018, we performed our first ever tests on TVs using the Digital Standard. In 2020, we conducted another update on 2019 smart TVs in accordance with criteria of the Digital Standard. These generated new scores on the ratings site, incorporating data privacy and data security into our overall rating.
Qualitative interviews: In March 2020, we conducted a recent study with 16 volunteers around the country showing that people may not understand what information their TVs collect, or know about settings they can use to boost their privacy. The project was part of CR’s consumer experience and usability research program, in which we study how consumers interact with products to better inform our lab testing. In this case, a user-interface expert interviewed participants in an online environment as they clicked through screen shots taken from smart TV platforms. The participants helped us evaluate the type of smart TV platform they used at home, performing tasks such as finding privacy policies and the right settings for cutting down on data collection. Like laptops and smartphones, modern TVs collect consumer information, and the TVs come with privacy disclosures in their user agreements, which are typically displayed during the setup process. None of the volunteers in our study had read through an entire user agreement when they set up their TV.
Smart TV Digital Standard Test Protocol: Along with this, we published raw data from our Digital Standard testing including the workbook, test protocol, and test summary.
Consumer Reports Article: Samsung and Roku Smart TVs Vulnerable to Hacking, Consumer Reports Finds. This February 2018 report highlighted that our tests found that millions of smart TVs can be controlled by hackers exploiting easy to-find security flaws — this includes Samsung televisions, models made by TCL, and other brands that use the Roku TV smart-TV platform. Moreover, the TVs collect detailed information on their users, which raises privacy concerns.
Some key findings shared in the report include:
Overcollection by design. The platforms are designed for people to race through their TV’s setup, agreeing to everything, and a constant stream of viewing data will be collected through automatic content recognition. The technology identifies every show you play on the TV — including cable, over-the-air broadcasts, streaming services, and even DVDs and Blu-ray discs — and sends the data to the TV maker or one of its business partners, or both.
[Excerpts gathered from CR Article: Samsung and Roku Smart TVs Vulnerable to Hacking, Consumer Reports Finds]
This work incorporated several specific elements from the larger Digital Standard framework. Specifically, the comparative analysis used elements from the Security and Privacy sections of the Standard:
To see The Digital Standard in full, please visit: https://www.thedigitalstandard.org