With more devices now connected to the Internet, security and privacy issues are on the rise. But the latest news—that someone was able to hack a Vizio smart TV and gain access to a user's home network—again raises the issue of how safe smart TVs and other Internet-connected devices really are. And now a class-action lawsuit has been filed against Vizio alleging that its use of data from smart TVs violates both federal and California state law.
Earlier this year, Consumer Reports and others reported that TVs with embedded microphones and cameras—including those from LG, Samsung, and Vizio—were collecting and sharing user data on a fairly massive scale. Our conclusion at that time was that the automatic content recognition technology built into these smart TVs, which send out the data to third-party companies, meant that millions of smart TV owners could have inadvertently left an extensive data trail chronicling months, if not years, of their TV-watching history on the servers of companies they’ve never heard of. (If you do have a smart TV, we also published an article that tells you how to turn off the snooping features on your smart TV.)
The new lawsuit alleges that the data Vizio collects and shares on its customers' television viewing habits is insufficiently protected, allowing marketers to identify the customers by name. According to the complaint, this violates the Video Privacy Protection Act, a law dating to the 1980s that restricted video-rental companies from sharing information on what its customers were watching. The law has been applied in a number of cases in the digital era. The suit also alleges that consumers were misled about how their data would be used, in violation of several California statutes.
The lawsuit was already being prepared when Vizio came under intense scrutiny this week after researchers at security firm Avast discovered that the TVs themselves were vulnerable to hackers.
The Internet Of Things
Ars Technica has a fairly detailed explanation of the security issues uncovered by the Avast security team. The flaw allows what is called a "man-in-the-middle" attack—basically, a form of digital eavesdropping in which an attacker secretly intercepts and relays messages between two parties, in this case the smart TV and the third-party recipient of the data. Avast said that hackers could potentially gain access to the user's home network.
We've reached out to Vizio for its comment, but haven't yet heard back. We'll update this post when we get a response.
But the issues of security and privacy aren't confined to smart TVs. As more devices become connected to the Internet and each other—a concept generally referred to as the Internet of Things—we expect to see more of these issues arise. Earlier this week another security firm, Kaspersky Lab, tested several common connected devices, including Google's Chromecast streaming media stick, and discovered that flaws in that device could leave a home vulnerable to attackers. (The full story is available on the securelist.com website.)
If you're concerned about your privacy in an increasingly connected world, check out our article and video, Privacy Tips for the Internet of Things. There's also a broader discussion of what you need to need to know about the connected devices in your home in another article, In the Privacy of Your Own Home.
Copyright © 2005-2015 Consumers Union of U.S., Inc. No reproduction, in whole or in part, without written permission. Consumer Reports has no relationship with any advertisers on this site.