Roku ($ROKU), the company that brought Netflix Internet streaming to TVs in 2008, has soared to the top of both Amazon and Best Buy electronics sales charts with its super-cheap, super easy-to-use Roku Express.

That’s a great thing for the company, especially given the heavy competition from Apple, Google, and Amazon.

But according to a report released to Thinknum Media this morning from Consumer Reports, it turns out that those $29 best-selling devices aren’t just streaming Netflix: they’re leaving consumers wide open to hacks that could allow someone to do anything from change your TV’s volume to pull up unsavory content on, say, YouTube.

According to the report from Consumer Reports:

We found that a relatively unsophisticated hacker could change channels, play offensive content, or crank up the volume, which might be deeply unsettling to someone who didn’t understand what was happening. This could be done over the web, from thousands of miles away.

It's not just the stand-alone streaming devices that leave consumers open to these hacks. Samsung televisions, which also sell extremely well, along with other TVs that use the Roku TV smart-TV platform including budget-friendly TCL, are also open to the hack.

The findings, led by Consumer Reports along with cybersecurity and privacy organizations, are part of the publication's new Digital Standard effort designed to "create a digital privacy and security standard to help guide the future design of consumer software, digital platforms and services, and Internet-connected products."

The problems don't end with a hacker changing the volume of your TV, however.

The report also found that almost all modern smart televisions expose owners to data collection vulnerabilities. Most TVs sold today are "smart", meaning they have build-in computers and operating systems that allow you to get online and stream content from internet services like Netflix and Amazon Prime. They also ask owners to agree to share their viewing information with advertisers and content creators under the guise of recommending content that may be of interest. Even if you're watching something on Netflix, for instance, the TV is able to figure out what you're watching, log it, and share it with marketing partners. The practice is called automatic content recognition, or ACR.

The problem is that in many cases, that information, containing personal information and viewing habits, is vulnerable to data breaches. And in some cases, the report found, like with Sony televisions, it can be very difficult to opt-out of ACR information-sharing programs. So hard, in some cases, that Sony forces you to take the TV offline if you don't agree.

So how do you protect yourself? When it comes to ACR and sharing your information - check your TV's setting very carefully. As note, just about all - aside from Sony - allow you to opt out of sharing your information. If all else fails and you're concerned for your information, simply take your TV offline by turning off its WiFi connection.

As for the control hack on Roku and Samsung devices, when on your WiFi network, never click on links that you don't recognize. In fact, never click on links that you don't recognize on any WiFi network. Fake virus scans and security checkups are often just malicious companies and groups attempting to hijack your information for unsavory purposes.

Be careful out there.

Ad placeholder