Skip to main content

Who’s watching what you’re watching? Avast finds vulnerabilities in Vizio smart TVs

VIZIO Reference Series Event
Jeffrey Van Camp/Digital Trends
Security researchers at Avast have demonstrated a number of vulnerabilities and potential attacks against Vizio smart TVs, including intercepting data that displays a person’s viewing habits.

Under the wide umbrella of the Internet of things and smart homes, Avast began to pull apart the security of a Vizio smart TV and found that it was susceptible to man-in-the-middle attacks due to HTTPS certificates that were not being validated.

Recommended Videos

Avast discovered that the TV was constantly accessing tvinteractive.tv, a website run by a company called Cognitive Networks. The service appears to gather a timestamp that reports what someone is watching and when, and then sends that info to the content provider or advertisers. Avast even discovered that the TV would accept a forged certificate when connecting to the site as it does not fully validate the HTTPS certificate. Instead it just validates the checksum at the end of the data being transferred.

Please enable Javascript to view this content

Essentially, the HTTPS certificate is what makes a connection secure, validating the information and telling the sender what a site actually is. Without it, a hacker could potentially steal the information. Carrying out a man-in-the-middle attack in which it impersonated the tvinteractive.tv with forged HTTPS credentials, Avast was able to crack the data that was being sent and view it.


“This data is the fingerprint of what you’re watching being sent through the Internet to Cognitive Networks. This data is sent regardless of whether you agree to the privacy policy and terms of service when first configuring the TV,” said the researchers.

The data is more like a snapshot of pixels rather than a clear view of what you are watching. Here’s an example from Avast. Vizio has a way of deactivating this tracking through the following commands: Menu -> Reset & Admin -> Smart Interactivity -> OFF.

Avast has dubbed its discovery as a possible attack vector into a person’s home network. It’s just the latest evidence that shows how a smart TV can make your local network vulnerable, and Avast claims that it could be a possible means to display content remotely on someone else’s TV.

“Further investigation is needed to demonstrate a proof of concept; however, this appears to be a potential attack vector for remotely displaying unwanted material on a person’s TV,” said Avast.

Vizio has patched these vulnerabilities and says the update will install automatically, but there is still no report on whether this update has been successfully delivered to all TV owners yet.

Jonathan Keane
Former Digital Trends Contributor
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
Software update looks to make the Vizio experience even faster
The new Vizio home screen.

Vizio today announced an update to its smart TVs that will make an already speedy experience that much faster with a "reimagined" Vizio Home, which saw a rebrand from the old SmartCast in mid-2023 that was largely hailed as a good start toward Vizio reclaiming some of its stature.

Promising a power-up experience that's twice as fast, as well as improvements when you're switching between apps, Vizio says the speed increase is due in no small part to advances in its cloud-based architecture.

Read more
NFL buffering on YouTube TV? You’re not alone today
An error message for the NFL on YouTube and YouTube TV

We've got bad news for anyone who relies on YouTube and YouTube TV for their NFL games — there's some definite lag happening today. It's so bad and so apparent that there's a message atop the YouTube TV help pages.

The message reads: "If you're experiencing buffering issues on YouTube, our team is aware and working on a fix. YouTube TV or NFL Sunday Ticket may also be impacted."

Read more
Vizio’s new Quantum 4K QLED TVs hit 75 inches for $699
Vizio Quantum 4K QLED Smart TV.

It's been a very quiet year for Vizio so far. The company didn't bring any new TVs to CES 2023, and the welcome announcement that it was updating its aging smart TV software was tempered by the fact that Vizio wouldn't say when its customers would be getting the new experience, simply called Vizio Home Screen.

Our own editor-at-large and resident TV expert, Caleb Denison, penned an op-ed in July outlining his concerns about Vizio's apparent retreat to the TV sidelines and what the company would need to do in order to compete with the onslaught of excellent TVs from TCL and Hisense.

Read more