Smart televisions offer internet access, streaming apps, and sometimes even built-in cameras and microphones. They're also collecting loads of personal data in order to sell it and serve up targeted ads. And because these TVs are always connected to the internet, bad actors can potentially hack into your television to install malware, capture your streaming credentials, or access the camera and microphone to snoop on you. At worst, they could even use this access to find a backdoor into your router and hack your connected smart home.

FBI's Best Practices

A few years back, the FBI issued a warning about the risks of smart TVs to your privacy and offered several recommendations. The agency also noted that TV manufacturers and app developers have the ability to listen to and watch you. This all sounds like the worst type of nightmare scenario, but it shouldn’t make you afraid to use your smart TV. The FBI offers a few guidelines and best practices to better ensure your security and privacy:

• Know exactly what features your TV has and how to control them. Consult the manual that came with the unit (if you still have it) or do a basic internet search with your model number and the words “microphone,” “camera,” and “privacy.”
• Don’t depend on default security settings. Change passwords if you can—and know how to turn off the microphones, cameras, and collection of personal information, if possible. If you can’t turn them off, consider whether you're willing to take the risk of using that model and service.
• If you can’t turn off a camera but still want to disable it, a simple piece of black tape over the camera eye is a back-to-basics option.
• Check the manufacturer’s ability to update your device with security patches. Can it do this? Has it done it in the past?
• Check the privacy policy for the TV manufacturer and the streaming services you use. Confirm what data they collect, how they store that data, and what they do with it.

What the Experts Say

Besides the FBI's always relevant advice, we asked two industry experts to weigh in on the issue. Shane Barney, Chief Information Security Officer at cybersecurity software provider Keeper Security and John Gallagher, VP of Viakoo Labs at enterprise IoT security platform Viakoo both shed light on TV hacking.

What are the potential risks for smart TV owners from hackers taking advantage of vulnerabilities?
Barney: Smart TVs are no different from any other internet-connected device in your home. They run operating systems, they connect to cloud services, and they rely on software that requires regular updates. If vulnerabilities go unpatched, an attacker could potentially exploit them to install malicious software, harvest streaming credentials, or use the TV as an entry point into the broader home network.

Gallagher: Unlike even a few years ago, today’s home electronics have powerful processors, memory, and networking capabilities that can be exploited by threat actors. Powerful processors enable malicious hackers to mine cryptocurrency (like Monero), perform edge processing on the data they collect, and launch more massive attacks such as DDoS. The biggest risk is that with AI much of the video and audio data can be processed and repurposed very efficiently for nefarious purposes.

Barney: In most cases, the goal would not be to interfere with what you are watching. The real value is in using that device as a pathway to reach laptops, routers, or other connected systems where more sensitive information lives. As households add more connected devices, each one contributes to the overall exposure, so keeping firmware updated and securing the home network remains important.

What are the potential privacy threats and infringements from the smart TV manufacturers themselves?
Barney: For most consumers, the larger concern is not hacking but data collection. Smart TVs often gather detailed information about viewing behavior through features such as Automatic Content Recognition. Over time, that information can paint a surprisingly comprehensive picture of household interests, routines, and preferences. While manufacturers explain these practices in privacy policies, those disclosures are often dense and difficult to interpret.

Gallagher: The potential for threats and exploits is massive because by agreeing to their “terms and conditions” in setting up a device you allow it to listen and monitor activity within your home. In corrupt hands this can assist in defining what sort of target you are, what your habits are, when your home is unoccupied, and much more. With AI thrown into the mix you can also use this data for creating hyper-realistic deepfakes, using voice and images to identify individuals, and coordinating data across multiple users.

Barney: The issue is not necessarily malicious intent but transparency and control. Once data is collected and shared within advertising ecosystems, consumers typically lose visibility into how broadly it is distributed or how it may be combined with other data sources.

Have there been real instances of TV manufacturers using smart TVs to snoop on users, either purposely or accidentally? For example, can they use and have they used the cameras and microphones to record users?
Barney: From a technical standpoint, any device equipped with a camera or microphone has the capability to capture audio or video. In normal operation, those components are activated only when a user engages specific features such as voice commands or video applications. The broader privacy concern with smart TVs is less about active surveillance and more about data collection tied to viewing behavior. Many devices gather information about what is being watched in order to support content recommendations and advertising models.

Gallagher: Both through licensing agreements and general law findings there is “wiggle room” for the device manufacturer to snoop on users without violating laws. By voluntarily agreeing to share data with the device manufacturer you lose a reasonable expectation of privacy for that data, leaving the device manufacturer legally able to access and use the data.

Barney: The more credible security risk tends to be compromise rather than intentional spying. If a device were poorly secured or left unpatched, those features could potentially be accessed by unauthorized parties. That is why it is important for users to review device settings, disable capabilities they do not use, and keep firmware updated. Those steps significantly reduce both privacy exposure and security risk.

Gallagher: And yes, there have been cases (such as Amazon and Ring) where the device manufacturer using that data has been raised in court. Most recently, the alarm bells that went off with Ring’s Super Bowl 2026 ad featuring its “Search Party” function that can track lost dogs (or humans without their consent) shows that privacy is still a major public concern. 

Recommended by Our Editors

The Best Gaming TVs for 2026

The Best 75-Inch (and Up) TVs for 2026

The Best 65-Inch TVs for 2026

We hear a lot about automatic content recognition, or ACR, being used to monitor what people watch and do on their TVs for the purpose of sending them targeted ads. Is this a feature of concern? If so, how can a consumer disable or limit this feature?
Barney: Automatic Content Recognition is something consumers should at least be aware of. It is designed to analyze what is being displayed on the screen so that content recommendations and advertising can be tailored more precisely. From a security standpoint, it is not inherently malicious. The concern is around the volume of behavioral data being collected and how that data is used or shared downstream.

Gallagher: ACR enables the device manufacturer to precisely track the content you are viewing, ostensibly to better target ads for you, but it also provides the device manufacturer with data you may not want them to have to use. Turning it off is the best option if you’re concerned, which may require digging through menus related to viewing data or interactivity to find how to turn it off (the device manufacturers do not make it easy). 

Barney: For consumers who are uncomfortable with that level of tracking, most manufacturers provide privacy settings that allow ACR or personalized advertising features to be disabled. The terminology varies by brand, so it often requires navigating through privacy or viewing data menus during setup or within system settings.[Samsung just agreed to update its language around ad-tracking in response to a Texas lawsuit.] Taking a few minutes to review those options gives users more control over how much information is shared.

What should smart TV owners do to protect themselves and their privacy? Are there specific features that consumers can disable or reconfigure to improve their privacy?
Barney: Smart TV owners should approach the device with the same mindset they use for a laptop or smartphone. Start with the basics. Make sure the TV is running the latest firmware. Review privacy settings and turn off any features that are not necessary, especially those related to viewing data collection, voice activation, or camera access if those capabilities are not being used.

Gallagher: At the heart of this issue is that as the device owner you are empowered to turn off or limit the device’s spying capabilities. If it has a camera you can cover it. Turn off voice recognition or “always listening” functions. If it has ACR, you can disable it. Find and delete data that your device stores before it is uploaded or otherwise processed.

Barney: Beyond the device itself, home network security plays a significant role. Strong router passwords, current router firmware, and modern Wi-Fi encryption reduce overall exposure. If possible, placing connected entertainment devices on a separate guest network can limit the impact if one device were ever compromised. None of these steps is complicated, but together they meaningfully reduce risk.

Gallagher: For the more network-savvy users there are network access control functions that can enable you to have the device operate as “inbound only” where it can receive streaming data but not send data outbound.

Do you have any other tips for smart TV owners looking to protect their security and privacy?
Barney: One of the most overlooked risks involves account credentials. Streaming services often store payment information and personal data, yet many consumers reuse the same password across multiple platforms. If one service is breached, those credentials can be tested against other accounts in a process known as credential stuffing. Using strong, unique passwords for every streaming service significantly reduces that risk.

A password manager can make this much easier. Instead of relying on memory or reusing simple passwords, a password manager generates and securely stores complex, unique credentials for each account. That way, if one service is compromised, the exposure does not cascade into others.

Gallagher: The three most critical things for all smart device users to do in setting up a new device are to have it on a separate network from other computers in your home, to change the device password immediately on installation, and update the firmware to the latest/safest version. This makes the device itself able to withstand attacks and by being on a separate network it prevents lateral movement across your network if the device is infected. In addition, get to know what features the device has and disable them if not needed. 

Barney: It is also wise to periodically review which apps are installed on the TV and remove those that are no longer in use. Every additional application increases complexity and potential exposure. Smart TVs can absolutely be used safely, but like any connected device, they benefit from a little proactive attention. Consistent credential hygiene and basic configuration review go a long way in protecting both privacy and security.

How to Disable (Automatic Content Recognition) ACR on Your TV

ACR allows television manufacturers to track what content you watch on your TV. If you want to protect your privacy and limit third parties' access to your personal data, you'll need to turn off ACR features. The process varies based on TV manufacturer, but you should be able to follow the steps below:

• Samsung: On older models, go to Settings > Support and scroll down to Terms & Policies. Here, you’ll want to turn off Viewing Information Services (Samsung’s ACR technology), and Interest-Based Advertising (for personalized ad tracking). On newer models, go to Settings > All Settings > General & Privacy > Terms & Privacy. Select and turn off Viewing Information Services and Interest-Based Advertising.
• Sony: Go to Settings > Initial Setup and choose Interactive TV Settings or Samba Interactive TV (Sony's ACR equivalent) and set it to Off.
• LG: Go to Settings > All Settings. Scroll down to General and then scroll to a setting called LivePlus. Toggle it to Off. You can also go to About This TV > User Agreements and disable Personalized Advertising.
• Vizio: Press the MENU button on your TV's remote or head to HDTV Settings on the TV. Go to System > Reset & Admin > Highlight Viewing Data. Press the right arrow to turn off the setting.
• Roku: Go to Settings > Privacy > Smart TV Experience. To disable ACR, uncheck Use Information for TV Inputs.
• Amazon Fire TV: Go to Settings > Preferences > Privacy Settings and turn off Automatic Content Recognition.