These exploits should certainly be fixed, they're security holes which can let malware into the TV. The same exploit that lets us root our TV would also allow anyone else to root it.

On the other hand, the ability to physically flash our own software into any hardware we buy should be a basic consumer right. There should be no need for exploits in the first place, it should be a built in feature.

You will never have both, however, the "consumer can flash hardware" one guarantees a remedy to any malfeasant software. The other incents learned helplessness.

> These exploits should certainly be fixed, they're security holes which can let malware into the TV. The same exploit that lets us root our TV would also allow anyone else to root it.

What dangers are there for TVs in terms of malware? This isn't a phone or a computer which holds sensitive information. The very worst that could be done would be to steal your streaming service session cookies.

These goddamn TVs are coming with cameras and microphones now. It's fucked up. I don't even want the manufacturer having access to this. The idea that some malware could install itself in the TV due to internet connection and security holes and have invisible access to these sensors is seriously frightening.

If there are no sensors on the TV, malicious actors can always use it to mine Monero at my expense.

some TVs came with cameras, for gesture based remote control.

yes, it was found that the cameras were abused.

or what if the malware took screenshots of what you were watching every so often? oh wait, that was also found to be a built-in "feature".

otherwise, they are a foothold onto the rest of your internal LAN, possibly with other more vital IoT devices ready to be compromised, or at least serve as a botnet army

I mostly agree with you. I too like to actually own my hardware.

However, another angle to view it is that these are huge security vulnerabilities. Visiting a webpage on your TV to install a custom firmware could also be used for great evil as well.

So letting this huge holes exist is not that great, but there should be an easier on path for people who want their own custom firmware.

I think Google phones do a good job here. It's nearly impossible to accidentally flash your phone with an unsigned firmware, but you can also unlock the boot loader and do whatever you want.

> It's nearly impossible to accidentally flash your phone with an unsigned firmware, but you can also unlock the boot loader and do whatever you want.

From what I have heard, that "whatever you want" excludes important things like banking apps.

That's really on the app. Google provides a flag to the app if they detect tampering, the app chooses to limit functionality.

The security angle is also the way to legislate this stuff away.

Can you explain more explicitly what you mean by that?

Right now, businesses with no expertise in software can make poorly-designed IoTs because there is no cost associated with it.

Forbidding such things will be like whac-a-mole; but forcing businesses to provide security update support for 5 or 10 years if their product offers internet, wifi, or cellular data connections would make some businesses balk.

As with all things, these costs are off-loaded to the consumer and it leads to some serious problems when scaled.

From the business side, having a quantifiable cost for security would also extinguish some bad ideas; perhaps by the bean counters.

> People hacking on their own TVs is quite literally a victimless crime (besides yourself, if you brick your one TV), because you knowingly void the warranty.

Nitpick: it's not a victimless crime, on account of not being a crime at all.

The term "victimless crime" itself is an oxymoron.

> It's a damn shame companies feel incentivised to do this.

There are other comments in this thread talking about disabling ads. The companies are financially incentivized to keep those ads running.

Though on the flip side, I consider ads even more reason to demand full control over my hardware.

Worth noting that in the Mazda case, unlocking Android auto in the 2014-2018 cars is a paid upgrade you can do at the dealer.

So, the incentives there are a lot clearer.

It’s not even a crime. It’s like using a sheet of plywood from the hardware for a novel use other than protecting your windows before a storm.

Or using a tomato for something other than a pizza base.