TiVo Sent Fixes ‘Quickly’ After Notification
TiVo’s Stream 4K was the only streaming player out of 18 devices in a recent Consumer Reports rating that didn’t encrypt data it sent out, said the organization Monday. User information -- such as SSID, city and state, and longitude…
Sign up for a free preview to unlock the rest of this article
If your job depends on informed compliance, you need International Trade Today. Delivered every business day and available any time online, only International Trade Today helps you stay current on the increasingly complex international trade regulatory environment.
and latitude coordinates that could be used to pinpoint a street address -- were exposed, said CR, which notified TiVo. The Xperi-owned company “quickly agreed to fix the problem,” it said. TiVo attributed the weakness to a third-party app’s “transmission of certain data.” CR found the TiVo Edge DVR also was sending unencrypted data, but information didn’t include user data such as IP addresses, and CR didn’t see it as a risk to consumers. The TiVo Stream 4K flaw could leave users open to security vulnerabilities such as a malicious app that has access to a user’s network, CR said: An attacker could use the information, along with other valuable data, to create “an even more invasive attack.” TiVo fixed the problem by the end of March, a company spokesperson told us Tuesday: "We take consumer privacy very seriously and acted as quickly as we could -- pushing the fixes out to the affected devices."