TiVo Sent Fixes ‘Quickly’ After Notification
TiVo’s Stream 4K was the only streaming player out of 18 devices in a recent Consumer Reports rating that didn’t encrypt data it sent out, said the organization Monday. User information -- such as SSID, city and state, and longitude…
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
and latitude coordinates that could be used to pinpoint a street address -- were exposed, said CR, which notified TiVo. The Xperi-owned company “quickly agreed to fix the problem,” it said. TiVo attributed the weakness to a third-party app’s “transmission of certain data.” CR found the TiVo Edge DVR also was sending unencrypted data, but information didn’t include user data such as IP addresses, and CR didn’t see it as a risk to consumers. The TiVo Stream 4K flaw could leave users open to security vulnerabilities such as a malicious app that has access to a user’s network, CR said: An attacker could use the information, along with other valuable data, to create “an even more invasive attack.” TiVo fixed the problem by the end of March, a company spokesperson told us Tuesday: "We take consumer privacy very seriously and acted as quickly as we could -- pushing the fixes out to the affected devices."