TiVo Sent Fixes ‘Quickly’ After Notification

TiVo’s Stream 4K was the only streaming player out of 18 devices in a recent Consumer Reports rating that didn’t encrypt data it sent out, said the organization Monday. User information -- such as SSID, city and state, and longitude and latitude coordinates that could be used to pinpoint a street address -- were exposed, said CR, which notified TiVo. The Xperi-owned company “quickly agreed to fix the problem,” it said. TiVo attributed the weakness to a third-party app’s “transmission of certain data.” CR found the TiVo Edge DVR also was sending unencrypted data, but information didn’t include user data such as IP addresses, and CR didn’t see it as a risk to consumers. The TiVo Stream 4K flaw could leave users open to security vulnerabilities such as a malicious app that has access to a user’s network, CR said: An attacker could use the information, along with other valuable data, to create “an even more invasive attack.” TiVo fixed the problem by the end of March, a company spokesperson told us Tuesday: "We take consumer privacy very seriously and acted as quickly as we could -- pushing the fixes out to the affected devices."