The majority of Android television set-top boxes available today use outdated software and are riddled with security risks, according to new research.
Popular on online emporia such as eBay and Amazon, the devices are typically running outdated versions of Android, and are rarely patched.
The claims were made by security firm Tripwire, which bought and tested ten Android TV boxes to explore how they responded to security threats.
Speaking to security news website Bleeping Computer, Tripwire security researcher Craig Young refused to disclose the makes and models of the set-top boxes Tripwire tested.
"I will say, though, that I see several of the tested devices on the first page of results when I search for 'Android TV box' on Amazon US, Amazon UK, and eBay," he said.
According to the researchers, every single device they tested came with out-of-date and bug-ridden versions of Android. And many of them hadn't received a security update for at least a year.
While Google is the creator of Android, Young explained that the vendors are responsible for ensuring that their devices are up-to-date and that they can protect customers from cyber attacks.
The devices are also able to install Android apps from "untrusted sources" by default, and this can lead to them becoming infected with malware.
Attackers can even hijack these devices remotely. "On several systems, it was possible for an attacker to connect over a network to the TV box and gain complete control of the system without prior authorisation," said the researchers.
These devices are sold as budget products, and this explains the lack of security."The best advice that we can give to any consumer is to buy a product from a known brand that has made a commitment to support the devices in the field," said Young.
"Buying random products from unknown brands is risky but they are deemed especially risky when they advertise access to paid content for free. If it looks too good to be true, it probably is."
Sophisticated mobile malware campaign could help hackers gain access to users' iPhones, warns McAfee
iPhone users tricked into installing open-source mobile device management software
Sailed through the uphill climb with a maximum speed of 75 mph
'Space sails' based on photonic materials funded by NASA's Innovative Advanced Concepts programme
HP Z Workstations include small form-factor Z2 Mini G4 with Nvidia Quadro or AMD Radeon Pro GPUs