Is it possible to load malware or spyware onto a Roku? I ordered a Roku Ultra online and it arrived with both the shipping package open and the box containing the Roku unsealed by those small plastic sealing tabs. Since I would be putting this on the same network that I use for online shopping and banking I began to wonder if it was possible for someone to have put some kind of malware or spyware on the Roku before it was shipped in order to put a sniffer on my router. Perhaps I am being overly concerned but is it possible to plant something like that on a Roku before it is shipped in order to sniff out sensitive information on a network? If so I need to return this Roku and order another one. If not, then it should be good to go as I am not concerned about it being a returned unit.
I ordered it from Amazon and as soon as it arrived and I realized that both the shipping envelope and the device box were unsecured I called Amazon about the issue. Of course they offered to let me return them and send another, but they said they could not until Monday when the 1/2 price sale was over. They did not explain why, but told me to wait.
I also contacted Roku help to ask if it was possible for a Roku to have had malware or spyware inserted before it was shipped. I did get a reply telling me it was not possible but when I responded, not once but twice, asking some follow up and verification questions I never got any response.
Part of me thinks that I am just being a bit paranoid but I do know what can be done with key loggers and the like so I am concerned enough to have not hooked up the Roku yet. The likelihood seems small but the possible damage could be great.
As for the reset, I don't know why I did not think of that before. I would think that doing a factory reset would take care of any issues that might (but probably do not) exist. I will do that. And thank you for the suggestion.
While I understand your concerns, I don't believe you have much to worry about in that respect. Roku uses a highly modified version of Linux as the core of their operating system. I'm not saying that Linux can't be hacked, but it's highly unlikely that someone would try it on a Roku device. There's no real access to the OS without disassembling the case and getting into the internals. I just don't believe it would be worth the effort, as there's no way to upload anything into the OS locally. All updates and authorized channels have to come from Roku servers. Again, an attempt to access the internals of the player would likely be pretty obvious on the case.
Myself, I'd just be concerned that the player received had been sold once and returned as defective. If Amazon is simply going to replace the player with a new one, there shouldn't be any charges made, so you should still only pay what you paid for the first one.
Dan Roku Stick (3600), Ultra (4640), Ultra (4670), Ultra (4800), Premiere (3920), Insignia 720p Roku TV, Sharp 4K Roku TV, Nvidia Shield, Windows 10 Pro x64 running Serviio and Plex on a wired Gigabit network.
Thank you for the information. I did not know that Roky was based on Linux.
I decided to go ahead and give it a try. Out of an abundance of caution I first turned my cell phone's hot spot functionality on and hooked the Roku to it. The first thing it did was update so I suppose that the update would have cleared any malware regardless, and then I did a factory reset.
I understand that I probably sound like I am paranoid, but for some reason the open shipping bag and the unsecured Roku box just struck me as dangerous and I did not know anything about the internals of the Roku, nor how hard it might be to hack into it.
In any case I will keep an eye on my accounts but I am sure you are right. Thank you again.