It would not surprise me if most TVs don't check. I remember LG or Samsung using unencrypted FTP to upload viewing data a few years back, so unverified TLS would be an improvement >_<
I'm pretty sure they don't check certs. If they did, there would be many corporate networks and even entire countries where they wouldn't work, because they use DPI on all inbound/outbound connections with SSL stripping.
Definitely should be checking certs, though I always worry about the flip side of these device security decisions. if there is no way to update the trusted root certs, your TV becomes terminally ill with software ewaste disease when the manufacturer updates stop coming.
I really don’t like hardware becoming waste because we don’t have a better iot cert pool update story
I trust YouTube to know how to bake their own cert and trustworthy tls libraries into their apps but I’m not sure if that’s common in other apps
At that point, cut all its connections from the Internet and use it as a dumb panel. Many people will say you should have never connected it in the first place anyway.
You can alway use a streamer box (custom Linux one, Apple TV, Fire Stick, etc) to give it "smarts".
