TVs and other Internet-connected appliances almost universally lack application sandboxing and other exploit mitigations that are a standard part of computer and mobile operating systems. Even worse, most devices run old versions of Linux and open source browsers that contain critical vulnerabilities. While patches are generally available on the Internet for the individual components, manufacturers rarely give customers a way to install them on the devices in a timely way.
This is not a great hack (broadcasting malicious code over TV signals), but even worse is that unlike your other devices most IoT devices never see an update. It’s like people didn’t even think they might need to update these TVs at any point. FFS.