Find a remote vulnerability, or find the device on the circuit board where it's stored, connect a reader to it, and dump it. Not trivial, but not impossible. The TV software just has to have one mistake, and TV companies aren't security experts.

All of the popular embedded platforms have had scores of vulnerabilites - Qualcomm, Android, WebOS, etc. - patched over time, new ones found etc.

Heck, it even took Microsoft more than one try to start to get it right. An interesting story is Microsoft attempting to protect its first game platform--the original Xbox from the early 2000's. There were numerous security protections and all were bypassed - from encrypted boot code to a device-unique hard drive key stored in EEPROM.

Microsoft got better and smarter with the 360--this time with unique keys and eFuses in the CPU but it was still eventually bypassed--not after the effective lifetime of the platform though.

Honestly I do not think Samsung would be concerned about the single-digit number of people who manage to get free internet this way.

If you really wanted it to be secure, you could use a TPM instead of a private key in memory, but that's overkill IMO. Who wants to take their TV apart in exchange for free crappy internet?