CATEGORIES
home News

Voice Data Uploaded By Samsung Smart TVs Is Unencrypted, Company Vows To Fix Issue

by Paul LillyThursday, February 19, 2015, 11:10 AM EDT
Samsung has confirmed that some of its slightly older Smart TV models are currently uploading recorded voice communication without any form of encryption to protect the user's privacy. This goes against what Samsung stated in a recent blog post clarifying the limited circumstances in which voice commands are recorded and transmitted to a server.

Backtracking a moment, the web freaked out when it was discovered that Samsung's Smart TVs were seemingly eavesdropping on living room conversations. The truth wasn't quite as nefarious, though a supplement to Samsung's privacy policy did reveal that some voice commands could be transmitted to a third-party service to convert the speech to text, in part to improve the service.

To clarify things, Samsung in a blog post trumpeted the usual company rhetoric about taking your privacy seriously and all that jazz, then proceeded to stick its foot in its mouth.

Samsung Smart TV

"We employ industry-standard security safeguards and practices, including data encryption, to secure consumers' personal information and prevent unauthorized collection or use," Samsung halfway fibbed.

The truth, as discovered by Ken Munro and David Lodge from security outfit Pen Test Partners, is that some Samsung Smart TVs aren't in fact using encryption at all when transmitting voice commands.

"What we see here is not SSL encrypted data. It’s not even HTTP data, it's a mix of XML and some custom binary data packet," Pen Test Partners explained in a blog post. " The sneaky swines; they’re using 443/tcp to tunnel data over; most likely because a lot of standard firewall configurations allow 80 and 443 out of the network. I don’t understand why they don’t encapsulate it in HTTP(S) though.

Anyway, what we can see is it sending a load of information over the wire about the TV, I can see its MAC address and the version of the OS in use."

This means hackers wouldn't even need to listen to the recordings to know what you're saying, they could just read the intercepted text. And if you have a nosy neighbor who's tech savvy, he could accomplish this over Wi-Fi -- no need to hack to the destination server.

We don't want to make a mountain out of a molehill here, and Samsung has said that it's working to introduce encryption on its older TV models that don't already have it. But it's a little unsettling that the missteps seem to be adding up.

Tags:  Samsung, Encryption, security, Privacy, voice recognition, smart tv
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment