AVS Forum banner

"liar liar... New samsung tvs do not encrypt voice data"

1K views 28 replies 11 participants last post by  Chronoptimist 
#1 ·
http://www.flatpanelshd.com/news.php?subaction=showfull&id=1425044211

"Wow, this is getting absurd. Samsung has been caught telling a lie twice in a row. After concerns that its TVs were listening, Samsung told everyone that voice data was encrypted. It was not. But but, it is only our old TVs - our new Smart TVs use encryption, Samsung told us. True? No... "

https://www.pentestpartners.com/blog/is-your-samsung-tv-listening-to-you-update/

"Our TV was a UE46ES8000, just over 2 years old. Samsung indicated above that our telly was quite old and didn’t feature the latest security features.


Not ideal, but at least they were aware of the problem; had fixed it on later models and were offering on a fix for early TVs. Fair enough.

But after 18 years in IT security, I’m quite cynical. So we bit the bullet and spent nearly £2,000 on a brand new Samsung TV a UE55HU7500, advertised widely as a current model.


The voice recognition process is a little different; press a button on the remote rather than say a ‘key word’. The audio codec is different too, but the lack of encryption is just the same.....
 
See less See more
#3 ·
Is this really an issue at all? What does someone stand to gain by intercepting your voice commands sent to the TV?
If you are concerned about privacy, well encryption does nothing for that - you need to disconnect the TV from the internet.

I agree . . . and I am 'happy' that the Samsung TVs I have in every bedroom are not web connected . . . but the promised 'advantages' of Smart TVs make it more likely that eventual replacement units will be internet aware.

My personal preference would for Smart TVs to offer mechanically switched enable|defeat on both microphones and cameras . . . otherwise I can foresee extensive use of black masking tape on any future Smart TVs in my home!

_
 
#8 · (Edited)
I'm all for zero spying and things like these cameras and mics to be truly disabled but I know that will never happen because hey, agencies like the NSA need it for their spying and people who don't think these companies provide info to the NSA/other agencies are dreaming. It was shown during the Snowden revelations that companies were handing over/allowing the NSA access to the info they collected. The worst was when employees there were passing along nude photos they got from email accounts they got access to or when employees used their powers to try and get back at exes.
 
#9 ·
But then what if everything you discuss in earshot of the TV is sent away to be checked for keywords?

I am not comfortable with it.
 
#26 ·
But then what if everything you discuss in earshot of the TV is sent away to be checked for keywords?
I am not comfortable with it.
That is nothing to do with encryption.
Encryption prevents the connection between your device and the server from being intercepted by a third-party.
It would still be sent to a server and decrypted on their end, and they can do as they wish with that data.

If you want privacy, and you have a Smart TV, you should disconnect it from the internet.

....smart phones able to record audio/video at will....
Not just smart phones. That applies to feature phones as well.

This is patently and absurdly false.
Are you joking? Voice commands are sent to a server and processed. Then sent to other companies that hire people to listen and validate the accuracy of the speech-to-text recordings.
Sure, it's not public, but it's not private either. Check the TOS for any device that uses voice commands.
In this case, Samsung appears to be sending the voice commands to Nuance Communications for processing. I have no idea who they forward it to for validation/analysis.

It's not an actual problem, it's just people keep complaining about it, much like the pathetic whining that Apple dared add an app for the Apple Watch in iOS 8.2.
Seriously, think of what someone would have to do just to listen to your voice or find you told your TV "channel six."
Really, what's the point?
Not all of us want private conversations inside our homes to be recorded, sent to a server somewhere, and stored indefinitely.
But as I have said a few times now, that is not an encryption issue, that is a "don't connect your TV to the internet" issue.
 
#10 · (Edited)
Yeah, and what if the Skype camera is broadcasting live video back to some server 24x7?

What if is fun, but it's not happening.

As an aside, going back to the source article it's interesting that the "unencrypted" content is binary data that though not SSL encrypted, doesn't appear to be a plain sound file either.
 
#21 · (Edited)
Isn't the link showing the text of the transcription had not being encrypted at all - that it was in plain text. Also they said "After the word buffer_id is a load of binary data, which looks audio-ish,". Then I think late they mention a different codec. Perhaps they should have checked it further but it may have just been easily readable audio data (either uncompressed or with a readily available audio codec).

Also samsung said "Samsung takes consumer privacy very seriously and our products are designed with privacy in mind. Our latest Smart TV models are equipped with data encryption and a software update will soon be available for download on other models.". If they had used a simple encryption method that could quite easily be decrypted by a simple formula (like rot13) that would also make their statement about taking consumer privacy very seriously also untrue.
 
#14 ·
With Onstar having control over "your" vehicle,Xbox one's facial recognition/movement tracking,Tv's,smart phones able to record audio/video at will,I think we're past it being a slight privacy issue.

Keep supporting these companies,and we are truly screwed.
 
#15 · (Edited)
On the other hand, many people really don't care; if my TV wants to broadcast everything it hears in my home 24x7, more power to it, aside from the fact that I feel sorry for whomever has to sit and listen to/sift through all that data.

I know you want a choice, and it seems that's what Samsung gives by letting you not connect to the Internet.
 
#16 ·
"SAMSUNG RELEASES UPDATE TO FIX SECURITY ON TVS"

http://www.flatpanelshd.com/news.php?subaction=showfull&id=1425889981

"Samsung lied when it assured everyone that its Smart TVs uses encryption to protect voice recordings from your living room. A new update partially fixes the problem, according to Pen Test Partners.

ENCRYPTION OF PRIVATE DATA

The update adds encryption to the recordings - and the server response - that are sent from your living room to Nuance, a company that specialises in voice recognition.

This means that you can now talk to your TV without having your voice broadcast for everyone to hear. However, Samsung has still not encrypted the information that is sent to “gdata.youtube.com” and “opml.radiotime.com”, which includes a transcription of the words you spoke......
 
#23 ·
You keep repeating that as if that will make it a fact. The reality is that Samsung must consider it to be something serious, since they first lied about it twice, and now have released a software patch to partially fix the problem, that you keep trying to claim is nothing.
 
#24 ·
It's not an actual problem, it's just people keep complaining about it, much like the pathetic whining that Apple dared add an app for the Apple Watch in iOS 8.2.

Seriously, think of what someone would have to do just to listen to your voice or find you told your TV "channel six."

Really, what's the point?
 
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Top