Samsung smart TVs not only record conversations, they share them over the Internet with everyone else
via Flickr © LGEPR (CC BY 2.0)
Last week, Samsung found itself in hot water after some determined, and presumably bloody-minded person actually sat down and read the reams of densely-packed, minuscule print that makes up Samsung's TV interminable terms and conditions (T's and C's) that come as part of the deal when a consumer buys a smart television. More than 50 per cent of the smart televisions sold in the UK are from the Korean manufacturer. They are high quality and relatively inexpensive. They are also surveillance devices.
That anonymous hero who waded through Samsung's interminable T's and C's discovered that not only can these TV's record voice commands to control the device they can also, routinely, also record private conversations conducted within their "earshot" and then send them off to "third parties" over the open Internet.
The revelations caused such a furore (even though it has long been known that smart TVs from other manufacturers such as LG and Toshiba also record the private conversations of users) that Samsung was forced into making a public statement confirming that "If your words include sensitive information, that information will be among the data captured and transmitted to a third party."
Smart TVs have voice recognition technology embedded in them to enable the capture of spoken commands that are used to carry out tasks such as changing channels or increasing and lowering programme volume.
In 2014, Which?, the influential and vendable UK consumer rights and product review organisation, investigated the capabilities of a comprehensive range of smart TVs from various manufacturers and concluded that all of them can, and do, track user's viewing habits to a greater or lesser extent. Consumers give the manufacturers permission to do so in the T's and C's. If they don't, some of the expensive smart features that they have paid for simply don't work. It's worse with Samsung sets. If user permission is not granted, none of the smart features will work.
Samsung says is transmits voice commands together with "information about the TV including device identifiers" to third parties and, of course, along with the voice commands go other, private, conversations, that have taken place within range of the TV's electronic ears.
It is "Big Brother" in action. In George Orwell's dystopian novel '1984' the ubiquitous "telecreens" in each home and in all public places transmit non-stop propaganda and also act as surveillance devices to spy on and control the populace. As Renate Samson, of the campaign group Big Brother Watch, says, ‘This thing [the smart TV] is going to be in your house, listening in on you. Samsung say they are providing you with a service, but really the only service you need from a television is to watch programmes."
Smart TVs can act themselves on simple commands from users, such as switching on or off, but more complex instructions and comments are recorded and sent via the Web to a third party company. Most of the recordings made by Samsung go to Nuance, a company in the US, for "interpretation and response."
Samsung won't (yet, anyway) say whether or not it keeps user data from interactions with smart TVs so we can probably take it for granted that it does. It seems likely that the company is building a vast database of consumer preferences and working on technology to to identify individual voices. Currently, all that Samsung will say is that it does not sell on any such data and that it complies with all data privacy laws.
The obvious answer is for a user simply to disable voice recognition, but that prevents the use of many of the smart features that have been paid for. And, even when voice recognition is "off", Samsung still continues to collect some data. It admits, "Samsung may still collect associated texts and other usage data so that we can evaluate the performance of the feature and improve it."
And now, it seems that Samsung is sending out the data it gets from its smart TVs, unencrypted, via the public internet, potentially allowing others to eavesdrop on and even hijack user data.
According to the David Lodge of the security consultancy Pen Test Partners, his company set the network inspection tool Wireshark to examine data being beamed from Samsung smart TVs out onto the Internet. It showed that whilst current Samsung sets record voices only after a wake-up command has been given they devices have the potential to send unencrypted voice data to a third party via a future firmware upgrade. The information is sent, unencrypted, over port 443, the post normally used for TLS-secured HTTPS connections and thus, not set behind a firewall.
As, Mr.Lodge sys, “What we see here is not SSL encrypted data. It’s not even HTTP data. It's a mix of XML and some custom binary data packet.” He adds, “Based on the limited information leaked in plaintext, there’s plenty to suggest that interesting data is making its way on to the interwebs from your TV. Samsung, could at least protect it with SSL.”
And, today, Pen Test Partners says it can actually decode encoded voice audio, allowing the replay of what the Samsung smart TV actually heard being spoken.
The latest research says that at least some 250 million smart TVs will be sold this year. Caveat emptor - and be careful what you say in front of the gogglebox. It's listening and is telling others what you say.