Samsung Smart TVs Don't Encrypt the Voice Data They Collect

itwbennett writes A week ago, the revelation that Samsung collects words spoken by consumers when they use the voice recognition feature in their smart TVs enraged privacy advocates, since according to Samsung's own privacy policy those words can in some cases include personal or sensitive information. Following the incident, David Lodge, a researcher with a U.K.-based security firm called Pen Test Partners, intercepted and analyzed the Internet traffic generated by a Samsung smart TV and found that Samsung does send captured voice data to a remote server using a connection on port 443, a port typically associated with encrypted HTTPS, but that the data was not encrypted. "It's not even HTTP data, it's a mix of XML and some custom binary data packet," said Lodge in a blog post.

What?

"We just thought sending it over port 443 alone was enough to make it encrypted. Boy do we feel silly."

Re:What?

[gweihir]

Sounds like some first year CS students with big egos and small skills. I remember quire a few of those.

Re:What?

"We just thought sending it over port 443 alone was enough to make it encrypted. Boy do we feel silly."

More like, 'hey, our onboard stuff isn't up to encrypting this data without introducing a noticeable performance hit, but if we use port 443 it'll escape any ISP intercepts along the way as it'll look like legit https stuff, no-one would ever try intercepting/monitoring that stuff'

Poor naive fools..

Re:What?

In my experience most of them have gone on to be corporate drones pushing six-figure salaries. With big egos and small skills ;p

... and this is surprising how?

[Selur]

Come on, it would have been surprised if they did encrypt the data in a decent way,...

Re:... and this is surprising how?

[hcs_$reboot]

You may want to investigate how encryption works in your android samsung phone...

Re:... and this is surprising how?

[Dutch+Gun]

Yeah, same here... pretty much called it in the last article about this. It's sort of unbelievable, though, in some way, that no one stops to think of security and privacy ramifications of these things though. Yet it happens time after time after time.

I wonder if it's perhaps an engineer-type mentality that gets so focused on building cool new things, they just don't stop to think about how those new things can be abused or exploited to do bad things. Like when Microsoft decided to embed scripting-type functionality in all their Office documents, and now *whee*, we've got document-based trojans. Then they had to clamp down on all that scripting. Or how Adobe turned on scripting functionality by default in PDFs, giving us a crapload of exploits for a feature very few people ever used. Result - you have to turn off scripting to stay safe when reading PDFs, and eventually browsers took it upon themselves to do it safely for you. I guess engineers don't typically think like baddies, figuring out how to use technology to hurt people or steal from them.

This is not privacy-related data they're exploiting on purpose, because it doesn't do any good from a marketing standpoint. The only other explanation is that it's just an oversight. It's not the first time, and it probably won't be the last. On the other hand, given the fact that the NSA still collects all of our traffic, and US Citizens aren't up in arms about it, maybe they're correct in calculating that most people just don't give a damn about that sort of thing outside of a vocal minority.

Re:... and this is surprising how?

[sectokia]

You would think that they would at least try and make it look encrypted, even basic XORing with a salt over and over. Its pretty scary though... it appears the transmit packets carry the sound recordings themselves out over the internet, and back comes multiple plain text opinions of what was said along with confidence numbers and other info that helps with context decisions. But yeah... this is really no different than using google with out https. Like most people did for years....

Re:... and this is surprising how?

[Carewolf]

Come on, it would have been surprised if they did encrypt the data in a decent way,...

What is the point of encrypting private data when you are secretely violating someone's privacy?

Re:... and this is surprising how?

[Mister+Transistor]

But it's not a secret. You know when you buy one of these your voice is going to be transmitted over the internets for analysis. You would expect them to take some obvious steps to secure the potentially private information from third parties but there is nothing "secret" about the collection and transmission of the user's voice. The only potential violation of privacy here would be the ability for a third party to intercept the unencrypted data on someone.

Re:... and this is surprising how?

But it's not a secret. You know when you buy one of these your voice is going to be transmitted over the internets for analysis. You would expect them to take some obvious steps to secure the potentially private information from third parties but there is nothing "secret" about the collection and transmission of the user's voice. The only potential violation of privacy here would be the ability for a third party to intercept the unencrypted data on someone.

Third party? I kind of doubt even that would be considered a violation.

How many here have read the entire Smart TV EULA?

Yeah, I thought so. About as many owners have.

You probably signed your privacy away before you even screwed in the antenna.

Re:... and this is surprising how?

[gstoddart]

It's sort of unbelievable, though, in some way, that no one stops to think of security and privacy ramifications of these things though. Yet it happens time after time after time.

Laziness. Incompetence. Greed. Lack of penalties.

The lack of penalties pretty much guarantees the other three.

When companies carry actual penalties for doing a terrible job of security, they might try harder. Until then, not a chance.

If all they have to do is say "oh, gee, we're not really sorry" and have no consequences, this will keep happening.

Which is precisely why you should assume any piece of consumer electronics which wants to connect to the internet was pushed out the door by lazy, incompetent, greedy bastards who bear no legal penalty for screwing up on security and privacy.

Because the reality is, that's probably exactly what happened.

Bring in real privacy and data security laws, or just straight up assume the product doesn't give a crap about you.

Re:... and this is surprising how?

[coofercat]

Absolutely.

Samsung just can't write software. Every piece of software they're responsible for has a problem one way or another (or at least all the ones I've ever seen - and I've got a Samsung phone or two, so I've seen a lot). Their hardware is generally good, so they should stick to doing that and let the rest of us take over their software. Hell, if they had the whole of their "smart" features in a sort of plug-in box, then they could invite other 'partners' to make entirely new TVs out of their base hardware - that would be awesome for us consumers and it would mitigate the utter shitness of their own software.

If in doubt, unplug the TV - all the smart bollocks you've paid for are now useless, but at least you're safe.

Re:... and this is surprising how?

Signed? Show me where I signed. Thanks.

Re:... and this is surprising how?

[putaro]

If the security sucks, the product usually still works. That's the basic problem.

Re:... and this is surprising how?

[gstoddart]

But it's not a secret. You know when you buy one of these your voice is going to be transmitted over the internets for analysis.

Does your average TV owner know this? Is it explicitly marked on the package?

Because until they announced they might be sending your voice to third parties, I'm betting your average consumer had no frickin' idea that was happening.

The only potential violation of privacy here would be the ability for a third party to intercept the unencrypted data on someone

Well, first they broadcast it in the clear, and then they're giving it to a third party to do the work.

Everything about this system, from end to end, is more or less designed to violate your privacy.

Because the "security" is pretty much non-existent.

Corporations need to have huge penalties for implementing "security" like a bunch of lazy chimps. If they aren't, then people should be well informed that the security of their product was, in fact, written by a bunch of lazy, indifferent chimps.

Re:... and this is surprising how?

this is really no different than using google with out https. Like most people did for years....

If you had a speech to text program entering those http google searches for all your conversations in the room, sure.

Re:... and this is surprising how?

[dimeglio]

your voice is going to be transmitted over the internets for analysis.

Why would a normal consumer assume that? He's talking to the TV, not chatting with someone using Skype.

Re:... and this is surprising how?

[Ksevio]

True - my samsung non-smart TV has plenty of bugs - you can't even scroll through OTA channels for very long without it freezing up - something QA should have easily caught. If they can't do basic QA to make sure features work, they're definitely not doing anything to make sure it's secure.

Re:... and this is surprising how?

[Charliemopps]

There is no legal obligation to encrypt.
There is no culpability if the data is lost.
It costs time and money to secure it.

Why would they bother?

Re:... and this is surprising how?

Why would a normal consumer assume that?

Because that's how pretty much all voice recognition software works, be it Apple Siri, Google Now, Microsoft Cortana or something else. You push the button, and what you say gets transmitted to a remote server for analysis. You din't think your iPhone was doing real-time voice recognition and analysis, did you?

Re:... and this is surprising how?

Why not? Our computers can do speech to text easily enough on their own.

Re:... and this is surprising how?

Even assuming so, one might reasonably expect that such communications would use https.

Re:... and this is surprising how?

I can confirm that this is exactly the mentality of most coders.

Most of them don't even stop to consider what code they're writing, they're so fixated on the cool shiny. Code quality these days is the pits.

Re:... and this is surprising how?

[hawguy]

But it's not a secret. You know when you buy one of these your voice is going to be transmitted over the internets for analysis. You would expect them to take some obvious steps to secure the potentially private information from third parties but there is nothing "secret" about the collection and transmission of the user's voice. The only potential violation of privacy here would be the ability for a third party to intercept the unencrypted data on someone.

Why would someone think this? If my TV had voice detection, I would expect it to all happen locally, I certainly wouldn't expect the TV to record me 24x7 and send snippets of conversation to a central server for analysis.

Re:... and this is surprising how?

[TsuruchiBrian]

Add the government, laws, and lawyers to the mix. That should fix the problem /s

Have you seen the people that make the laws in this country? They are definitely dumber than the people that came up with this terrible software. And they are way fucking lazier. They will just have corporations write the laws for them so they don't have to do it, and have their interns read it so they don't have to do that either, and then they will just vote the way that their party wants them to, (unless someone wants to bribe them with more money than their own party is willing to give them), so they can keep their "job" (i.e. the thing that gives them money for selling power).

Re:... and this is surprising how?

[TsuruchiBrian]

Apparently not as well as a giant server/datacenter. Speech analysis works better with larger data sets.

Re:... and this is surprising how?

[TsuruchiBrian]

Do you expect that your smartphone's voice recognition is all happening in the phone?

Re:... and this is surprising how?

and the real kicker .. klever asians abusing the standards with sending data not meant for port 443 in the first place. Korea, Japan - taking (free) Linux and OSS and mucking it up, smearing the reputation of OSS and Linux. If they'd messed Windows or Apple OS like this, they'd be sued into the ground and out of existance.

Re:... and this is surprising how?

[hawguy]

Do you expect that your smartphone's voice recognition is all happening in the phone?

No, but I expect my smartphone to recognize more than "channel up" "volume down". Even my 2005 era feature phone could recognize key phrases without sending the audio anywhere. Surely a modern TV with multiple gigahertz CPU cores can do the same.

Re:... and this is surprising how?

[TsuruchiBrian]

I was under the impression that the TV also recognized (or at least attempted to recognize) more than just "channel up" and "volume down" as well. It is a "smart TV" that runs apps similar to the ones running on phones (like web browsers, VOD like netflix, that provide search capability).

In fact, I think I might be more likely to need voice search on a TV than on a phone, considering the TV has a worse typing interface (A remote with buttons not designed for typing words) and a smartphone has lots of R&D money poured into it's touchscreen/keyboard interface.

I don't know how well smart TV voice recognition works in reality (I think I own a dumb TV), but I could certainly use a voice recognition on the level of google or apple smartphones if it means I don't have to type "game of thrones" using the arrows on my remote to control a cursor on an on-screen keyboard.

No Trust

[thegarbz]

Doesn't encryption imply some level of trust in the other party? I.e. you know who you are sending sensitive data to?

If you don't trust Samsung to receive your personal data (as I'm sure few people do) is it relevant that it's not encrypted?

Re:No Trust

[Neil+Boekend]

I like to limit the amount of people I send my private data to. Preferably to 0, but to add random hackers to it is not the right way to go.

Re:No Trust

I don't particularly trust HMRC, but I'd like to know that when I send them my financial details several times a year that nobody else is going to be intercepting them in transit.

Re:No Trust

[gweihir]

That is exactly the point. The problem is the date being sent in the fist place. A likely application is a nice speech-sample database that can then be used to identify people where other means do not work. Even if Samsung itself did not intend that, the NSA and others will steal that database, it is just to appealing.

Re:No Trust

[tburkhol]

The problem is the date being sent in the fist place. A likely application is a nice speech-sample database that can then be used to identify people where other means do not work.

You have a microphone in people's living room, broadcasting every conversation they have, and the application you come up with is voice-print identification? Not listening for people reciting strings of numbers like account or social security. Not people discussing passwords, drug deals, or plots to blow up the Capitol. Not people talking about a new car, a new pregnancy, or an imminent wedding. The content of these conversations is (presumably) being sent home at least to do Siri-like speech to text, so even Samsung clearly has the processing power to generate transcripts for all of those conversations, easily searchable, tied to a specific consumer, and salable to marketing or security services.

Re:No Trust

[sacrilicious]

Yes, because now *everyone* listening at any stage of the transmission is privy to conversations in your home. Your ISP, for example. Your neighbor with whom you share a router, or someone who takes the trouble to crack your WEP (assuming you have encryption on your network, some people are still not that sophisticated).

Re:No Trust

[gweihir]

From the point of view of what these people want, sure. But speech recognition is still not advanced enough to automatize this. Speaker recognition is and has been for a while.

Re:No Trust

[penguinoid]

Doesn't encryption imply some level of trust in the other party?

Lack of encryption additionally implies some level of trust in everyone between you and the other party.

Re:No Trust

No, encryption implies some level of distrust in the medium of communication (your ISP, some TLA agency, etc). It's why the whole system of using certificates on executables is some degree of absurd. Sure, done right certificates guarantee that the malware you're getting did come from Malware Corporations, but it says nothing about said malware not, you know, doing malicious things. To say you "trust" Malware Corporations is only possibly true in the sense one "trusts" the devil to be evil.

Hence, it really makes sense to (almost) always use encryption. Even when you're conversing with the devil.

Re:No Trust

You have a microphone in people's living room, broadcasting every conversation they have

No you don't.

Re:No Trust

[thegarbz]

That depends entirely if you trust random hackers more or less than Samsung.

Re:No Trust

[Neil+Boekend]

No it doesn't. It's better to send my data only to Samsung and not to random hackers then it is to do both.

Not by much, but it is better.

I should go and cyanogen my S4 Active.

Re:No Trust

[thegarbz]

Yes it does. Example:

Send me your credit card details. As soon as I will get it I'm going to max it out. I'm also going to use the details in an attempt to steal your identity to further do damage to you.

Now given this information, what is the impact of sending me this data unencrypted?

Re:No Trust

[Neil+Boekend]

Not quite. Samsung has quite sufficient access to cc data. They probably wouldn't abuse mine. No certainty, mind you, but a chance.
If a hacker would get access to it the chance it would be abused would increase.
That is why it is better to send it to as few people as possible.

Added to that the data in the story is different. It's about data that can be copied losslessly. If I were to be filmed dancing naked to YMCA I would prefer to have it stolen by as little people as possible. My strong preference is 0.

That would be totally impossible by the way because I totally don't do that every Thursday night. *shifty eyes*.

New term

[SuperKendall]

I think we need a new term for something like this - security through stupidity.

Obscurity means that something is non-obvious enough that it takes work to uncover it.

Stupidity is where the way something is done is so stupid it makes you keep checking for something else going on.

To be fair though, if he just knows the speech captured is a blob of binary data sent but not the format how does he know THAT's not encrypted?

Re:New term

What if something else IS going on?

Imagine if this were to catch on, with voice data unencrypted. Imagine if most TVs end up having this. Imagine if we continue to let NSA-type agencies to continue capturing data in the name of fighting terrorists, child pornography, whatever.

Re:New term

[SuperKendall]

Forget the NSA, this can be super handy for the garden variety creep or stalker. Many remotes these days use some kind of wireless connection - so if I had a sniffer listening to network traffic from the house I could remotely trigger the remote's microphone key even from outside fire up listen mode...

Re:New term

...doesn't really matter if the binary audio blob is encrypted. The textual rendition of the content is sent back in plaintext.

Re:New term

[gweihir]

You are right, but this is not new. Politics uses fear and the stupidity of the frightened routinely to establish more "security measures" that do nothing to make people more secure, but primarily solve to protect those in power. All these "Internet surveillance helps against terrorism" claims are a good example. Here, even a really stupid person can easily deduce from the available facts that it does no such thing, bit add fear, and all rationality is gone.

Re: New term

You would not be able to distinguish between encrypted and compressed data (aside from some initial headers).

Re:New term

[Mr+D+from+63]

Yeah, cause that would be the easiest way to eavesdrop on only persons near the TV when it is on, the prime listening scenario. Great plan!

Re:New term

Imagine if this were to catch on, with voice data unencrypted. Imagine if most TVs end up having this. Imagine if we continue to let NSA-type agencies to continue capturing data in the name of fighting terrorists, child pornography, whatever.

Yes, I can imagine Americans continuing sitting on their asses and doing absolutely nothing about the problem. Instead of just sighing "man, this sucks" it would take a bit more effort than that to change things. It would take a dedicated revolution against NSA. However to me it seems that in the current world situation people do not have enough balls to start such a revolution.

Re:New term

Its not a problem of balls. Its that this is what Americans actually strive to be: (and many of them already are) http://i.ytimg.com/vi/9F8bs_THKiY/maxresdefault.jpg

Re: New term

[daveime]

I beg to differ after reverse engineering a bastardized version of LZSS used on CDs supplied by a major home and garden chain, simply by staring at it long enough and recognizing the flags, lengths and offset patterns. Encrypted data is a whole other kettle of fish to compressed data.

Re:New term

[Solandri]

Many remotes these days use some kind of wireless connection - so if I had a sniffer listening to network traffic from the house I could remotely trigger the remote's microphone key even from outside fire up listen mode...

Nearly all TV remotes use infrared, which doesn't pass through walls nor typical glass (remember the greenhouse effect?). The reason you cite is actually the converse of why they don't use radio. The FCC regulates radio broadcasts so any radio remote must fall within the open frequencies (900 MHz, 2.4 GHz, 5 GHz). Unfortunately that means every small radio device out there also uses those frequencies and there's a ton of interference.

Those clever TV manufacturers figured out pretty early on that they have an advantage over other remote communications devices. For you to watch TV, you have to have line of sight to the TV. If you have line of sight to the TV, then the TV has line of sight to you. So you can use an optical (infrared) link to control the TV remotely, and avoid the entire radio frequency mess.

Re:New term

[SuperKendall]

I was under the impression that most Samsung Smart TVs supported an RF remote in addition to IR.

If it's IR only, as you say it would require line of sight to the TV to activate.

Re:New term

That South Park episode dealt with four individuals standing up to a bully in an online game.

Re:New term

Sorry, I replied to the wrong post I guess. (Or slashdot glitched.)

Re:New term

That South Park episode dealt with four individuals standing up to a bully in an online game..

Good enough

"It's not even HTTP data, it's a mix of XML and some custom binary data packet,"

Well, XML is more or less unreadable. That is as close to a one way encryption any commercial company will get.

Could Tor Be Of Use Here?

Is there someway to squeeze Tor[1] into this?

[1] or some other type of Tor-like tech

Re:Could Tor Be Of Use Here?

[CodeReign]

What?!? why would that be helpful? The message still would go unencrypted from the TOR exit node to Samsung (or it's partners). Way too many people think that TOR = Secure.

Re:Could Tor Be Of Use Here?

[gweihir]

Way too many people have not even a basic understanding what security technologies do. Just look at the discussion about the Silk-Road bust. Most people assumed it was a TOR vulnerability being exploited, when it likely was no such thing as there are tons of possibilities to screw up that have nothing to do with TOR.

ssh

[MichaelSmith]

Next time use port 22. Its dead simple.

Port 443 makes it even worse...

Looks like someone was trying to make it look safe and secure, but was too lazy to implement it. This is cheating.

Re:Port 443 makes it even worse...

[hcs_$reboot]

Actually port 443 may have been enough, initially, to lure most hackers into thinking the communication was encrypted. Now that it's been made public it's not encrypted, however....

Re:Port 443 makes it even worse...

[drinkypoo]

Actually port 443 may have been enough, initially, to lure most hackers into thinking the communication was encrypted. Now that it's been made public it's not encrypted, however....

Most hackers have access to wireshark

FUD, HTH, HAND

Re:Port 443 makes it even worse...

[hcs_$reboot]

Most hackers have access to wireshark

FUD, HTH, HAND

Yeah, o'course, or tcpdump for the real ones. But my point was that usually 443 is a clear indicator of encryption, and hackers don't bother to try it, let alone run a packet sniffer on the port. But maybe you are the kind who runs wireshark on a "connection refused" port?

Re:Port 443 makes it even worse...

[gweihir]

Anybody that manages to listen to network traffic payload data will not be fooled at all by this.

Re:Port 443 makes it even worse...

[gweihir]

I don't know what kind of incompetent wannabe "hackers" you know, but anybody with at least some skill looks whether things are encrypted and does not simply assume.

Re:Port 443 makes it even worse...

[gweihir]

Likely budget overrun and/or developer incompetence, and then somebody lied about it.

Re: Port 443 makes it even worse...

No, it does not. Apparently the task was how to circumvent firewalls which might block and inspect traffic on certain ports. Port 80 might get through but be subject to packet inspection and changing of content. (Filter out words). Port 443 is a well known port and is usually not blocked. Usually no packet inspection takes place as it would require a Man in the middle type attack. So Samsung engineers solved their task... and made Samsung the laughing stock of the Internet Community.

Re:Port 443 makes it even worse...

[tburkhol]

But my point was that usually 443 is a clear indicator of encryption, and hackers don't bother to try it, let alone run a packet sniffer on the port.

Maybe if you're talking about a web browser. If you're talking about a bit of custom software embedded in a TV, then ports 80 and 443 only say "traffic that will probably be allowed by firewall rules."

Out Sonying Sony?

[EzInKy]

Is this really what Samsung wants to do? I've been steering everyone I know away from Sony products for more than a decade now, and what I suggest when they ask what brand they can trust I have always told them Samsung. I ask you, is there any major brand who are on the side of consumer/customer privacy out there anymore?

Re:Out Sonying Sony?

is there any major brand who are on the side of consumer/customer privacy out there anymore?

Of course not, you silly you.

Re:Out Sonying Sony?

[hcs_$reboot]

is there any major brand who are on the side of consumer/customer privacy out there anymore?

Google.

Re:Out Sonying Sony?

The key word here is "major", stay clear of that and you can find something.

Re:Out Sonying Sony?

[sectokia]

I'd actually say apple. Security failures are a pretty big deal for them. They make money though a walled system and hardware. Everything is encrypted. Heck... when my mac boots up off its firmware and goes to download the operating system from apple, even that is encrypted https.

Re:Out Sonying Sony?

[ledow]

Using basic encryption to authenticate a download of an operating system is to an official server is what I'd class as absolute bare basics.

Does it check hash values or signed packages? I would hope the answer's yes for anything made in the last ten years.

That's not a "killer feature". That's basic expectation.

On the Apple front - they do this by removing much of your control of the device. There are as many rogue apps on the iTunes store as anywhere else. There are also security problems that were left alone for just as long as everyone else:

http://arstechnica.com/securit...

(Note: published after 90 days past initial notification, the article says two were definitely still unpatched. Apple are no different to any other large company in this regard, so saying it's "a pretty big deal for them" is probably hyperbole).

I'd also say, just if they're making their money from hardware there's little incentive to fix software - at least compared to companies that just or primarily sell software.

Re:Out Sonying Sony?

[hcs_$reboot]

I'd actually say apple. Security failures are a pretty big deal for them.

Not so sure. Why? Because the strongest encryption model is beaten by password knowledge - and why that's bad with Apple? Because, for the sake of simplicity (I assume), there is no way / no trace / no warning / no notif in iCloud.com when accesses are made from different IPs within a given time range etc... ( gmail does that ). And basically entering one's iPhone / store password in a train (for instance), having people around over your shoulder makes someone able to access iCloud on your behalf using your account and access your data, "Where is my iThing" to see where you are at anytime... And if the guy doesn't change your data, you may never know about it. That's a problem when access is granted to such a powerful tool (and not using two-steps auth).

Re:Out Sonying Sony?

[gweihir]

No. They all primarily want to make money. Sony mighty be an especially repulsive example that cannot even do good engineering, but Samsung is not fundamentally different.

Re:Out Sonying Sony?

[stephanruby]

I ask you, is there any major brand who are on the side of consumer/customer privacy out there anymore?

The bigger the company and the brand, the bigger the temptation.

Re:Out Sonying Sony?

[hcs_$reboot]

^^^ Mea culpa. It seems things changed since last time I connected to icloud.com: now Apple sends an email (account) each time a login to the site is made. There is no IP, but browser brand and OS (based on user agent) are shown in the mail.

And video?

[aglider]

I think they also collect video from the camera when present (why not?) and I also think they will use the same "technology" to send it back home.
Is that encrypted? And, more important, is it allowed by law???

What about the firmware upgrades?

When you select 'check for upgrade to software' does it download that software in the same way?

You might think nobody would be that stupid, but Dell apparently updated their BIOS across an unencrypted connection without extra check on the binary and that was how the NSA took control of thousands of Dell servers.

(Of course this is the NSA, they also simply installed the malware at/near source at Dells factory):
http://resources.infosecinstitute.com/nsa-bios-backdoor-god-mode-malware-deitybounce/

And using https and a certificate is not enough if they can grant themselves fake certificates issued by real authorities, if Google cannot stop them mass intercepting Goog traffic then https cannot be used for sending binary updates:
http://www.theguardian.com/technology/2013/oct/30/google-reports-nsa-secretly-intercepts-data-links

But this is level of encryption (zero) is comically incompetent.

So turn the mic off..

[stealth_finger]

...Shut the fuck up moaning and use the remote.

Re:So turn the mic off..

[hcs_$reboot]

...Shut the fuck up moaning and use the remote.

It only sends data when using the speech recognition software. So don't use it.

Re:So turn the mic off..

[Racemaniac]

It's even better than this, the mic apparantly is only on when you press the voice command button to make the tv listen to a voice command. The mic is only on for a short period when you ask it explicitly. Then it sends whatever you said to the speech recognition server (just like every other speech recognition system atm), and the tv will get an answer as to what it's supposed to do.

The reason they have this in their terms and conditions is because the tv doesn't know what it'll send when you push that button, so it could be personal information. They're just covering their asses. And i would never use such a system, but i'm wondering what the big value is of encrypting data that would probably just contain someone saying "channel 77" or whatever the voice commands like that are.

This is just a lot of fuss about nothing, and a lot of people complaining because the summary makes it sound far worse than it actually is...
The first article was ridiculous. Ofcourse the voice commands get sent to a third party service. That's also how siri and whatever other such systems exist work. And it's not always on, you have to request it via the remote. So there's no privacy implication at all... It's just covering their asses.
And now it's that this data, which is very very unlikely to be sensitive isn't encrypted. If the hackers want to hear people name channels and other commands from the users of said tv's... good for them.

Re:So turn the mic off..

Voice samples with identifying metadata can be used to train a system to recognize voices. To me that is an issue. I have a Samsung phone and this Samsung TV smart control. I do not use any voice based functions at all, regardless of whether they use S voice, Google voice API, etc.

Re:So turn the mic off..

[stealth_finger]

So it's even more of a non-issue than I thought. Some people just love a good whinge about nothing.

Re:So turn the mic off..

[watermark]

Remotes work through windows

Re:So turn the mic off..

[Just+Some+Guy]

but i'm wondering what the big value is of encrypting data that would probably just contain someone saying "channel 77" or whatever the voice commands like that are.

This is backward. What is the big value of not encrypting it, given that the data payloads are small enough not to require massive CPU resources to do so?

Encryption everywhere is the sane default and should only be removed when there's a clear reason to do so. You don't ever have to justify why to add encryption to something; you're expected to justify removing it.

New term

Try to compress the data. Well-encrypted has a high-entropy and cannot be compressed.

Terms

[hcs_$reboot]

To be fair, what kind of words are likely to be sent - since data is only sent when explicitly using the voice recognition feature? "put channel 11", "switch on/off", "weather tomorrow" - probably not so juicy...

Re:Terms

[amalcolm]

So you are changing channels when your wife comes in screaming at you 'cos she just discovered you have a girlfriend? Not too hard to imaging scenarios where embarassing stuff gets transmitted.

Re:Terms

> To be fair, what kind of words are likely to be sent [...]

I think you don't know how this works. If it is similar to Siri and however its Android twin is called, there ain't remotely enough processing oomph (and memory) in the TV's embedded to make any sense of your mumblings and map them to commands like "put channel 11". So anything going on in the room is packed up and sent to "Teh Cloud" to make any sense of it. Being your dog whining, your husband yelling at you or your daughter phoning the boyfriend.

How anyone thinks *that* is a good idea escapes me, but well -- there are folks which buy a dedicated machine for that. I repeat: the spied-upon are paying hard-earned cash for this. I can't wrap my little head around that.

Re:Terms

[Mr+D+from+63]

To be fair, what kind of words are likely to be sent - since data is only sent when explicitly using the voice recognition feature? "put channel 11", "switch on/off", "weather tomorrow" - probably not so juicy...

If they heard what I was screaming at the TV during the NFL playoffs, I might be accused of a hate crime.

Re:Terms

Why do you say such things then? Why *shouldn't* you be accused of a hate crime if you think you are saying things worthy of it?

Re:Terms

[Jason+Levine]

When I got my new smartphone (not a Samsung model), I turned on the voice recognition feature thinking it would be cool to order my phone to get me information via voice only. It was cool, but the phone quickly started picking up on phrases that were not even close to my activation phrase. I'd be talking when suddenly my phone would beep indicating that it had heard some command it thought I had given and had tried to obey. This became too annoying so I disabled the feature.

If Samsung TVs are similar to my phone, they could capture what they think is your activation phrase when it's really nothing even close. Then, they could send voice recordings (non-encrypted) that you never wanted them to capture.

Re:Terms

In the privacy of his home, what business is it of yours?

Re:Terms

[camperdave]

It's a smart TV, an internet connected TV. Beyond the standard On/Off, volume and channel select, it should be capable of showing any Youtube content, browsing the web, etc. So it'll be picking up "Natalie Portman, Naked and petrified" and other embarrasing utterances. Also, because it is web-connected, people will use it to check their bank balances (account numbers and passwords)

Re:Terms

[camperdave]

It's not in the privacy of your home. It is being broadcast all over the internet. Didn't you read the privacy policy?

Re:Terms

[BronsCon]

How long until networks start airing ads containing "Samsung owners, say 'Smart TV tune to Fox News' or 'Hi TV tune to Fox News' for fair and balanced coverage". For references, "Smart TV" and "Hi TV" are the two configurable activation phrases on Samsung Smart TVs and, upon hearing this from the commercial, the TV would, in theory, automatically tune to Fox News. That's what scares me most about this "feature".

Re:Terms

[Jason+Levine]

I would hope any programmer would filter out the TV's audio from the voice input stream.

Then again, I'd also hope that any programmer would use encryption when sending the data and we know how well that worked out.

Re:Terms

[BronsCon]

You realize the reason they send the audio out for processing is that the TV doesn't have the processing power to do it, right? So that pretty much rules out filtering, no?

And that makes it worse, how?

[gweihir]

In an exceptional security disaster like this, the lack of transport encryption is a mere detail and not surprising at all. The problem is the mind-set of the people that made the decision to send anything the user did not explicitly authorize for each single case in the first place.

Re:Who cares?

[gweihir]

And if your neighbors start recording that, they go to prison in any sane jurisdiction.

Port 443

It's a shame that most posters on Slashdot don't realize how browser security works. Port 443 is the secure HTTPS port, so if you send data to that port, IT IS AUTOMATICALLY SECURE, and you simply don't have to worry about any of that pesky SSL protocol and messy key exchanges. Just trust the port, that's what it's there for!

Re:Port 443

As another tip, if some software is open source, it means that it is automatically secure and high-quality.

Re:Port 443

Also you can make an amazing cleaning fluid by mixing Ammonia and Bleach.

Oh for fucks sake, people.

[wiredog]

The microphone on the TV stays off until you command it to listen. You do that by pressing a large VOICE button on the remote.

Re:Oh for fucks sake, people.

[Mr+D+from+63]

But someone could sneak into your house, and hack your remote......and.......you know the drill.....

Re:Oh for fucks sake, people.

lol. why do they have to be in your house? infrared goes through windows.

Re:Oh for fucks sake, people.

lol. why do they have to be in your house? infrared goes through windows.

Oh my gosh, never though of that. If someone can get the IR signal through your window to activate the voice recognition in your Samsung TV, then all they need to do is hack into your internet traffic, capture your Samsung TV's packets, extra the data, and they'll know everything you ever said. I bet the CIA wishes they had this sort of technology during the cold war. So much easier than bouncing a laser off the window to act as a microphone.

Re:Oh for fucks sake, people.

herpa samsung defense force derp

Re:Oh for fucks sake, people.

Awesome! Finally someone who has had access to, and time to analyze, the firmware in all these TVs!

Re:Oh for fucks sake, people.

The microphone is on the remote. Sending infrared to the TV will not activate it. The remote mostly uses Bluetooth to communicate with the TV, although it does have IR as well.

The TV has a microphone too, to enable you to say "Hi TV, mute". However, that one has very limited voice recognition and does not send voice data anywhere. It is also useless.

Re:Oh for fucks sake, people.

^ This message brought to you buy the Ministry of Truth.

Re:Oh for fucks sake, people.

Why would they have to sneak into your house if it was like your husband who downloaded WIFE_SPY.fw firmware file so that he could eavesdrop on his house while nobody is home. Not a knock on Samsung... just another general statement against microphones in televisions, toasters & teapots.

Re:Oh for fucks sake, people.

MOD this up...seriously...do we blindly trust their firmware to only work the way they instruct us to use it? Do hackers put a huge VOICE button on systems they hacked? No, they bypass whatever checks they have.

Re:Oh for fucks sake, people.

[Sansavarous]

The microphone turns on when you first turn on the TV to listen to initial commands, then it turns off.

I have a Samsung UHD tv, I declined the voice TOS hope that's enough.

Re:Oh for fucks sake, people.

[antdude]

How do you know it won't turn on by itself or remotely?

Re:Oh for fucks sake, people.

Samsung is ouuuur friiiend!!!!

Re:Oh for fucks sake, people.

[ShaunC]

The microphone on the TV stays off until you command it to listen.

Five years ago, I probably would have believed this. Hell, two years ago I might have bought it. But after the revelations of June 2013, I don't trust claims like "the microphone stays off until you command it to listen" any more than I believe "no, the NSA does not collect data about millions of Americans" or "we at Lenovo thought consumers would enjoy ads injected into their SSL sessions."

Trusted by default is done, thanks to overzealous advertisers and overzealous governments. That goose is cooked, go find a fork. Everything is suspect, now. Engineer accordingly.

Re:Oh for fucks sake, people.

The mic is located on the battery-powered remote. If the mic were on 24/7 you would probably get very little battery life.

Consumer Co-ops

[ThatsNotPudding]

We need a sort of Kickstarter for consumer goods, such as "Okay, we want a tv / laptop / cell phone with these agreed-upon specs and we get all access to firmware / bios / baseband, etc." Once an effective number of folks 'buy-in", the group takes their big wad of sweaty cash to a Taiwanese contract manufacturer and a run of the product is made. AFTER the product and code is inspected for any corporate / governmental tampering, the product is shipped (with an option for the purchasers to pick it up directly to avoid the NSA shipping intercepts).

Re:Consumer Co-ops

[ArcadeMan]

You can already buy a regular, not-smart TV everywhere. It's called a computer monitor.

Re:Consumer Co-ops

I was gladdened to hear your news, until I realized that it is EXCEEDINGLY hard to change channels on this thing!

Re:Consumer Co-ops

The fact the people have to consider resorting to ideas like this makes me want to puke hammers and sickles. So maybe this would work for a day until we forget the part where corporate / governmental "customers" will also buy your consumer-love-child as well. Except, they may have the intent of finding all of the beautiful backdoors to exploit - or to just simply become your products ISP. And why not? The problem isn't in the manufacturing of the goods. The problem is that the attack on privacy has been blessed at the highest levels.

"But comrade, perhaps we can go to the homes of every person who signs up for the co-op TV and we interview them thoroughly to make determination if they are planning to usurp our kind consumer goods movement...only then can they be on the list to receive the TV"

Re:Consumer Co-ops

[ArcadeMan]

You don't have an external box for that?

Re:Who cares?

[coofercat]

I know you're A/C and so have a lower bar of thinking to reach than the rest of us, but it amazes me that you can't see the problem here.

You live in a neighbourhood, that presumably you chose and like. You presumably know your neighbours, at least vaguely. This TV (with the feature enabled, and if it's buggy, without the feature enabled) means you're now living in some shithole backwater in Elbonia where some geeks are using what you say for nefarious purposes. You're also living next door to the NSA, GCHQ, whomever the KGB turned into, and countless others - in fact, you have no way of ever knowing who you "neighbours" are.

Programmers don't need to know encryption!

Why would knowledge of encryption be a requirement during a job interview for a programming position? Programmers shouldn't be expected to understand encryption!

Incompetence and cost/benefit

[sjbe]

I wonder if it's perhaps an engineer-type mentality that gets so focused on building cool new things, they just don't stop to think about how those new things can be abused or exploited to do bad things.

It's partly that. It's also very likely to be a significant amount of incompetence. I am an engineer and run a contract manufacturing company. We build wire harnesses and our customers provide the technical details for the product to be built. I've been doing this for many years now and I can count on my fingers the number of drawings that I've received that could be built solely from the documentation provided. This means that a LOT of engineers are wildly incompetent at writing engineering documentations which is >50% of their job for most of them.

I guess engineers don't typically think like baddies, figuring out how to use technology to hurt people or steal from them.

Not only do they not think like baddies, they often don't bother to consult with those who do. Furthermore even if they did think about it it wouldn't surprise me if a cost/benefit analysis was done which drove the engineers and/or management to not bother. Encryption done right is hard and it doesn't result in a single additional sale for most products. Nobody buys a TV wondering how good the encryption on it is. Maybe now they will but it just hasn't been on anyone's radar to this point so why would we expect the companies making the products to worry about it even if they should have?

Trust no one

[sjbe]

I've been steering everyone I know away from Sony products for more than a decade now, and what I suggest when they ask what brand they can trust I have always told them Samsung.

Genuinely not being snarky but why? What has Samsung ever done that would lead you to believe they would be a brand you could/should trust more than Sony? Just because they haven't really stepped in a big pile of #2 until now is evidence of nothing. Sure Sony has done some truly stupid shit but Samsung has really only been a big name in computer products for the last few years. I don't think they are in any way more trustworthy, they just haven't had time for their sins to float to the surface yet.

I ask you, is there any major brand who are on the side of consumer/customer privacy out there anymore?

I'm not aware of any that ever were unfortunately.

Actions not words

[sjbe]

If all they have to do is say "oh, gee, we're not really sorry" and have no consequences, this will keep happening.

This is something that has come up in our culture lately. It seems no mater how bad the offense, all the media wants is some sort of apology and somehow that makes it acceptable. There are no further consequences which boggles my mind. Sometimes an apology is not sufficient. What we should really care about is what did they DO to make things right. I could give a shit whether they apologize or not. Fix it and I'll forgive. What is said means nothing.

Which is precisely why you should assume any piece of consumer electronics which wants to connect to the internet was pushed out the door by lazy, incompetent, greedy bastards who bear no legal penalty for screwing up on security and privacy.

Preach on brother. This is absolutely correct.

Where?

[sjbe]

You can already buy a regular, not-smart TV everywhere. It's called a computer monitor.

Really? I can buy a 60" computer monitor that can change channels, has 4 inputs and sound and comes with a remote for less than $700? Please tell me where I can find this fantastic buy...

Oh that's right, not available for reasonable prices anywhere...

Re:Where?

[ArcadeMan]

Not everyone wants a TV this huge, not everyone uses "channels" anymore (this is Slashdot, you should have dropped cable/satellite years ago and be using an AppleTV/FireTV/etc by now), headphones/external speakers are usually better than the low-fi audio in a thin TV set and you don't need a TV remote without built-inchannels/built-in audio, you use the remote of your set-top box instead.

Stupid functionality

[phorm]

So if you've got the remote, and have to push the button anyway, why not tap in "77" to change the channel rather than using voice commands.

Yes, I realize voice commands can do other things, but what are they really useful for?

What third party are they sending data to?

[ezelkow1]

The other issue that they may be facing is that they are not in control of the text to speech aspect. There are a couple vendors out there that provide this functionality, nuance being one of the large players, and most of them work in this manner with some sort of xml/json and a binary blob of the pcm data. If the vendor they are using does not support encrypted data on the server end, then there isnt much samsung can do besides going and finding one that does

What "textual rendition"

[SuperKendall]

Do you mean on the return trip (which I wasn't sure he had monitored)? The outbound is audio-blob only.

It does seem likely though the return data would not be HTTPS either since the connection was never established... but it could still be encrypted.

Very doubtful though or they would have just used HTTS you would think and saved a lot of bother.

Wiretapping Laws?

Is it possible, or even likely, that this runs afoul or recording or wiretapping laws that require two-party consent?

I don't plan

on EVER buying a TV set with a camera and microphone built in. The only purpose these could possibly serve in a TV set is to spy on those watching it. Anyone who thinks at all does NOT want to be spied upon by the things that they buy. This Internet of Things crap has laready gone Way Way too far, and needs be be killed now! George Orwell's 1984 is already here, there is no need to make things worse!!!

Goodbye Razor of Hanlon

[WaffleMonster]

I suppose this makes sense. If you select port 80 it is more likely to be noticed or more likely to be intercepted and or mangled by proxies and AG's making it difficult to transport non- HTTP data streams.

Port 443 would best allow for unmolested arbitrary stream while remaining most unlikely to be filtered.

The rest I can't explain... is there really such a big ass market for ads and data justifying such behavior or is some of this at least partially being "subsidized" by state actors? The mindset and thinking not just of Samsung but of growing numbers of vendors strikes me as both disgusting and unsustainable.

Criminal, right?

[chuckugly]

In some States isn't it criminal to listen in on people without them all being informed? In California for instance both parties of a phone convo have to be informed of the recording. How does my Mom know she's being recorded in my living room?

Re:Criminal, right?

Pushing a button labeled "Voice" probably counts as informed consent. No one has produced any evidence that the TV is listening in on people other than when they push this button. The mic is located on the remote as well, so it would be impractical to leave it running 24/7.

but thats wrong

[johncandale]

but thats wrong. go google news and set the limit to the last 10 days.