Samsung Smart TVs Don't Encrypt the Voice Data They Collect

itwbennett writes A week ago, the revelation that Samsung collects words spoken by consumers when they use the voice recognition feature in their smart TVs enraged privacy advocates, since according to Samsung's own privacy policy those words can in some cases include personal or sensitive information. Following the incident, David Lodge, a researcher with a U.K.-based security firm called Pen Test Partners, intercepted and analyzed the Internet traffic generated by a Samsung smart TV and found that Samsung does send captured voice data to a remote server using a connection on port 443, a port typically associated with encrypted HTTPS, but that the data was not encrypted. "It's not even HTTP data, it's a mix of XML and some custom binary data packet," said Lodge in a blog post.

New term

[SuperKendall]

I think we need a new term for something like this - security through stupidity.

Obscurity means that something is non-obvious enough that it takes work to uncover it.

Stupidity is where the way something is done is so stupid it makes you keep checking for something else going on.

To be fair though, if he just knows the speech captured is a blob of binary data sent but not the format how does he know THAT's not encrypted?

Good enough

"It's not even HTTP data, it's a mix of XML and some custom binary data packet,"

Well, XML is more or less unreadable. That is as close to a one way encryption any commercial company will get.

Re:Out Sonying Sony?

[hcs_$reboot]

is there any major brand who are on the side of consumer/customer privacy out there anymore?

Google.