Samsung Smart TVs Don't Encrypt the Voice Data They Collect

← Back to Stories (view on slashdot.org)

Samsung Smart TVs Don't Encrypt the Voice Data They Collect

Posted by samzenpus on Wednesday February 18, 2015 @08:08PM from the even-worse dept.

itwbennett writes A week ago, the revelation that Samsung collects words spoken by consumers when they use the voice recognition feature in their smart TVs enraged privacy advocates, since according to Samsung's own privacy policy those words can in some cases include personal or sensitive information. Following the incident, David Lodge, a researcher with a U.K.-based security firm called Pen Test Partners, intercepted and analyzed the Internet traffic generated by a Samsung smart TV and found that Samsung does send captured voice data to a remote server using a connection on port 443, a port typically associated with encrypted HTTPS, but that the data was not encrypted. "It's not even HTTP data, it's a mix of XML and some custom binary data packet," said Lodge in a blog post.

2 of 153 comments (clear)

Min score:

Reason:

Sort:

Re:Out Sonying Sony? by sectokia · 2015-02-18 21:54 · Score: 3, Informative

I'd actually say apple. Security failures are a pretty big deal for them. They make money though a walled system and hardware. Everything is encrypted. Heck... when my mac boots up off its firmware and goes to download the operating system from apple, even that is encrypted https.
Re:So turn the mic off.. by Racemaniac · 2015-02-18 22:43 · Score: 5, Informative

It's even better than this, the mic apparantly is only on when you press the voice command button to make the tv listen to a voice command. The mic is only on for a short period when you ask it explicitly. Then it sends whatever you said to the speech recognition server (just like every other speech recognition system atm), and the tv will get an answer as to what it's supposed to do.
The reason they have this in their terms and conditions is because the tv doesn't know what it'll send when you push that button, so it could be personal information. They're just covering their asses. And i would never use such a system, but i'm wondering what the big value is of encrypting data that would probably just contain someone saying "channel 77" or whatever the voice commands like that are.
This is just a lot of fuss about nothing, and a lot of people complaining because the summary makes it sound far worse than it actually is...
The first article was ridiculous. Ofcourse the voice commands get sent to a third party service. That's also how siri and whatever other such systems exist work. And it's not always on, you have to request it via the remote. So there's no privacy implication at all... It's just covering their asses.
And now it's that this data, which is very very unlikely to be sensitive isn't encrypted. If the hackers want to hear people name channels and other commands from the users of said tv's... good for them.