“Samsung SmartTV transmits data to a third party, be aware that if your spoken words include personal or other sensitive information.” I wrote in my previous post.
Another discovery is concerning the owner of Samsung smartTVs, the devices, in fact, send users’ voice searches and data over the internet unencrypted, this means that a bad actor could snoop it. The Samsung SmartTV also sends other information about the TV and user without encryption.
When a user sends a vocal command to make a search on the Internet using the Samsung smartTV, the audio is sent across the internet to a voice recognition service that interprets the speech and return the results via the TV display. Samsung uses the voice recognition system developed by the company Nuance to interpret voice command sent by the users.
A security researcher discovered that, both the audio command and the text results returned aren’t encrypted. As a consequence, an attacker can snoop on user’s voice and intercept text.
The Security researcher David Lodge from Pen Test Partners tested a Samsung UE46ES8000 smartTV and discovered that
“What we can see is it sending a load of information over the wire about the TV, I can see its MAC address and the version of the OS in use. After the word buffer_id is a load of binary data, which looks audio-ish.” wrote Lodge in a blog post. “You can make out that it thinks I’ve said either Samsung, Samson or Samsong” .
A hacker could be able to spy on Samsung SmartTV user by accessing to its Wireless Lan traffic, but the security issues open the doors also to surveillance activities that could be operated by persistent attackers (e.g. Intelligence agencies) that could access user traffic directly from internet service providers or with access to the Internet backbones.
Stay Tuned for further information …
(Security Affairs – privacy , Samsung SmartTV)