“Samsung SmartTV transmits data to a third party, be aware that if your spoken words include personal or other sensitive information.” I wrote in my previous post.
Another discovery is concerning the owner of Samsung smartTVs, the devices, in fact, send users’ voice searches and data over the internet unencrypted, this means that a bad actor could snoop it. The Samsung SmartTV also sends other information about the TV and user without encryption.
When a user sends a vocal command to make a search on the Internet using the Samsung smartTV, the audio is sent across the internet to a voice recognition service that interprets the speech and return the results via the TV display. Samsung uses the voice recognition system developed by the company Nuance to interpret voice command sent by the users.
A security researcher discovered that, both the audio command and the text results returned aren’t encrypted. As a consequence, an attacker can snoop on user’s voice and intercept text.
The Security researcher David Lodge from Pen Test Partners tested a Samsung UE46ES8000 smartTV and discovered that
“What we can see is it sending a load of information over the wire about the TV, I can see its MAC address and the version of the OS in use. After the word buffer_id is a load of binary data, which looks audio-ish.” wrote Lodge in a blog post. “You can make out that it thinks I’ve said either Samsung, Samson or Samsong” .
A hacker could be able to spy on Samsung SmartTV user by accessing to its Wireless Lan traffic, but the security issues open the doors also to surveillance activities that could be operated by persistent attackers (e.g. Intelligence agencies) that could access user traffic directly from internet service providers or with access to the Internet backbones.
Stay Tuned for further information …
(Security Affairs – privacy , Samsung SmartTV)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.