The trend for ‘smart’ devices hasn’t stopped at phones, thermostats and smoke detectors. Even your TV is ‘smart’ now, boasting all kinds of functionality that hasn’t been seen before, including third-party applications and Internet TV. But a feature in the latest Samsung TVs has put the Korean giant in a bit of hot water.
It turns out they’ve been listening to everything you’ve been saying in front of them, and people are rightly furious.
Watching Me, Watching You
It’s worth stressing that not every Samsung TV is affected; only the ones which can support voice commands. If your Idiot Box has a big Cathode Ray Tube, or was bought in the 1980s, you don’t have much to be worried about. But if you bought your smart TV recently, you should probably pay close attention.
Some of the newer devices allow you to control your TV by speaking to it. These voice commands are sent to a third party – almost certainly Nuance, the makers of Dragon Naturally Speaking and Dragon Dictate, and one of the largest voice recognition software companies – for processing.
“Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party,”
Translated from legalese, this means that should you decide to control your TV with your voice, anything it hears will be transmitted and processed too.
Obviously, this is quite concerning; scary, even. Especially considering that Samsung have explicitly disavowed responsibility for any breaches of user data that occur at one of these third-parties (emphasis ours).
“Please note that when you watch a video or access applications or content provided by a third-party, that provider may collect or receive information about your SmartTV (e.g., its IP address and device identifiers), the requested transaction (e.g., your request to buy or rent the video), and your use of the application or service. Samsung is not responsible for these providers’ privacy or security practices.“
Straight Out Of Orwell
The nightmarishly dystopian classic 1984, by George Orwell, envisioned a world where every thought and utterance was observed and noted by the omniscient (and omnipresent) Big Brother, who was the figurehead of the expansive empire of Oceania.
One of the main tools of surveillance used by Big Brother was called the Telescreen, which both pumped out propaganda, whilst simultaneously observing the viewers. Predictably, many people have underlined the similarities between the canon of Orwell, and Samsung’s latest smart TVs.
But that’s not the only reason why so many people are spooked by the privacy breach these TVs pose.
To say that the wounds from the Snowden revelations haven’t quite healed would be putting it mildly. The disclosure that the British and American governments had been (and are still) surveilling their subjects through their relationships with major Internet companies shocked many, and shook trust in government security institutions, as well as the likes of Google, Facebook and Twitter.
There’s now an unprecedented understanding of how intimately governments can use social media and internet data as tools of surveillance, and understandably many people are worried that governments will be able to use these TVs as surveillance devices.
Members of the security community I’ve spoken to have also raised concerns that these networked TVs could be hacked, exposing their users to a variety of risks. Samsung have had a checkered past when it comes to security matters.
In 2014, the developers of Replicant (a fully free/libre version of Android) discovered a backdoor that is distributed on the modem firmware of the Samsung Galaxy line. The backdoor, which was detailed on this blog post, allowed a remote attacker to read, modify, and delete files that were stored on the device.
It is, however, worth noting that the existence of such a backdoor was strenuously denied by Samsung, as well as other members of the security community.
What Do The Experts Say?
In researching this piece, I spoke to a number of security and privacy expects, all of whom expressed severe concerns with this technology.
Manuel Leithner, Security and Dev SpecOps Engineer at Austrian employment startup watchado.at had this to say:
“So far, we understand that it’s only activated when the remote is pressed. This is good for the regular user, but also very much open to abuse. Think about the possibility of someone pressing that button from outside the house, and just keeping it pressed, or the technical equivalent of that.”
Manuel also expressed concerns about the presence of a backdoor in Samsung’s Smart TVs.
“It’s also absolutely not impossible that there are remote commands built into the TV that would then activate voice recognition. Especially considering that Samsung actually did have a backdoor in one of their Galaxy phones”
Aral Balkan, founder of the ind.ie project, was a little bit less reserved and saliently pointed out that Samsung spying on their users is significantly more sinister when you consider the history of the company, and their ties to the police and military.
“So the Samsung TV you bought spies on you in your own home. So what? Were you out in the streets protesting when LG pioneered the practice two years ago? Do you care that a company that also makes tanks for militaries and supplies the police listens to every word you utter in your own home? You do? Good. Because it really is about time that you did. It’s time we all started making some noise and demanding that our right to privacy is protected if we don’t want to lose our fundamental freedoms to the faceless multinational corporations that produce our shiny toys.”
Security blogger Javvad Malik also threw in his two cents about the added security risks to the consumer that this speech recognition technology poses.
“Anything that can connect to the internet and has the ability to see or hear you, determine your location, heart rate, health or any other factor can become a privacy nightmare. Whilst the functionality these TV’s are providing are no different from voice-enabled functions you find in smartphones – concerns around security of these devices are legitimate. We’ve seen instances where attackers have been able to gain control over home CCTV cameras, cars and even baby monitors.
Malik even goes so far as to deal an argument-settling parthian shot:
“Just like scientists in Jurassic Park, companies are so focussed on whether they can cram additional functionality into products, they don’t stop to think if they should.”
Is This The Future Of TVs?
I certainly hope not.
But simultaneously, I know that there’s been an upward trend for previously un-networked devices to become ‘smart devices’. Many of these ‘smart devices’ use voice recognition as a way to facilitate ‘buttonless’ use. Although convenient, it’s important to remember that these technologies can easily be used against us, and we should be wary of them.
But what do you think? Leave me a comment below, and we’ll chat.