Last week, the world collectively freaked out when we learned that Samsung’s smart TVs can take things that we say in our living rooms and uploads them to a third-party transcription service. The gadget-maker tried to calm us all down by explaining how the service works, but there’s a problem: people may have assumed that data is encrypted. It’s not.
In their blog post explaining how transcription works, Samsung assured the public that the company “takes consumer privacy very seriously,” and that they use “industry-standard security safeguards and practices, including data encryption, to secure consumers’ personal information and prevent unauthorized collection or use.” Many people understood this to mean that the voice data and transcribed text sent to and from smart TVs is always encrypted, but that doesn’t seem to be the case. Perhaps “we encrypt consumer data” is true, but doesn’t include smart TVs.
We know this because a security researcher in the U.K. spent some time yelling at a Samsung smart television while monitoring the traffic going back and forth from the remote transcription service. Here is what he saw being sent to Nuance, that third-party service:
That’s most likely audio data, but the important thing is that information about the device’s MAC address and operating system isn’t concealed in any way. The service sends back what it thinks the speaker said in plain text.
What danger does this pose? As things stand right now, none. The TV only listens when you tell it to, either by saying “Hi TV” or some other preset phrase, or by pressing a button on the remote control. The problem is that it could become a problem if what Lodge calls “rogue firmware” infected the TV, perhaps listening in to your conversations all the time or sending your data somewhere nefarious.
IS YOUR SAMSUNG TV LISTENING TO YOU? [Pen Test Partners]
by Laura Northrup via Consumerist
No hay comentarios:
Publicar un comentario