Breaking News Technology

Samsung Sending Smart TV Customers’ Unecrypted Voice Data Over Web

Samsung’s Smart TVs are not only listening to what its users says, they are uploading the words to the Internet in an unencrypted form, granting hackers access to customers’ activities, a security expert has found.

After testing Samsung’s UE46ES8000 model from 2012 — which is still available to buy — U.K. security expert David Lodge of Pen Test Partners discovered the device was uploading unencrypted audio files of his voice commands to third-party service provider Nuance Communications.

Nuance, the voice recognition specialist Samsung uses to enable its Voice Recognition system to work on its Smart TVs, was also receiving unencrypted information about the TV, such as its media access control (MAC) address, which can be used to identify the user’s location.

“The potential for a rogue firmware update enabling ‘snooping’ is significant,” Lodge wrote in a blog post. “There’s plenty to suggest that interesting data is making its way on to the interwebs from your TV. Come on Samsung, how about at least protecting it with SSL?”

Lodge’s discovery comes on the heels of the uproar that occurred earlier this month over Samsung’s privacy policy.

Samsung edited its privacy policy last week in a bid to clarify that its televisions do not really listen in on viewers’ conversations after the story broke that the voice recognition capabilities in its Smart TVs was violating users’ privacy.

The hubbub started after the Daily Beast spotted this in Samsung’s original privacy policy:  “Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of Voice Recognition.”

Samsung denied that its TVs were eavesdropping on customers, saying that voice recognitions functions are only transmitted when the user makes a specific search request to the Smart TV by clicking the activation button either on the remote control or on the screen and speaking into the microphone on the remote control.

While Lodge confirms the TVs only listen to users after they have activated the voice recognition and give the device demands, he said the ability is there for eavesdropping to occur.

“So. Does it listen to you?” he wrote. “The answer, I can say in my brief period of messing around is, not unless you ask it to. This doesn’t mean it can’t and doesn’t mean that it won’t on the next firmware update, just at the moment it only listens to audio when you say ‘Hi TV’.”

About the author


Jennifer Cowan

Jennifer Cowan is the Managing Editor for SiteProNews.