Samsung’s spying smart TVs don’t encrypt voice recordings sent over the internet

The telly only records what’s said in front of it after the wake-up command, such as “Hi TV”, is spoken – so it’s not recording all the time. This could change in a future firmware update, Lodge points out, but for now this is reassuring.

However, recorded voice commands are sometimes sent as encoded audio to an outside organization for processing – this applies to any commands more complex than, say, changing the volume. For example, spoken web search requests are piped to a company called Nuance to analyze and turn into query results sent back to the TVs.

A specific server receives data from the televisions in plaintext, and replies with unencrypted responses; for those itching to firewall off access, it is:
The information is sent over port 443, normally used for TLS-secured HTTPS connections and typically not firewalled off. The stream is not encrypted, Lodge said. This allows a man-in-the-middle in the network to eavesdrop on the data and tamper with it.

Link (The Register)

Leave a Reply

Your email address will not be published. Required fields are marked *

three × two =