The telly only records what’s said in front of it after the wake-up command, such as “Hi TV”, is spoken – so it’s not recording all the time. This could change in a future firmware update, Lodge points out, but for now this is reassuring.
However, recorded voice commands are sometimes sent as encoded audio to an outside organization for processing – this applies to any commands more complex than, say, changing the volume. For example, spoken web search requests are piped to a company called Nuance to analyze and turn into query results sent back to the TVs.
A specific server receives data from the televisions in plaintext, and replies with unencrypted responses; for those itching to firewall off access, it is:
av.nvc.enGB.nuancemobility.net 208.94.122.45
The information is sent over port 443, normally used for TLS-secured HTTPS connections and typically not firewalled off. The stream is not encrypted, Lodge said. This allows a man-in-the-middle in the network to eavesdrop on the data and tamper with it.