SEOUL: Samsung’s smart TVs are in the news once again. Not for impressive sales figures something the South Korean technology conglomerate would definitely appreciate but for jeopardizing its users’ privacy.
Last week, the good folks at The Daily Beast dug through the company’s policy page to find that Samsung smart TVs were orchestrated to record everything users say and send them back to the company, which was later sent to an unidentified third-party player.
This could be a major issue to many, as not all of the users would be comfortable with the fact that all the conversations they have in front and around TV set are being analyzed by someone. The company, however, assured that all the recording was done to make its voice recognition technology better.
The company had publicly acknowledged that it was indeed logging users’ activity and voice commands (do note in the company’s defence, the privacy policy is also publicly available). The company also noted that “these functions [voice tapping] are enabled only when users agree to the separate Samsung Privacy Policy and Terms of Use regarding this function when initially setting up the TV”. The company further noted that users’ data was fully encrypted as part of the industry-standard measures it takes.
But now users are learning that the data which Samsung gleans from its Smart TVs is not encrypted. Ken Munro and David Lodge, from the London-based Pen Test Partners tested one of Samsung’s smart TVs to discover that the TV was uploading audio files in an unencrypted form. The finding further reveals that a transcribed copy of what had been said when beamed back to the TV (letting the TV act on the commands) was also in an unencrypted form for any hacker to decode.
“Intercepting those communications could be done over Wi-Fi by neighbours and/or hackers outside users house, if they use the wireless feature of the TV to hook up to the internet”, tells Mr. Munro to BBC. “It could also be carried out by users ISP, and by anyone else that has access to internet backbones. I’m thinking governments, law enforcement. This is an easy problem to solve. The communications should be encrypted using SSL just like other sensitive internet communications are”.
Samsung has yet again acknowledged the issue and assures that it plans to fix it soon. “Samsung takes consumer privacy very seriously and our products are designed with privacy in mind”, the company said in a statement.