Smart television is a very mesmerizing novelty that Samsung succeeded in making famous especially with the help of its latest Samsung Smart TV. There have been a lot of problems with the voice command feature that is actually meant to create a unique and incredible TV experience. People who have bought the TV have had problems understanding why their voice command is recorded in order to be given to a third party. Is it legal, where happens to it, who gets to listen to it? Samsung has stated that the recording and the listening to the commands helps the company understand if there are any flaws in the system that they have created and if they need to improve anything.
Unfortunately, the third parties are not only the caring eye of Samsung, just like people suspected. A recent study shows that the voice data from Samsung lacks encryption and it may be open to hackers. In other words, the TV puts the security of the users in danger; because someone on the other line could hear something they shouldn’t and use it for their own interest. The information about the hacking has been provided by the Pen Test Partners, a United Kingdom-based business security company from Buckingham. David Lodge is one of the researchers that wanted to get deeper into the problem and see how the smart TV shares its data. The results that he found haven’t been positive.
The TV begins listening only when its user initiates something that might resemble a conversation, for instance “Hi, TV”. The voice recognition process begins and it doesn’t record simple commands, like adjusting the volume or changing the channel. However, more complex commands are recorded and sent to Nuance the third party voice recognition service for Samsung. As an example, an experiment has been done by David Lodge, who has asked his smart TV to look up online the word Samsung. This lead him to different possibilities of voice commands that are being sent to Nuance servers. And here’s the catch: they don’t travel securely to Nuance, because on the way it doesn’t use a secure HTTPS protocol. The worse news is that it doesn’t use HTTP at all, in the process. A troubled combination between XML and binary data that lacks SSL description is sending the voice data to Nuance. A talented hacker could intercept the data on the way, as well as a Lodge researcher did it several times to prove this certain theory. The only thing that one or the other would need is having access to the smart TV a user and his home network credentials.
In a world full of cyber criminals, all this information could lead to important changes in the way ordinary people see the evolution in technology and how it is being treated in the media worldwide.
Image Source: Trend Land