I recently collected a bug bounty from Samsung on a crypto implementation flaw I found in some of their software. The fix is still being rolled out and given the impact I'm not going to disclose right now, rather I'll let Samsung handle that when the time is right. Anyway, the team at Samsung was responsive and they seemed like they genuinely cared about security. However, based on what I've seen in their products and those from their competitors the first thing I would do is pen-test the voice recognition feature, then turn it off no matter the outcome. The fact is, if it must communicate with a back-end server to work, then it becomes incredibly hard to lock the solution down. Even if the TV is properly validating the public cert of the server when doing the TLS handshake, there's got to be a mechanism on the TV for updating the trusted root store because at the end of the day, certs need to expire and thus must be updated. On a few non Samsung smart TV's I've looked at over the years, updating the trusted root store on the TV is as "easy" as man in the middling (MitM) the network the TV is on so that web traffic goes to a site I own which has a link to the my.cer root CA that I generated and am using in my TLS MitM solution. From there I just bring up the web browser on the TV, click on the my.cer link and go through the prompts to install the root CA. After that point all traffic from the TV can be decrypted on the wire.
Now it is fair to say that the attack I just described requires the ability to MitM the network and have physical access to the device, however, remember that these TV's use an IR remote & all an attacker needs is visual access to the TV. If it can be seen through a window it can be controlled through a window and these things typically don't require a password to modify the WiFi settings. Some smart TVs also have proxy settings which again, typically don't require a password to modify.
Given what I just covered, think hotel. From a risk perspective that's what I'd be most worried about. I wonder how many are installing smart TVs with voice recognition? For all other scenarios basically the situation in many cases on the ground is that you are secure because no one is targeting you. In the case of a hotel, someone could be targeting everyone. Such an attack could prove valuable, especially if done in executive suites near financial centers.
Wow. This combined with the fact that economic espionage has been receiving state sponsorship for a long time now is kind of unsettling. Cell phones are bad enough, but TVs...and really anything else that can use voice control (alarm clocks are my personal favorite) could be huge for spies.
Also imagine how many companies are going to eventually purchase these for their conference rooms. I imagine some already have. In pen tests my team always considers how to hide bugs, mostly wireless keyboard sniffers & network taps these days. These TVs offer the ability to hide in plain sight and with no out of pocket expense beyond paying Amazon for a cloud service to run a proxy.
It depends. If the target is a high security facility that happens to have periodic bug & unauthorized WiFi sweeps this could be a great side-channel vector which could go unnoticed. Of course I'd hope the management of such a facility would know better than to put a smart TV in a conference room, let alone hook it up to the network but honestly nothing surprises me anymore. I've seen older smart TVs in secure areas not connected to the network, but within a hands reach of a network port.
That seems like a rather specialized worry since your average hotel isn't going to do any of this? It seems like you might as well go for a walk in a park to have any real conversation.
> I wonder how many are installing smart TVs with voice recognition?
Most of the hotels I've been to have stripped-down TVs (special Samsung and Panasonic models seem to be the most common). That could change, of course.
Why go through all that trouble when you can just put a microphone in a smoke detector? That has been possible for decades, yet how often has it been done to people who are low-profile targets?
I was telling a friend, I wonder if samsung are listening to our private conversation via their smart TV, when they said "no we are not, don't worry!" via the speakers. Which was reassuring. Oh wait....
It seems to me that, if you have one of these, you live in a two-party consent state (e.g. California), and you invite a guest who hasn't clicked the EULA over, then someone is committing felony wiretapping.
I would love to see a TV vendor prosecuted for this.
These things are going to be purchased by hotels. If the hotel does turn off the feature, it won't likely be protected by a password and if it is, there are likely going to be too many hotel staff who will know what it is to make it an effective security control. Given other features, aka., vulnerabilities within the TV environment, things could get interesting. I posted a longer reply to this main thread which covers that a bit more in detail.
IMO there is no expectation of privacy with email. Maybe only false expectation. If you go into someone's home and take part in private discussions, you probably don't anticipate being recording in any manner.
I actually think there is a reasonable expectation to privacy, and that most people, from senators to elementary school teachers, believe that email is technically secure, meaning that "normal people" could not read their email even if they wanted to, at least not without resorting to "hacking" or "spying".
In fact, one might say that email is more secure than normal mail, because normal mail doesn't have a password and is default delivered to a publicly accessible mailbox. If a neighbor wishes to invade your privacy via your email, how do they do so? Probably by entering your password somehow. If that person wants to steal your physical mail, how do they do so? By walking up to your mailbox when nobody is looking.
Also, email at least has a very plausible chance of being encrypted; even if you don't know what that means, your workplace may be doing it for you. But companies, including financial or accountancy firms, don't encrypt physical email to their customers.
I think most reasonable people have the belief that email is safer than mail, and in 2015 I think they might be right.
At least under the 4th amendment, expectation of privacy must be objectively reasonable, not subjective. I.e. If everyone is misinformed about how email is sent around in plain text, and expect privacy out of ignorance, then that belief can be objectively unreasonable even if it's widely held.
Where did you get that information? From Wikipedia? Could you put the paragraph + link here so I can find it? I ask only because I looked it up myself and couldn't find that reasonable expectation to privacy solely hinges on the actual objective reality of the situation; instead there are also subjective considerations.
And even the definition of "objective" in "expectation to privacy" is what general society holds to be true -- it doesn't speak to demonstrating reality of privacy.
But then the 4h means nothing! Any communication that can technically be eavesdropped is "onbjectively" not private. So where is there a legal expectation of privacy?
It's completely based on precedent (i.e. court rulings). According to Wikipedia [http://en.wikipedia.org/wiki/Expectation_of_privacy] one appeals court has ruled that there is a reasonable expectation of privacy for e-mail, but that is something that the Supreme Court can overrule or not depending on what the Justices' personal take on the situation is.
Many people believe that the world is flat. Doesn't mean that it is.
There has never, ever been any expectation set that internet email is private. There have been many examples in the broader media that show how one might compromise email. Also, you have no way to assess the quality of the email service provider, network provider, or client environment.
Postal mail is more secure for 99% of the public for several reasons, including:
- A paper envelope is tamper-evident. My dad used to correspond with radio operators in the Warsaw Pact... envelope tampering was trivial for me to detect as a 5-year old.
- Stolen mail is stolen. You don't get the message. Detecting a pattern of missing mail is pretty easy.
- If you're not a police organization, tracking postal mail metadata is risky. Bystanders will notice somebody rifling through a mailbox every day. There really isn't a way to surveil outbound letters.
- It's a serious felony to tamper with mail. Linking physical mail theft to a perpetrator is pretty straightforward. Also, Postal Inspectors take mail integrity very seriously, sometimes too seriously. With electronic crimes, you probably have a 1/100 chance of finding a cop who understands your complaint AND has the means to do anything about it.
- It's much easier to implement physical security practices/procedures that keep secrets transmitted by mail secret than via digital means.
> There has never, ever been any expectation set that internet email is private.
When I send an email to somebody, I do expect that no human other than the recipient will read it, and that automated processes do not attempt to divulge meaning from its contents past that required for advertising (and that data is used for no reason other than advertising).
I expect that it might be read by the police with a warrant, as with anything else. I also expect that any post I send might be read by the police with a warrant - resealing an envelope is actually easy, and worst case scenario, they could simply use another envelope and copy the addresses and stamps, and I'd be none the wiser.
The technical ability to read my email has little/nothing to do with my expectation of privacy. Technically, someone could read all my mail with ease (it gets delivered to my apartment's hallway where anybody could pick it up), but I still expect that people will not do that. They could also read RF emissions from my apartment to figure out what I'm typing just now, and IIRC that's a violation of privacy.
I get it, it's 2015 and paper mail feels old hat. So waving away and dismissing concerns about the vulnerability of email feels like the right thing.
Do you affirmatively know that every email that you've ever sent isn't an account managed by a third party (like an employer) whom the recipient has ceded (or shares) control of their mailbox to?
Any employer can trivially read email, and many do so routinely. Most people allow for the sharing of devices in the household... So the spouse and kids can probably access the computer pretty trivially. That's two trivial examples that doesn't involve spy stuff or conspiracy theory.
You cannot access postal mail without a warrant or physically stealing the mail. Once received, you can physically destroy or secure it.
> Do you affirmatively know that every email that you've ever sent isn't an account managed by a third party (like an employer) whom the recipient has ceded (or shares) control of their mailbox to?
They could also send my post to them off to a processor for whatever reason. When I give my personal details to my ISP, they could sell them to advertisers. I expect that they will not, and feel violated when they do.
> Any employer can trivially read email, and many do so routinely.
If I'm sending an email to a UK employee, they in fact cannot legally do so in the general case - doubly so if it's a personal email.
> So waving away and dismissing concerns about the vulnerability of email feels like the right thing.
No, but there's a point to be made that just because something is possible and easy does not mean it should be legal or even right, nor that people should expect it to happen. If it were something I really wanted kept secret, I'd encrypt it - but most things I email are, while not things I would necessarily want public, not life-destroyingly secret either.
I don't expect or want to be tracked everywhere I go in public either, but I don't wear a mask to ensure I can't be. On the other hand, perhaps I might want to do so in some circumstances because the stakes are higher.
There has never, ever been any expectation set that internet email is private
Most normal people believe, intuitively, that email is private. You need to enter a username and password to send it, and you need to do the same at the other end to read it. Prima facie private, like physical mail.
Sure, you may believe the corporation providing your email service could look at your text, but a delivery company could do the same thing to your physical mail; it's just harder (but not impossible) to read physical mail without evidence of tampering.
WRT legal definitions, everything is a bit woolier. Case law sets precedent, and precedent can be based on circumstances in the past that were different than today. People using email used to be more technical, more aware of how insecure the whole thing actually is without a lot of effort. And service providers have a vested interest in disclaiming legal liability for breach of privacy; they'd much rather the public believe things are private, but not have any legal expectation of privacy. That way, they get to have their cake and eat it.
But here's the thing. We're talking about a legal viewpoint called a "reasonable expectation". And unfortunately, if we did live in a time where many people believed in the flat earth theory, then yeah, they would be a reasonable person.
There will be a time when future generations laugh at our current popular scientific misconceptions, but until then, that counts as reasonable belief. We just don't have the benefit of retrospection to know which things are crazy ahead of time.
Also, I do believe that email should be private, but that is a separate discussion.
The original legal question is about wiretapping. Previous posters asserted that people think email is technically secure. My assertion is that someone with passing knowledge of the subject does not believe that to be true.
Only if your expectation is that mailing your thoughts on what amounts to a digital postcard that passes through dozens of hands before it arrives to the destination is private.
What I meant was that most people assume it is secure. I mean only a few % at most has any clue how email works. I suspect most of my colleagues who has been working as developers for decades don't know that email may pass through dozens of hands. Of course if you know how it works you know its not secure, but very few people knows how it works.
there is no expectation of privacy with email. Maybe only false expectation.
I'm not sure why this was voted down... not only has the Supreme Court said repeatedly that there's no expectation of privacy since you're trusting the information to a third party... but email isn't even transmitted securely.
If anyone expects their email to be private (and isn't using PGP or something), they have a false expectation of privacy. It's unfortunate that's the case, but that is reality.
Voice communications among common people have never been encrypted, yet have been the major class of privacy-protected communications for the 20th century.
> You may disable Voice Recognition data collection at any time by visiting the “settings” menu. However, this may prevent you from using all of the Voice Recognition features.
So, disable it. I don't understand everybody's fascination with voice recognition. I don't find it more convenient at all. I'd much rather just push a button. It's really not that complicated.
You're a technologically savvy person who keeps up with privacy news. At issue here is the precedent set: more and more devices by default transmit private information to third party servers without the knowledge of the users. Further, people who do not intend to be users (i.e., guests in a home with a SmartTV) suddenly are having their private information scooped up and stored without their consent. It requires a level of vigilance that not every person will have. Do I need to ask my host if they have a SmartTV with this function?
It used to be the case that a service would politely ask you whether or not they could collect data about you, and would provide the same service in both cases.
This option (to minimise data collection/retention) ought to be enshrined in law.
If you pay (or not) for a service, you should be able to get the service without the expectation of your personal and private data being harvested.
The TV could store a "wake up" word locally. The TV doesn't send any audio anywhere until you speak the wakeup word, at which point in beeps and a light flashes and then all audio is sent away to the cloud for processing.
Amazon Echo uses on-device keyword spotting to detect the wake word. When Amazon Echo detects the wake word, Amazon Echo streams audio to the Cloud, including a fraction of a second of audio before the wake word.
> including a fraction of a second of audio before the wake word.
Interesting that they are able to transmit audio-data that occurred prior to the wake word being said (in essence to transmit the wake word). Looks like Amazon is keen to redefine "collected" just like other groups are...
Because every time Amazon echo comes up, people always rush it "don't worry guys, it's not actually recording anything until it has to send to the cloud" and by Amazon's own admission, that's patently false.
I am indeed talking about the 1/2 second before. Even if it's 0.00001 seconds before the trigger word (I feel dirty saying that phrase), it's the technicality that I'm discussing. Once we allow those technicalities to slide, the truth is easier to bend and/or ignore. Reinforcing that PR/marketing is not an acceptable excuse to lie (even if it's a minor technical lie) is one of the few ways to prevent this sort of subtle-switcheroo.
> I am indeed talking about the 1/2 second before.
Then you are alone in this. Even amongst technological people, never mind the general public. This amount of time is perfectly reasonable.
> Once we allow those technicalities to slide, the truth is easier to bend and/or ignore.
No it doesn't. Slippery slope might be a valid argument in some places, but not here. You are overreacting.
> to prevent this sort of subtle-switcheroo.
There is no subtle switcheroo.
It's very very simple: It only sends audio when commanded to. That is the essence of the difference, and it's all that matters.
And don't tell me "next they'll send 1 hour of audio when triggered" because they won't. You are being ridiculous if you think that's where it's headed.
Taking outrageous positions like this just makes people ignore you.
> the trigger word (I feel dirty saying that phrase)
? Why? Does it have some special meaning I am not aware of?
While possible, this is not theoretically necessary, and I find this highly doubtful in practice.
What about the delay on each voice command as it pings the server? If it was generally the case that voice commands were sent remotely, I suggest usability would be 0.
Siri, and Cortana (iOS and WP8 voice recognition engines) both send the clip to a remote server to perform recognition.
There are many services that provide real time processing of large amounts of data on server cluster/farms, and more are coming. It is very much possible to perform large computations in almost real time in these situations, and you'd be surprised at how little latency people notice, particularly when there's no indication of what the actual number is.
It is genuinely comic when I see what kind of questions my non-technical friends ask Siri. I can't imagine the thought process of how Siri could put together the information from the ramblings of a person much less answer the query...
That doesn't add anything to this discussion. Siri is more than usable for a lot of things - I can set alarms, timers, and make calls without reaching for my phone. I'm not saying that it's revolutionary, but it definitely works.
From my point of view it did add significantly to the discussion.
I'm surprised to learn that people do use Siri in genuine situations, so thanks for your reply in that regard; although I still feel gratified that another commenter has the same experience that I do.
It is not theoretically necessary if the local unit has sufficient capacity, which it doesn't in most current implementations. Hence why most implementations of voice recognition in consumer hardware does send the clips off to remote servers for processing.
If you're on wired internet, if you aren't saturating your local network, if your provider isn't having any issues, if their servers are up, if there is no DNS delay or caching issues, if...
Relying on the internet for "real time" computation is a recipe for inconsistent behavior.
The fact that people are using these features of android and apple phones shows that it's 'good enough'. I frequently use it to issue navigation commands on my phone and it fails maybe 1 in 25 times. Well worth not typing in destinations when I want to go somewhere quickly.
Try a Fire TV box for a while. Search on devices without a keyboard is far easier with voice recognition.
I agree the fascination may be excessive, but there are a few legitimate use cases where it's not obnoxious (anyone within hearing will likely end up listening to the TV anyway, so presumably you have their acceptance for noise in the first place) and actually useful, and searching for stuff to watch is one.
Right now it isn't so useful, but once stuff like "put on that Wes Andersen movie where they ride on a train all the time" becomes useful, I see why voice might be preferred over a button, especially in China, where voice search already has a big share of all search.
But I agree. I'd much rather have a dumb tv and upgrade my attached boxes.
I get to choose box separate from screen. Means I can get a box with microphone if I trust the company, or one without if I dont.
What I don't like is paying for smart tv features that don't work or don't trust just to get a screen. Maybe the company that makes great screens make untrustable smart tv features, and maybe the open source smart tv of the future sits in a crappy screen.
More probably the smart tv features gets outdated before the screen.
I'm thinking it's quite handy for a quadriplegics, those with learning disabilities, children, elderly, arthritis sufferers, parkinson's sufferers, thalidomide sufferers, disable in general, etc... Just because it's not useful to you doesn't mean that it's not the number one feature in someone else's life.
Sure, I'm not saying it shouldn't exist. If it's a feature you want, then you need to accept the fact that it has to send data to a remote server in order for it to do the thing you want it to do. If you have concerns about privacy, then disable it. I don't see the point of all this hand-wringing about "OMG Samsung is spying on me!". Like there's somebody listening on the other end, waiting for you to start reciting your bank account info in the living room so they can pick it up, you know, like how people sit around in front of their TV doing that, right?
Well, I frequently see the people mentioned above, especially the elderly needing help with their phones or email or online banking, and giving their passwords to a trusted family member thinking that they are the only ones listening. So yea, it happens, a LOT. And big companies like Samsung and Sony never get hacked, right? MITM never happen, that's jus fantasy, right?
If that's a concern, you shouldn't use any online service at all. There's nothing special about voice command that makes it more susceptible to being hacked than every other service that you use every single day. In fact, it's a great deal more difficult, because now the attacker has to have an equally sophisticated voice recognition system at their disposal in order to interpret the intercepted data.
Besides, when they can hack the database itself and get a list of what they know to be passwords, why wouldn't they just do that instead of hacking a bunch of voice snippets and combing through them hoping to maybe find where somebody said a password. It's stupid.
These aren't even logical arguments. I've presented use cases where voice recognition may be the only feasible way to interact. Is a voice recognition server's security as secure as my banks? Seriously, I'm done arguing with someone who fails to rebut logical arguments and just doubles down on a fairly ignorant position.
If you're just going to make up your own things that I said, there's not really much point in me saying anything. How am I marginalizing anyone? I never said anything about voice recognition not existing or not being used. In order for it to work, it needs to transmit data to a server owned by the company providing the service. That's just a simple technological fact. If they're going to use it, they need to weigh what I think is a vanishingly small privacy risk against the benefits they get from the service. Just like you have to do for literally every online service in existence.
People can use the service and come to terms with that fact or they can not use it. If they choose not to use it, they need to live with the consequences of that decision. If it means they have no other way to access some service, then that's something they need to take into account. I can't think of any service in existence that can only be accessed by voice recognition instead of having an phone representative, physical branch, or other options. If you really, really need to access your bank account, there are plenty of options aside from speaking to your smart TV. Nobody is getting marginalized here.
>In fact, it's a great deal more difficult, because now the attacker has to have an equally sophisticated voice recognition system at their disposal in order to interpret the intercepted data.
Or you just pass the data to Siri or Cortana (or whatever microsoft is calling it). Protecting against hacking is defense in depth. If the database is well protected and monitored, attack the target that is not well protected and monitored.
I can think of at least a couple of situations where it could be useful. I've seen some people have an awful time using a remote in a darkened room. Also, free text search is useful when you are trying to search.
> So, disable it. I don't understand everybody's fascination with voice recognition. I don't find it more convenient at all.
If you have small children, it's incredibly handy. Even with Chrome, it's much easier to sneak in a quick click of a button & then say my query than to try to type it all out.
Here is the relevant part: "Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of Voice Recognition."
I think Amazon's Echo device is doing this the proper way, which "uses on-device keyword spotting to detect the wake word. When Echo detects the wake word, it lights up and streams audio to the cloud". It seems like a technical or design failure on Samsung's part to not feature similar functionality.
Also Google Now (for devices that are always listening for the "trigger word"), where your phone will make a very distinctive noise and pop up a screen to indicate that it's listening.
Pretty much the same thing that everyone else does:
"Echo uses on-device keyword spotting to detect the wake word. When Echo detects the wake word, it lights up and streams audio to the cloud, where we leverage the power of Amazon Web Services to recognize and respond to your request."
The article refers to the same thing being the difference that Samsung doesn't owns the Amazon/Microsoft/Google/IBM cloud where they run all the voice-recon algorithms.
"Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of Voice Recognition."
"Your SmartTV is equipped with a camera that enables certain advanced features, including the ability to control and interact with your TV with gestures and to use facial recognition technology to authenticate your Samsung Account on your TV."
We've come so far since Orwell's "telescreen" in "1984".
The telescreens in 1984 were two-way, it was mentioned in the scene with the exercise instructor :
"‘Smith!’ screamed the shrewish voice from the telescreen. ‘6079 Smith W.! Yes, YOU! Bend lower, please! You can do better than that. You’re not trying. Lower, please! THAT’S better, comrade. Now stand at ease, the whole squad, and watch me.’
A sudden hot sweat had broken out all over Winston’s body. His face remained completely inscrutable. Never show dismay! Never show resentment!"
Given that voice recognition is possible offline on a RaspberryPi Version 1 [1] I'm wonderung why they have to send the recorded audio to the cloud in the first place.
Cloud based versions work significantly better. They are able to put perhaps 10,000 times* more processing power into recognizing what you said. They are better able to deal with different people, background noise, and tick accents. When you are making a consumer device this is critical.
Android voice recognition can now be used offline[1]. You download the trained recognition model (which took much, much more than 10,000 times more processing power to train), and then it works without a network connection.
As far as networking is concerned, what should I google for separating a device like this onto its own internal private network? I have devices that I want to whitelist traffic for while not affecting other devices in my home.
I'm not sure how technical you are (this isn't a simple subject to implement), but I'd look into "managed switches" (to enable classifying traffic from specific ports, aka one the TV is plugged into), "VLANs" (what the switch uses to "segregate" traffic), "policy based firewall" (allow you to be explicit in what traffic is allowed or not, two examples you might look into being pfsense and mikrotik).
I actually have one of these TVs and the best thing you can do is just give it a static and then only whitelist certain data/ports on your ip fire/ of sense firewall.
When connected over wireless, something in the TVs networking stack crashes my entire wifi router too.
Some people have rooted them, which is what I was hoping for when I got it, but if you update to a new version and try to root it can brick.
Honestly, I think this conversation should be more about the right to control the devices we own more than just egregious privacy breaches. If we are to prevent such breaches from other manufacturers then what we need is the ability to control our devices. I have a quad core processor in my TV, but apparently if I don't want samsungs crappy proprietary OS and want to install Linux, too fucking bad for me. I think that's bullshit and needs to change.
I agree, reading your entire comment, you probably should have researched it more if your intention was to replace the factory OS image with one of your own. But it happens to all of us; I have a useless Motorola phone sitting on my desk because I naively thought "it's Android, it must be hackable", and only discovered after I bought it that Motorola made the bootloader impossible to unlock.
I decided a while back that a TV should just be a dumb monitor, and whatever "smart" features I want it to have can be had via a set top box, home-built HTPC, or a streaming stick. So far I've been very happy with the Roku 3 combined with a home-built HTPC/PVR. If I decide I want to upgrade to bigger or better screen, I only have to replace that one component. Ditto for the "smart" side of things. I see so-called Smart TVs as the TV/VCR combo of the 90s: When one half inevitably fails, you have to throw out the whole thing.
Sure, that's one solution. But let's take the Samsung example. What happens when the device needs to update firmware? I want to allow traffic of that sort, while disallowing things such as the voice communication.
Security vulnerabilities. Performance increases. All the devices that were vulnerable to Heartbleed (as an example) with no ability to update themselves are still vulnerable. One could argue that simply disconnecting the device would be sufficient, but this ignores the possibility of internet features being useful; I wasn't limiting the discussion to TVs.
But it's a useful exercise to limit the discussion to TVs exactly because most TVs don't need any Internet connectivity at all! They just need to display input from other devices that are connected to the Internet.
The trend for Smart TVs these days is to leak data like a sieve. The small risk of vulnerabilities in e.g. a TV's HDMI layer being exploited is arguably a price worth paying for privacy.
I recently bought a Panasonic TV that doesn't have smart TV features - the pictures as good as the smart variants, it has a couple of HDML ports and no network interfaces.
The discussions around smart TV vulnerabilities is making me very pleased about that decision.
Interesting, there is the vocal recognition thing but the camera equipped to do facial recognition is much more worrisome. Check into a hotel room wearing a ski mask, sneak up to the TV and put tape over the camera if you can find it.
Nothing like downloading the facial recognition features of Carmen San Diego into all the hotel TV's in a country to see where she is staying.
License plate readers don't hold a candle to this. Now to check to see if every Samsung TV coming into the US has to go through 'special customs checking' ...
It's not only Samsung Smart-TV but all cloud-based speech recognition products, right?
(Nuance/Apple Siri, Microsoft Cortana, Google Now, IBM Watson Speech, Amazon Echo, LG-Smart TV, etc.)
From a consumer perspective you want an offline speech product like Nuance Dragon NaturallySpeaking: http://en.wikipedia.org/wiki/Dragon_NaturallySpeaking (it's the same technology that powers Nuance cloud based products like Apple Siri, IBM Watson, etc.)
Most of those products locally recognize an activation command: "hey siri", "ok google", "alexa", ... and then send the next phase to the cloud for interpretation. With Samsung's Smart-TV, however, it sounds like everything you say is uploaded so that they can recognize "Channel Up", "Smart Hub" etc.
Yeh, you'd think that based on all the comments you read here.
But, if anyone commenting had actually used one of the new samsung smart TV's with this feature, you'd see that this is being blown out of proportion.
The TV isn't even listening for a keyword. It's waiting for you to press a button on the remote. The microphone for voice control is actually in the remote itself.
I would caveat the above by saying that the TV may also have a microphone in it, because I have noticed that when you use the built-in skype app, the camera does a cool digital/zoom to highlight whoever is speaking, which it probably does either with a microphone array, or moving-lips detection in the camera. The camera, by the way, can be physically disabled when not in use, by pushing it into the TV.
The Samsung TVs do perform voice recognition through the mic on the TV as well as on the remote (well, at least mine, which is a couple years old, does). Even if you have the voice recognition setting turned off, the one on the remote still works by pressing the button.
The non-remote one does use a trigger word ("hi tv" by default) and it definitely does that processing locally (I know because i disconnected my TV from the internet and tried it). Basic commands ("channel up" etc) also worked. I don't know what else to try to figure out when it goes out to the internet. I'd also add that the camera/microphone have a very visible hardware off (which I keep off, because life is too much like 1984 already).
Why is the cloud required for speech to text when a four core ARM SOC is under 15 dollars? My Commodore 64 had good text to speech, and Dragon was doing speech to text on 90s PCs. I don't get the technical rationale.
You needed to train Dragon and you needed to calibrate the microphone.
People talking to control their tv's want to be able to iist talk. Thus, instead of training the software you offload that training to the cloud and massive computing to do it.
I agree that the tv setup could include a bit of voice recognition training. But then the TV only changes channels if Ann asks it to. Bob's out of luck, he has to use the remote.
Ahh... that explains it a little more... though I don't see why you couldn't just share model data via the cloud instead of actually sending audio from a microphone directly out to a remote endpoint.
But then again anything with an Internet connection and a mic (laptop, cell phone, etc.) is a potential spy device with the right malware installed.
A good lesson why one shouldn't use any systems with DRM. People are so upset about mass surveillance by the government, yet they readily subject themselves to mass surveillance of DRM systems. Where is logic?
Now it is fair to say that the attack I just described requires the ability to MitM the network and have physical access to the device, however, remember that these TV's use an IR remote & all an attacker needs is visual access to the TV. If it can be seen through a window it can be controlled through a window and these things typically don't require a password to modify the WiFi settings. Some smart TVs also have proxy settings which again, typically don't require a password to modify.
Given what I just covered, think hotel. From a risk perspective that's what I'd be most worried about. I wonder how many are installing smart TVs with voice recognition? For all other scenarios basically the situation in many cases on the ground is that you are secure because no one is targeting you. In the case of a hotel, someone could be targeting everyone. Such an attack could prove valuable, especially if done in executive suites near financial centers.