
The CIA Spied on People Through Their Smart TVs, Leaked Documents Reveal (2017) - sky_nox
https://www.vice.com/en_us/article/8qbq5x/the-cia-spied-on-people-through-their-smart-tvs-leaked-documents-reveal
======
jmalkin
I've gotten nothing out of my Smart TV that I couldn't have gotten from a
Chromecast, or preferably, a laptop hooked up to a TV.

And I've lost a lot. My TV is slow. When I try to control the volume,
sometimes I have to wait multiple seconds.

And things stop working all the time and require a reboot.

I hate the damn thing. It even comes with bloatware for some reason, games
I'll never play that it insists on updating forever.

And with the privacy concerns on top of all that, I wish I had a dumb TV.

My shit cube TV from the 90s was better!

~~~
test6554
I have resisted the urge to buy a new tv for 11 years. I own the same 48" non-
smart Sony I've always had. I have always felt like the grass would be greener
if I were to buy one of those 65" LG OLED tvs, but thank you for setting me
straight.

This old TV is 5 inches thick, but it turns on in 2 seconds. I hooked an
amazon fire tv into one HDMI port. I also have a sonos "connect" hooked up to
the audio-out so that I can play my TV audio through my ceiling speakers when
I want.

But it's just a display, so I can plug and play the capabilities I want. I can
even tell alexa to open up plex while the TV is off and the fire TV must send
a signal through the hdmi port because the tv turns on and it loads plex.

~~~
osamagirl69
Just wanted to chime in since you specifically mentioned the "65" LG OLED",
which is the same TV I have (specifically the OLED65B6P). When plugged into
the internet it has all of the usual unfeatures (including ads displayed over
hdmi input), however if you leave it unplugged from the internet it works
great and boots up almost instantly to the last input selected without any
fuss. Furthermore, the HDMI CEC commands work as expected (in both directions
--control of the tv from the computer and control of the computer from the TV
with all of the expected buttons on the remote being passed through). The set
is also quite good about supporting legacy S/PDIF (optical) passthrough so I
haven't needed to replace my receiver.

So far the only feature I have been unsatisfied is that for some reason the
set does not auto-shutoff when the hdmi input is not active. For example, I
had it hooked up to a computer which was set to turn the monitor off after 15
minutes and instead of the TV shutting off it displayed an 'input
disconnected' screen. As a stopgap solution I set the computer to have a
'screensaver' that is all black instead of turning the monitor off--which
works pretty OK since the OLED is completely 'off' when displaying a blank
screen. The only downside is that the the electronics in the TV stay running,
so the power consumption in this state is about 20w.

~~~
m_eiman
I have the same experience with my LG. It's perfectly fine as a "dumb" screen.
I have an Apple TV 4K and a surround receiver connected to it, and CEC works
as intended: when I turn on or off the Apple TV, the LG and the receiver do
the same.

I was very weary of buying a "smart" TV, but I wanted a 4K HDR one, and the
public display market didn't seem interested in providing that.

Happily, the LG boots (or resumes, or whatever it does) very quickly and the
only time I have to touch its remote control is if I've had the TV on for so
long without using the remote that it thinks nobody's watching and turns
itself off. I suppose there's a setting somewhere to change this, but it
happens seldom enough that I haven't bothered.

~~~
ashman5
Thanks for this post. I'd like to add that the Vizio PQ65 works the same way
when using an Apple TV. I refuse to update the firmware for fear that Vizio
will force a change that will require an internet connection.

~~~
m_eiman
If you never connect it to the net, there’s never a need for an update - and
no way for them to sneak one in behind your back. It’s a sad world we’ve
built, isn’t it?

------
sky_nox
'Samsung itself is aware of these risks. In its privacy policy, the company
warned customers to be aware that "if your spoken words include personal or
other sensitive information, that information will be among the data captured
and transmitted to a third party through your use of Voice Recognition." The
language reminded some of the George Orwell classic dystopian novel 1984.'

~~~
IshKebab
That quote doesn't show Samsung's thoughts on the risk of hacking at all, and
it shouldn't remind anyone of 1984. It's just a statement of how all voice
recognition currently works.

~~~
serf
>It's just a statement of how all voice recognition currently works.

Amazon has said on numerous occasions that no data transfer occurs without a
trigger word hitting the mic -- a feature that was a main point when
discussing the safety of having an always-on internet-connected mic in the
house.

As for whether or not they're telling the truth, I don't know; but trigger-
words have always been a feature that Amazon loved mentioning from a
security/privacy standpoint.

~~~
penagwin
> As for whether or not they're telling the truth, I don't know;

Luckily it's possible to check [0]! Although it gets a bit more complicated
and can change, my understanding is that currently most people observe it
increase it's network usage after it's trigger phrase, but not at other times
(it uses the network for other stuff too, but audio data is typically rather
large in comparison).

[0] [https://www.iot-tests.org/2017/06/careless-whisper-does-
amaz...](https://www.iot-tests.org/2017/06/careless-whisper-does-amazon-echo-
send-data-in-silent-mode/)

[1] 10.1007/s00779-018-1174-x <\- Might want to use sci-hub

~~~
celim307
The pessimist in me think that a determined actor could simply capture non-
trigger voice data offline, and bundle it with the rest of the traffic
whenever the next trigger word occurs. But I am talking out my ass and have in
no way verified any of this

~~~
astazangasta
This was my thought too; there doesn't seem to be a way to verify this isn't
happening.

~~~
smarkov
If data is being buffered and only sent after the trigger words wouldn't the
data transmitted vary depending on how much was said before the trigger word?

~~~
mulmen
Maybe. All uploads could be padded with the maximum buffer size so you can't
tell the difference. The buffer could flush only small amounts at a time. Some
compression algorithm could be used that becomes more efficient with larger
recordings.

What you should be asking with any "smart" device is "can I prove this device
will do no harm to me".

Honestly I have never understood the value proposition of any smart device.
Why would I want any of that functionality? Never once in my life have I ever
wanted to talk to my TV. I'm beginning to (again) question the wisdom of
carrying a smartphone.

------
stevesimmons
I hate my Samsung Smart TV too. It auto-installed a Rakuten TV app that
several times a week would switch from the only channel we watch (BBC News) to
channel 4000 showing trailers for its video-on-demand pay per view service.

Samsung makes it very hard to uninstall this 'feature' and even kills threads
about it on its web site support forum.

I had to got back to the shop I bought it from and threaten to return the TV
as defective unless they sent instructions for permanently removing it.

Samsung, you should be ashamed of yourself, taking such an obviously anti-
customer stance. My next TV certainly won't be a Samsung.

And hopefully several other people reading this won't buy a Samsung either.
Vote with your wallet, folks!

~~~
imglorp
So did they finally show you how to remove that app? What did that entail?

------
stcredzero
On the Max Headroom TV show, it became illegal for people to turn off their
TVs.

[https://en.wikipedia.org/wiki/Max_Headroom_(TV_series)#Plot](https://en.wikipedia.org/wiki/Max_Headroom_\(TV_series\)#Plot)

Would it be outlandish for the tech industry to lobby that Smart TVs and
computers be given a 911 style emergency calling system, then for emergency
dispatchers to have access to surveillance information, then for such devices
to be required to be turned on all the time?

~~~
xvector
I mean it's not like your TV ever truly turns "off", is it? A lot of them
power on at least the red/green LED light showing that it's "off" and who
knows what else.

~~~
avionicsguy
A TV set never turns off! It is well known in the industry. Standby usually
just turns of the LCD, backlight and changes LED colour.

Try this: Switch TV to standby then turn on. Time how long this takes. Unplug
TV for 30 seconds plug in and then turn on. It will take a while for the TV to
boot from cold start.

Manufacturers have been doing this since CRTs.

------
ei8htyfi5e
I gave a talk in China 5 years warning about this.
[http://tech.qq.com/a/20140527/035512.htm](http://tech.qq.com/a/20140527/035512.htm)
I asked vendors to make changes to their products, such as planned
obsolescence so if the manufacturer goes out of business and a device doesn't
hear from the mother ship for awhile, all internet connections are killed for
good. Also, to set smart defaults so that even when not configured, it won't
allow this behavior. There should be a list of more in the article but you'll
have to translate to see them.

~~~
discordance
As long as this sort of planned obsolescence only kills the connectivity
feature, and keeps the rest of the device functioning/useable that sounds good

~~~
ggg2
except they will be (very) easy pickings for malware that do their own thing.
e.g. Mirai botnet.

it's very backward to suggest planned obsolescence as a security feature
instead of open software/standards

~~~
justinclift
The open software / standards would need to cover every aspect of a given
product, such that external people / enthusiasts / (etc) would be able to
generate fixed firmware and upload it after the manufacturer ends support.

That might work for _some_ devices with extremely large user bases.

Devices with specialist properties or a low number of users sound like they'd
be very tricky to have that approach work reliably.

That being said, if there's wide adoption of "known good" base level firmware
(eg powering on, init device capabilities) then maybe the specialist stuff
could be add on's or something. eg modularising things might be a way to get
closer to the goal

------
mulmen
I have not been excited about the release of a new consumer product in well
over 5 years. The last real improvement in a consumer device for me was the
iPhone 6s and even then I preferred the older form factor.

I no longer look forward to the release of any new device or expect it to make
my life better in any way. I just assume it will spy on me and/or exploit some
weakness in my subconscious.

When my current TV dies I might just go back to having no TV at all.

~~~
mlang23
I terminated all my TV related subscriptions over the past two years and now
also finally sold my TV. One of my best moves ever. I am not missing anything,
have a lot more useful spare time, and save around 1k a year.

------
dschuetz
I knew a guy who worked on his paper about smart TVs and their potential
exploitation vectors. That was back in 2015. His supervisor wrote that paper
off bluntly as "scientifically not relevant". Oh well.

~~~
ovi256
The supervisor can still be right! Scientific relevance and societal relevance
are at odds all the time. Just look at cosmology or any other field with very
very long term, slim, payoff and huge costs. As much as we curiosity oriented
people dislike it, satifsying our curiosity about the origin of the universe
has very low impact. The most impact probably comes from the theoretical
understanding that results in new engineering capabilities to build new
weapons, industrial machines or energy sources. |But then the question can be
asked "why not fund that research direction directly ?"

------
LinuxBender
And people thought I was weird for dancing by myself in front of my TV. The
poor folks at the CIA will never un-see that.

~~~
mitchty
People think i'm weird for never hooking my smart tv up to the network. It
works, why does it need to be online?

~~~
edejong
You are counting on the WiFi module not to be remote hackable?

~~~
mulmen
While that is possible I would consider this to be a case of outrunning your
friends rather than the bear.

~~~
edejong
So, a neighbor’s compromised wifi router could remotely exploit your smart tv
without even configured settings:
[https://blog.exodusintel.com/2017/07/26/broadpwn/](https://blog.exodusintel.com/2017/07/26/broadpwn/)

------
deehouie
This piece challenges the current narrative you read in the press. China is an
evil surveillance state that spies on its citizens and the rest of the world.

Now we know. The greatest democracy of the world also spies on its citizen
_and_ the rest of the world.

~~~
dsl
This is just extreme whataboutism.

There is a vast difference between China spying on and locking people up for
being the wrong religion, and the CIA secretly recording a conversation about
the planning of a bombing.

~~~
pessimizer
That's true, but there's also a vast difference between the CIA spying on and
locking people up for being the wrong religion, and China secretly recording a
conversation about the planning of a bombing.

Similarities between the two governments are that they would both characterize
their spying on, imprisoning, and torture of religious minorities as
preventing potential bombings, and characterize their counterparts as
oppressive police states. China might have the stronger case, as they have
about a quarter of the prisoners per-capita that the US does.

~~~
pwodhouse
I might prefer 4x detention time if I got to choose a US prison over China.
I'd certainly prefer the freedom of thought and speech in the US.

[https://www.prisonlegalnews.org/news/2014/jun/22/inside-
chin...](https://www.prisonlegalnews.org/news/2014/jun/22/inside-chinese-
prison-americans-perspective/)

------
titzer
It is now completely legitimate to be afraid of every single thing connected
to the internet. Thanks technology!

~~~
mulmen
I remember a time when typing your credit card number into a webpage was
madness.

------
johnhenry
Aside from wanting to protect its citizens from foreign spying; I have to
wonder if another reason for the US's curtailing Huawei is to simply eliminate
the competition?

~~~
sirmoveon
People with technical knowledge at this point shouldn't doubt this perspective
anymore. No evidence of wrong doing was published, and the claim of the
possibility of the Chinese government making Huawei do their bidding at some
point, is no different from what other governments have been doing, including
the U.S. (and getting caught in the wrong doing).

There's no shame in the hypocresy. It's a blatant attempt to damage Huawei.

I have no sympathy for what the Chinese government does to subdue everyone
under their power, but the Americans seem to have been historically better at
playing the victim and getting away with it while still managing to curtail on
others.

~~~
w7
That doesn't make sense to me. Especially given the GHCQ's break down of
Huawei gear finding that Huawei can't even do version control right (they had
revisions of firmware with the same version id for the same hardware with
different build characteristics), and magically reintroducing vulnerabilities
from 2006. Personally I feel that Huawei gear would be ripe for exploitation
and then misdirection.

I don't get why people are so hung up on proof though. There doesn't have to
be proof. No one who I've talked to in the networking industry cares about
proof (this includes myself). Hell China already bans companies at will. The
only thing that matters is enough of a non-zero chance of Huawei releasing
malicious firmware updates to select targets in the future. Judging by their
inability to have firmware revisions that completely match in functionality
who knows if they're already doing so at a smaller scale.

~~~
majia
> I don't get why people are so hung up on proof though.

The reason you look for proof is not that it gives you 100% security. It is
the process of finding proof that helps us understand how secure a product is
and what vulnerabilities need to be addressed. GHCQ's through examination of
Huawei devices found problems with version control, and Huawei promised to fix
those problems. This is how security could improve.

I think you also vastly underestimated how difficult it is to do version
control for hardware due to extremely complex supply chain. If you examine
products from any other brand, the situation is likely to be worse. I'm not
suggesting Huawei's problems are acceptable. However, it is a misguided
approach to decide which products are secure purely based on national origin
rather technical merits.

~~~
rrix2
These also sound like the sort of problems that could be solved without a
global sales ban, people seem to really like the Hand of the Market for stuff
like this when it's not down nationalist lines.

~~~
JamesBarney
This isn't why they were banned. They were banned for conducting corrupt
espionage, violating the Iran sanctions, and lying about it to federal
authorities.

------
java-man
related:
[https://news.ycombinator.com/item?id=20205131](https://news.ycombinator.com/item?id=20205131)

------
9HZZRfNlpR
CIA is able to spy but Samsung doesn't even get screen mirroring work on my
TV. Thankfully, I disabled the internet connectivity and forget about it, it
turned out to be a good thing maybe.

Where to get modern TVs screen wise but dumb ones? Monitors go up to only
somewhat limited dimension's. Anyone have ideas? Buy the screen from LG and
build yourself?

~~~
nfoz
To find modern dumb TVs, you usually need to look at the "commercial" or
"business" lines (sometimes called "digital signage). Companies make them hard
to find.

I have a 55" 4K LG dumb tv and I'm very happy with it:
[https://www.lg.com/ca_en/commercial-tv/lg-55UX340C-public-
di...](https://www.lg.com/ca_en/commercial-tv/lg-55UX340C-public-display-tvs)

It's just a tv. It turns on and off quick. The remote-control is simple. The
only downside is it only has 2 HDMI inputs, and it doesn't do HDR.

------
narnianal
The question is how much this matters if you already have 2-5 active
microphones listening in when there are two normal people in the room. I bet
if the CIA wants they can get enough data from the audio alone to even say who
looked at whom during a conversation.

------
Iv
Why wouldn't they? In the current legal environment, that would be
unprofessional and even a misconduct for them not to acquire these
capabilities.

------
morpheuskafka
The CIA should be completely abolished. Unlike the FBI, it does not seek to
enforce any laws whatsoever; instead, they operate with absolutely zero
oversight, there only rule being that they're not supposed to be involved in
domestic matters. I wouldn't be surprised if they tag-team with other friendly
agencies like MI6 to spy on each other's domestic targets so as not to violate
that rule.

~~~
myrandomcomment
Yes, because not having an Intelligence agency is a great idea for national
security. You know the LAPD beat a man a few times. We should totally get rid
of them also.

A rational proposal for over-site and control would be a useful comment.

~~~
dgzl
The US spy and intelligence agencies frequently infringe on domestic and
international human rights, and many people would rather they didn't exist.
Some people don't even consider the agencies to be constitutional. Your
sarcastic comments are certainly not useful.

~~~
myrandomcomment
The issue is not the CIA. It has been incredibly successfully in its job since
it was founded as the OSS in WW2. We do not hear of the successes as most of
it is highly classified. There are some great books on older stuff they did in
the Cold War out now that are worth reading.

The reality is we only hear about the screw ups and the illegal things because
that news worthy in the 24/7/365 hype cycle we now live it.

The fact is that we as citizens have failed to provide our voices asking for
proper guidance of the CIA. We the people think that TV shows like 24 are the
reality and torture is okay because it works on TV and only happens to the bad
guys. Society as a whole have allowed things to end up this way.

Tell me what really happened when we the public found out about the tap rooms
at ATT colo or some of the stuff Wikileaks and Snowden showed? Where is the
protest? I do not see the streets full of outrage. Where are the brave
Americas standing up for their rights. We could learn from the people of Hong
Kong at this point.

The fact is that as long as we can order from amazon and Facebook works no one
cares anymore.

We get the government we deserve. Disbanding the CIA just moves the issue to
the next agency.

~~~
baybal2
Yes, USA has 20+ intelligence agencies.

But all you refer to can and should be done by military intelligence.

------
mikorym
Is it still possible to buy HD TVs that are not smart? That's a niche that may
interest HN readers; I prefer smartness through a peripheral...

~~~
KozmoNau7
You can buy monitors made for commercial usage, such as signage. They'll be
simple monitors with no TV tuner or "smart" functionality, and they'll be
built to better resist burn-in.

They'll also cost you at least 2-3 times as much as an equivalent consumer TV.

------
Tistel
I bought a Philips 4k tv which works ok. But, when I plug it into my ethernet
and hit the software update button it says it can't find the host. So I am
guessing they hard coded the wrong IP/URL into the firmware. I am sure are
there is some USB firmware patch I can do, but, I don't want to risk turning
it into a giant doorstop/brick.

------
musicale
Who'd have thought that always-on, internet-connected cameras and microphones
could be used for spying on you?

------
titzer
The Internet of Things is a surveillance entity's wet dream. And we are sleep-
walking right into it.

~~~
mulmen
Everyone is fully aware of the implications here. Even most consumers know the
risks, they just don't care. The sad part isn't that people are stupid, it's
that they are smart and just don't care.

------
bigbluedots
I own a Samsung Smart TV, and I'd be interested in removing or disabling the
microphone. Any ideas?

~~~
thesmok
Image search "mems microphone" to get an idea of how it looks. There is a hole
in the microphone body – fill it with glue. Or just remove the microphone.

------
peter_d_sherman
"In America, you watch television. In Soviet Russia, television watches you!"
<g>

-Comedian Yakov Smirnoff ([http://wiki.c2.com/?InSovietRussia](http://wiki.c2.com/?InSovietRussia))

------
heyflyguy
The tinfoil hat people get more and more correct, being validated at every
turn.

------
hn23
Louis: Really? Inspector: Sure! Louis: Ohh!

[https://www.youtube.com/watch?v=w4aLThuU008](https://www.youtube.com/watch?v=w4aLThuU008)

------
ChicagoBoy11
Isn't the most obvious fix for this never connecting the TV to the internet in
the first place? If your TV works the day you buy it, why do you need to
connect it so it gets "firmware" updates? in some respect, isn't the user
still capable of making their SmartTV a "dumb" TV?

------
espeed
There's a microphone in the Samsung TV smart remote.

~~~
bilbo0s
In the actual tv's too in some cases.

~~~
pfundstein
I think you mean telescreen

~~~
HeavenBanned
Double-plus-good reference.

------
pinewurst
(2017)

~~~
sctb
Thanks!

------
devoply
Hey wiretap show me my favorite show. Hey wall with ears tell me the weather.

------
sureaboutthis
> to secretly spy on targets

Apparently everyone here thinks so much of themselves that they think they are
important enough to be a target.

