You may have heard about the recent stuff about whether your Samsung TV is listening to you whilst you watch it. If you haven't here's a quick synopsis:
- Modern Samsung Smart TVs have a voice command facility
- The voice command facility is enabled by saying a command phrase (the default is "Hi TV")
- The terms and conditions state that voice data may be shipped to a third party at any point
This presents a bit of a privacy concern - can Samsung listen in on you whilst you're sat on the sofa watching TV? The easiest way is to intercept some traffic from a TV and see what it's trying to do.
I don't have a Samsung smart TV for several reasons, aside from the fact I don't actually watch TV, to the logical disjunct about trying to control something that makes audio by audio. So I had to borrow one. Turns out my colleague Ken had one, though he had never actually got round to setting up voice control nor even configured the IP connection. Partly because he lives in a silly place where the bandwidth is so poor that streaming is impossible.
Due the usual pressure of time (i.e. doing the day job and that said colleague wanted his telly back) I ended up with half an hour of shouting incoherently at a TV in the vague hope that it would understand my flat northern vowels.
To intercept the traffic I used a cheap and nasty TP-Link switch which had the capability to mirror the traffic from one port to another (more on this in another post). This allowed me to transparently intercept the traffic. From there I could record its handshake as it joins the network and attempt to make a few voice requests in several different ways.
This was all recorded in Wireshark and saved as a PCAP for later analysis.
So. Does it listen to you?
The answer, I can say in my brief period of messing around is, not unless you ask it to.
This doesn't mean it can't and doesn't mean that it won't on the next firmware update, just at the moment it only listens to audio when you say "Hi TV" (which you have to shout multiple times if you happen to have a northern accent).
Does it send your audio to a third party?
Yes it does, sometimes. When you say “Hi TV” it will listen for some simple things, such as volume up and volume down, that it does on TV, anything more complex, such as a web search it will pass to a third party, in the case I monitored, nuancemobility.net.
I tried to get the TV to search for the word “Samsung” (and everything else I thought of can’t be published in a family friendly blog). Immediately after this, this traffic was produced:
- A DNS request for av.nvc.enGB.nuancemobility.net
- A conversation over 443/tcp to av.nvc.enGB.nuancemobility.net
443/tcp? That’s familiar, that normally signifies HTTPS – i.e. HTTP over SSL. My first thought when I saw this was “bugger, it’s going to be harder than I thought” as it is possible to intercept and view the contents of HTTPS traffic, but you need to set up the environment and hope that the client doesn’t check certificates.
Then I had a look at the contents of the stream, which surprised me, let me just do a screenshot:
(Red is TV -> server; Blue is server -> TV)
What we see here is not SSL encrypted data. It’s not even HTTP data, it's a mix of XML and some custom binary data packet.
You might also like
TV Test Pattern WOMENS T-shirt Tee (Small, CHARCOAL)