Smart TV snooping
Smart TVs are easy eavesdropping targets

29 Jan 2014 | Rasmus Larsen |

This is certainly not the first time that we hear about Smart TV security issues, but this time a report shows how easy it is to extract user names, passwords and possibly even payment details from Samsung, LG, and Philips Smart TVs. The TVs are also sending extensive reports on your TV habits to several companies.

LG, Samsung & Philips singled out

We have already heard how the camera in a Samsung Smart TV can be used to spy on unsuspecting families and how LG is sending information about your home videos to LG’s servers in South Korea.

A German magazine – c’t – is now demonstrating how they have been able, with simple tools, to extract user names and passwords from Smart TVs and TV apps. They explain that the method can be used to extract credit card information through apps or website (for example online banking), too. They tried the same trick on five Smart TVs and found that Smart TVs from Samsung, LG (only TV apps) and Philips had security issues.

They go on to explain the method, saying that even though the data is sent in encrypted form it was as easy as changing the SSL certificate to an in-house generated certificate. Afterwards they were able to intercept the user names and passwords used in TV apps. The TVs did not bother to check if it was a genuine SSL certificate; just that a certificate existed. Who had signed the certificate had no significance.

All three TV makers have recognized the issues and confirm that this concerns all of their Smart TVs – not only a few models. They will release an update to fix the issue, but has not provided a timeframe.


A spy in your living room

It is no secret that manufacturers and content providers collect information on your viewing habits. It is used to improve the TV experience and recommend new TV content based on your viewing pattern. They say that collected data remains anonymous and is limited in scale, but as the LG case went on to show this is not always the case.

German c’t wanted to investigate just how much data modern Smart TVs are collecting about the user. They found that Hbb-TV, and internet TV platform developed jointly by European TV providers, collects and transmits extensive reports on your TV viewing habits to not just the TV maker, but also to the TV channel owners and Google (through the Google Analytics module). The reports are so extensive that they are illegal under German law according to several security experts, partly because the data can be traced back to the specific individual.

Hbb-tv spying


What is perhaps most worrying is that the TV makers refrain from telling exactly what is being collected. No conditions or terms had to be accepted by the end user and there was no option to turn off the snooping in the TV menus. You do not even have to use the built-in TV apps, as Hbb-TV collects data while you are watching TV channels, reports c’t.

As a private individual it gives food for thought – do we really want these same companies to create “smart” refrigerators, alarms and glasses? Speak up.

- Source: Heise (1, 2)



Share on:


Latest news

Samsung TV

Samsung: Important to scan your Samsung TV for malware & viruses

17 Jun 2019 | Rasmus Larsen |
UEFA.tv

UEFA debuts free streaming service UEFA.tv

14 Jun 2019 | Rasmus Larsen |
Sony A9G OLED

Sony A9G OLED wins 'King of TV' at 2019 TV Shootout

13 Jun 2019 | Rasmus Larsen |
The Wall Luxury

Samsung will launch 'The Wall Luxury' microLED displays in July

13 Jun 2019 | Rasmus Larsen |
Xbox

Next-gen Xbox console will have a disc drive

12 Jun 2019 | Rasmus Larsen |
Sony A8G

Sony 2019 A9G and A8G OLED TVs now available

11 Jun 2019 | Rasmus Larsen |
Iron Man

All Marvel Cinematic Universe films will be remastered in 4K

10 Jun 2019 | Rasmus Larsen |
Project Scarlett

Next-gen Xbox: 8K graphics, 120fps, SSD & ray-tracing - launching in 2020

10 Jun 2019 | Rasmus Larsen |