Samsung is not telling the truth when it says that your private captured voice data is encrypted and secure. When David Lodge examined a Samsung TV he found that the TV only records when asking a question, but that no recordings are encrypted. Samsung is broadcasting your private data for everyone to hear.

Caught in the act
Samsung has said over and over again that its TVs use "industry-standard security", including data encryption. So even if one of your private details were captured by the TV, it would be transmitted to a server in encrypted form. The only problem is that it is not true.

The good news. Samsung is telling the truth when it is saying that voice recordings are sent only in specific instances; not all the time. Voice recordings will be captured after speaking the “Hi TV” command or after pressing the microphone button on the remote.

The bad news. Even though Samsung is transmitting the voice data to "nuancemobility.net" on port 443, which is normally used for encrypted data, none of the data is actually encrypted. Neither outgoing nor ingoing traffic. David Lodge could clearly see the content of his voice request in the data stream. Lodge will examine the matter further in the near future, he says.

- ”What we see here is not SSL encrypted data. It’s not even HTTP data, it's a mix of XML and some custom binary data packet.” writes Lodge.


So what does it actually mean? It means that any person with a little training can listen in. Samsung is broadcasting your conversations for everyone to hear – if they want to. Imagine when all your devices in the “smart home” become connected.

So does "industry-standard security" actually mean “no security”? Creative. Thought-provoking.

- Source: David Lodge via PCWorld