Saturday, 21 February 2015

Samsung Smart TV transmits voice audio unencrypted

The voice commands that smart saving TVs from Samsung and forwarding are sent unencrypted to a third party, as has discovered a security researcher. Recently there was great commotion about the voice recognition of the Samsung SmartTV which consumers via voice commands can control the TV.

Security Researcher David Lodge decided the traffic that comes to investigate the television. While he saw a connection on port 443, which normally indicates HTTPS. Lodge then decided to view the contents of the data stream and saw that it was not going to encrypted data. It was not even HTTP data, but a combination of XML, and a binary data packet. "The weasels, they use 443 / TCP to tunnel over the dates, probably because many standard default firewall configurations traffic to port 80 and 443 permit outside the network," said the researcher.

It also showed that all kinds of information on the screen is sent, such as MAC address and the version of the operating system. The voice command could be seen that he gave. It suggests Lodge that television does not listen to users unless it is activated by the command. Something, however, with each subsequent firmware update may change, making continuous listening which would be possible, he warns. Lodge Samsung therefore calls to use anyway SSL.

No comments:

Post a Comment