Samsung management admitted that their smart TVs spy on their owners. How TVs are watching you

4 years ago

IN lately Samsung Corporation frankly unlucky: people don’t have time to forget one scandal before the next one brews. That Galaxy smartphones Note 7s suddenly start exploding, then the actual head of the company is arrested, and now Samsung is accused of selling spy TVs.

According to leaked secret documents, CIA employees, together with agents of the British security service MI5, learned to hack using a flash drive smart TVs Samsung series F8000. Thanks to this, the devices became real bugs: they could record everything that happened in the house using a built-in microphone, and then send encrypted audio files to remote servers.

The worst thing in this story is that even turning off the TV does not save the long arms and sensitive ears of American special agents: they developed an algorithm with the help of which the equipment only simulated inaction. The microphones, which were also located in the device’s remote control, worked all the time. When the user decided to turn on the TV itself, the Wi-Fi connection was restored - and all data was immediately transferred to CIA agents. It's funny that all F8000 series TVs run Tizen - the "most secure" one operating system, which was repeatedly praised by developers and was seen as a “safe” alternative to the “malicious” Android.

Whether Samsung is to blame or not, spying on TV owners clearly violates the user agreement. The company's official website states that, except in special cases, personal information is not sent to third parties.

The only time data is sent to a third party is during a search. At this moment, the data is sent to the server, where the desired content is searched, and after that the search results are displayed on the TV. Details such as name, address and others are not sent anywhere unless you submit them at the time of request. For example, if you have activated voice control and ask to find your name, indicating that it belongs to you, then the request will be sent to the server to search for results, says the terms of use of the voice recognition function on Smart TV.

However, it is quite difficult to learn about all the intricacies without digging into the Internet: during the first turn on, the TV owner is asked to read the user agreement, which usually no one reads. In this case, it may not be read because only the part dedicated to voice search, consists of 76 pages. And there are at least five more such parts. Such reading on the TV screen can simply tire your eyes. Moreover, the “Accept all” checkbox looms temptingly nearby.

Not for the first time

It is worth remembering that a similar scandal involving a South Korean corporation already occurred in 2015: then the TV was also accused of surveillance, and there were reasons for that. Experts noted that when the voice recognition function is enabled, user requests are transmitted to a third-party service, and Samsung can record and collect voice commands and corresponding texts. This was written directly on the official website of the corporation.

Please be aware that if the words you speak include personal or sensitive information, this information will be among the data recorded and transmitted to a third party when you use voice recognition, the developers warn.

What's dangerous about the CIA hacks is that all these cyber weapons are out of control. It has definitely fallen into the hands of one or another attacker, it will spread

CEO of Digital Security Ilya Medvedovsky

Naturally, when the public drew attention to this fact, users who feared for their privacy were not without panic. Samsung management I had to comment on these ambiguous lines. Company representatives stated that to ensure security measures and prevent unauthorized collection or use personal information they adhere to industry standards, including data encryption. Besides, South Korean developers they even advised users not to discuss personal matters in front of a smart TV.

It should be noted that not only Samsung devices were observed spying on users. For example, in 2013, the owner of an LG smart TV noticed that targeted advertising was displayed on one of the main screens. After rummaging through the settings, the man turned off the transmission of information. He then checked the logs on his router and saw that even disabling the option did not stop the smart TV from transmitting data to LG's servers. The user contacted the company's representative office, but they told him that by buying a TV, he agreed to LG's terms and conditions.

It is also interesting that that scandal frightened manufacturing companies so much that the idea of ​​​​creating televisions equipped with video cameras was actually scrapped - today in Russia you can find only four models of devices of this type from different manufacturers. All of them were released no later than 2015, and their cost starts from 250,000 rubles.

How dangerous is it for Russians?

According to Ilya Medvedovsky, CEO of Digital Security, residents of the Russian Federation should not worry about data leakage through smart devices Samsung.

Russians who bought Samsung TVs can generally sleep peacefully. In this case, we are talking about targeted attacks: implants are placed on those TVs that go to an object of interest to the intelligence services,” the expert explained in a conversation with Life.

This story is dangerous for all of us, for ordinary people, first of all because all these cyber weapons are out of control. It has definitely fallen into the hands of one or another attacker, and it will spread. All these technologies, all these implants and so on are huge, serious and expensive technologies, the implementation of which requires a huge amount of money, because it requires the most serious research. And all this is now in the hands of the attackers,” the director of Digital Security commented on the WikiLeaks leak.

How to protect yourself?

Despite calls from experts not to panic, Life has compiled instructions for the paranoid on how to check their device for hacking. In addition, the authors of the material have prepared tips on how to protect yourself from leakage of personal information.

1. First of all, you need to find out the TV model. If you don’t have a box left, you can do this directly on the device. To do this, you need to turn it on, press the Menu button, select “Support” and find the line “Contact Samsung” at the very bottom. If you see the designation F8000 in the window that opens, it means you are at risk.

2. In the same menu, be sure to look at the firmware version of the TV. The leaked documents say that hackers tested their hacking methods on devices with versions 1111, 1112 and 1116. Therefore, if you have outdated firmware installed, update it immediately (if the device is already infected, it will not update automatically - the hackers took care of this ). To update the firmware yourself, open the menu, select "Support" and in the window that appears, click "Software Update".

3. Turn off the voice control feature. This is unlikely to save you from CIA hackers if the TV is already infected, but at least Samsung employees and third party companies will definitely not get access to your voice messages. However, disabling the option will be quite problematic: you will have to completely reset all the TV settings. To do this, go to the menu, “Support”, open the “Self-diagnosis” option and select the “Reset” line. After this, the device will ask you to enter a password (0000 by default), and then reset all settings to factory settings. Please note that all channels will have to be configured again.

After the reboot, carefully watch what you press when activating the TV: in one of the menus you will need to uncheck the “Voice control” function. Then the TV will stop picking up your voice. You cannot disable voice control without resetting your TV to factory settings.

4. Unfortunately for CIA agents, the hackers were never able to completely disguise the presence of a foreign software on TVs. Therefore, after all the manipulations with updating the firmware and disabling functions, be sure to check several conditions. First, you need to keep an eye on the LEDs on the back panel. If the TV is turned off, but the LEDs still light up periodically, this is a sure sign of surveillance. The documents also indicate that on jailbroken devices, the Samsung logo does not always appear when turned on.

5. Some Samsung TV models have a built-in camera - a favorite hacking device for hackers. And although in the WikiLeaks documents the recording of video clips is mentioned only in the column “Plans for the future,” we advise you to use Edward Snowden’s method - to cover the camera with a plaster or tape. The same thing, by the way, can be done with microphones on the TV and in the remote control.

6. Turn off Wi-Fi. Yes, we understand that after this the TV will lose almost all of its mental abilities, but in this situation you will feel calmer - your confidential data simply will not be able to leak beyond the device.

7. If you watched TV, unplug it. The old method is still relevant. Yes, as a cost you will get settings such as time and date that disappear every time, but this is not the highest price to pay for maintaining your privacy.

It turned out that Samsung owners Smart TV can be heard not only by those who are near it and with an overly “smart” TV. To confirm this, here is an entry from the company’s official website:

1. You can control your SmartTV and use many of its features using voice commands.

2. If you enable voice recognition, you can control your SmartTV using your voice. For voice recognition to work, some voice commands (along with information about your device, including device identifiers) may be sent to a third-party service that converts the speech into the voice or code needed for voice recognition to work. In addition, Samsung may collect and your device may record voice commands and related text so that we can provide you with voice recognition features and evaluate and improve their performance. Please be aware that if the words you speak include personal or sensitive information, this information will be among the data recorded and transmitted to the third party when you use voice recognition.

3. If you do not enable voice recognition, you will not be able to use interactive voice recognition features, but you will be able to control the TV using certain preset voice commands. Although Samsung will not collect the words you speak, it may still collect relevant text information and other usage data for the purpose of evaluating and improving the performance of the service.

Thus, Samsung is actually spying on its users, and it remains unknown how exactly " to third parties» Voice data is transmitted and how it is processed. However, this is not the first time - several years ago TP Vision, which produces Philips TVs, was seen spying on users, and later the owner of an LG TV noticed that he was being followed. Then I was able to disable tracking by rummaging through the device settings.

In the case of Samsung, you can disable surveillance, but the voice recognition function will not be fully available, and the smart TV will obey only a limited number of commands. Select and buy TVs by good prices Can .

Mikhail Kuznetsov, TV site expert: “Samsung TVs are most likely to use cloud technologies for some voice functions. This is why data is transferred from the TV to a remote server, as well as for collecting statistics and other service purposes. Naturally, something “extra” may end up in this array, which is what the manufacturer warns about in the above quote. Deliberate espionage is perhaps an exaggeration. It should be noted that similar technologies are also used on other equipment, including Smart TVs of other brands. In theory, all this could be hackable, with access to audio and video information even if the screen is turned off, but the TV is connected to the network and is in “sleep mode.” In my opinion, the problem is somewhat exaggerated, and unauthorized access to smart TVs is not yet common».

The use of this function is officially mentioned in the privacy policy of Samsung devices. The Daily Beast (www.thedailybeast.com) writes that Samsung has notified customers that users are advised not to mention personal secrets and classified information near company devices with Smart functions TV.

Evgeny Kaspersky recently mentioned the dangers associated with using Smart TV ( general manager Kaspersky Lab). The essence of his warning was that exploitation of TV firmware exploits would begin very soon. In turn, this will lead to the spread of viruses that will be downloaded directly through repositories and steal personal and commercial information from TV cameras and microphones.

As you can see, there is no need to steal anything; the TV already has built-in spying functions, as Samsung does not hesitate to say.

“The telescreen worked for reception and transmission. He caught every word, if it was spoken in a not too quiet whisper; Moreover, as long as Winston remained in the field of view of the cloudy plate, he was not only heard, but also seen. Of course, no one knew whether he was being watched at that moment or not. How often and on what schedule the thought police connect to your cable - one could only guess about that. It is possible that they were watching everyone - and around the clock. In any case, they could connect at any time. You had to live - and you lived, out of habit, which turned into instinct - with the knowledge that your every word was being overheard and your every move, until the lights went out, was being watched.”

B too Samsung time commented on the fact to TechCrunch that only she would get the information, since everyone Smart data TV will be well encrypted. It was also mentioned that data collection can be turned off if desired. Belarusian buyers should keep in mind that access to a full service (change of region when buying a TV in the EU countries, etc.) can only be obtained through the service menu.

From the author: okay Samsung, with their Eastern mentality, now imagine American Apple. What personal information collection capabilities does this company have that has the ability to collect voice and video messages, user preferences, age, gender and biometric data (fingerprints in Touch ID).