Is your TV watching you?

Discussion in 'Civil Rights & Privacy' started by Mike, Dec 16, 2012.

  1. Mike

    Mike Founding Member Coach

    Forbes: Security Experts Show How Samsung's Smart TV Could Be Watching You!

    ... hackers can now turn the tables and make the TV watch you! Security researchers have discovered a previously unknown vulnerability — called a Zero Day bug — that affects Samsung Smart TVs running the latest Linux-based firmware. The vulnerability gives hackers access to a lot of data, including anything stored on the TV or external devices connected to the TV. Also, for any TV that has a camera or microphone attached, these could be used to spy on the viewers.

    Ars Technica: How an Internet-connected Samsung TV can spill your deepest secrets: Hack demonstrates the growing vulnerability of consumer devices

    If you use a Samsung "Smart TV" that's connected to the Internet, there's a good chance Luigi Auriemma can hack into the device and access files stored on connected USB drives. The researcher with Malta-based security firm ReVuln says he has uncovered a vulnerability in most Samsung models that makes it easy for him to locate their IP address on the Internet. From there, he can remotely access the device and exercise the same control someone in the same room would have. That includes gaining root access and installing malicious software. The attack exploits bugs in features that allow end users to install Skype, Pandora, and other types of apps. The TVs can be controlled using smartphone and tablet apps and in some cases by voice commands.

    "At this point the attacker has complete control over the device," he wrote in an e-mail to Ars. "So we are talking about applying custom firmwares, spying on the victim if camera and microphone are available, stealing any credential and account stored... on the device, using his own certificates when accessing https websites, and tracking any activity of the victim (movies, photos, music, and websites seen) and so on. You become the TV."
  2. nachtnebel

    nachtnebel Original Member

    Random hackers would need access to your cable carrier, know your IPs, etc. However, government entities are privy to all this and *they* could use the TV mic and camera to surveil you, as could the cable carrier and its partners.

    I guess you need to be very careful on the models you purchase, inspect them to make sure and make use of wire clippers if necessary. Don't think I'd trust a software disable....
  3. Mike

    Mike Founding Member Coach

    Simpler solution & business opportunity: Design & sell boxes that will serve as a firewall. Add deep packet sniffing to the traditional firewall functions: Video in, ok. Video out, originating from TV, bad.

    Traditionally end-user firewalls are just software that runs on your PC, but in this situation even if you could hack your own TV & install a firewall in the Linux system, most consumers couldn't be confident that firewall is protecting them.

    I foresee a new generation of ethernet hubs that serve as firewalls: Problem there is trusting the manufacture of the ethernet hubs. I don't recall the exact details but one manufacture tried to slip a major invasion of end-users' privacy into their TOS for a firmware upgrade a while back. It blew up in their faces, but ...

    It's really getting to be dog-eat-dog world out there, and we're all Purina.
    TravelnMedic likes this.
  4. nachtnebel

    nachtnebel Original Member

    sorry, but I'm not trusting my privacy to no firewall. I'll cut the outbound channel off at the pockets. I don't need the mic or camera, thanks.
  5. TravelnMedic

    TravelnMedic Original Member

    That would be cisco and there forced "update" of firmware with there iCloud service shoved in, which locked people out of there routers and forced them to use Cisco's iCloud service. Ended in a PR nightmare and Cisco was forced to backpeddle .

    Cisco has now hired Barclays to spin off linksys which they bought back in 2003 for 500 million. IMHO a marriage made in (expletive deleted); prior to this had no problems with linksys products but after the purchase nothing but nightmares.
  6. Mike

    Mike Founding Member Coach

    You can choose not to buy this type of television, but there is no "outbound channel" per se, only packets interspersed with other packets heading out to the internet.
  7. Mike

    Mike Founding Member Coach

    Yup, thanks!
  8. TravelnMedic

    TravelnMedic Original Member

    No problem. I remember that day at work because we had lots of Linksys and Cisco products that ran everything. Being locked out of the system brought everything from email, to electronic charting to getting fuel. It was a nightmare and I remember walking by our "IT Directors" office and listening to him ripping Cisco Enterprise support a new one and even threatened to go out to cisco and break the door down at the corperate office in the Dallas area if not the next week in California when half the IT staff was going out for a training class. Magically the firmware that couldnt be downgraded was to the previous version but 18 hours of downtime caused 4 weeks of overtime to enter all the data correctly into the system and not have it on on paper.
  9. CelticWhisper

    CelticWhisper Founding Member

    Before Cisco was Belkin - they inserted ads into HTTP streams in realtime as you browsed the web through their routers.
  10. DeafBlonde

    DeafBlonde Original Member

    Does this mean that we'll have to pay, via our tax dollars, some gubment thug to sit around watching us watch TV??:confused:
    I wouldn't be surprised...:rolleyes:
  11. Mike

    Mike Founding Member Coach

    The Stasi is not dumb. They will just use coach potatos' own technology & equipment to spy on them. Effectively coach potatos will be self-informing.
  12. RB

    RB Founding Member

    Hope they like re-runs of The Big Bang Therory.
  13. CelticWhisper

    CelticWhisper Founding Member

    I do my TV watching from a Linux-powered HTPC connected to a projector. Content acquired from various distributed sources, downloaded through an anonymous VPN and FTP'd to a permanent-storage device on the HTPC itself, no streaming involved.

    Report THAT, assh0les.

Share This Page