Your smart TV is trivial to hack and leaks your personal information like crazy unless you disable all its useful features


#1

Originally published at: https://boingboing.net/2018/02/08/you-are-the-product-4.html


#2

You don’t have to disable them, just don’t set them up.


#3

I have yet to see a ‘smart TV’ whose built in streaming apps are anything but garbage to use. When a Roku costs $30 and every gaming console has better streaming apps, why would you settle for the clunky, snooping smart TV apps? You don’t have to hook up your TV to the internet if you already have devices that do the job better.


#4

Your Roku, blu-ray and FIOS STB will work fine with a nice big HDMI-capable computer monitor that has no “smarts” and no Internet connectivity at all.

Use what remains of the marketplace and vote with your dollars.


#5

Sometimes the TV won’t work at all unless you agree to their privacy policy. These tend to be the TVs that have Android TV built in (like my Sony XBR65x900e).

If you complain to Sony about it, they just tell you to not connect it to the internet.

Aside from the privacy issue, my big problem is that the software (Android TV in my case) is really, really bad. I have to unplug it and plug it back in occasionally because popups start appearing saying something like “Service SpyingOnYou has Stopped”. The only thing you can do is click OK, wait 45 seconds and then the message pops up again. Why tell me about it if the only option is for me to acknowledge it?

The TV is also super laggy and the audio cuts out occasionally. The HDR picture is pretty nice though.

As for the hacking - I wouldn’t worry about it too much if you are behind a NAT router. If you happened to visit a malicious website on a computer that’s on the same LAN as the TV, that website could turn your TV off. Big whoop.


#6

Our viewing habits are going to really confuse them. Between us, we probably watch some of every single genre on there. Including the dog; he likes the nature videos we put on when we leave him home alone.


#7

A little time with wireshark and some router domain blocking and you’re likely good to go. The spying features on these sets typically communicate with only a handful of domains that aren’t used for anything useful. Block them, and the TV can’t send out your data. For now at least, there don’t seem to be “plan B’s” for those data paths, so you shouldn’t have to play continued games with your TV to keep your data locked down.


#8

radioactively illegal, huh? Won’t that make them hot property?


#9

I’m similarly all-over-the-map in termsof viewing habits, and I admit, I kind of like the idea of being a source of consternation to anyone who’s trying to analyze my viewing data.

But here’s the data-harvesting that worries me: smart tvs with voice activation. That means always-on microphones. Oh, and your IR remotes? Those work via an IR sensor on your tv, and is that sensor always on, watching you, maybe even mapping the room its in and your behaviour in it.

I hate sounding all tinfoil hat, but it bears repeating that sound and IR are data too, data that gets harvested, and that data is subject to the same security concerns as our mere viewing habits.


#10

buying a set without networking capabilities (and an insecure system-on-a-chip with a web-server, etc) was $100 more than buying one that shipped with a bunch of useless, easily exploited anti-features

This is how we’ll soon be able to distinguish the most privileged 20% of American society from everyone else: you’ll either have enough money to buy consumer goods that don’t have these “useful” features or (per @Thermironic) you’ll need the technical chops to do sigint and block things at the router; otherwise, once again, you’ll be the product (and pay for the honour).


#11

I own two android based smart televisions. One is a Sony and the other is LG. Neither has ever been connected to the internet. I’ve never had a pop-up or any problems at all. I did have to turn off bluetooth on the Sony so the neighbors wouldn’t connect to it.


#12

They’ll probably sell a different version of the TV in Europe, while the ones in the parts of the world without strong consumer privacy protection will continue to send your info upstream. They monetize that, so it’s in their corporate self-interest to keep doing it.

We use our TV as a monitor connected to a media PC, console, cable box, and blu-ray. The actual receiver functionality is unused.

I keep waiting for them to offer what is essentially a giant monitor with a bunch of inputs to connect your stuff to…


#13

My neighbor’s Samsung UN55JU6500 55-Inch 4K Ultra HD Smart LED TV has Bluetooth and will let my phone pair with it without a challenge. (I unpaired. Switching his TV on at 3am didn’t seem very appealing.)


#14

“Comrade, come, look at this.”

“What is it, Ivan?”

“This man we hack. Look at his TV. Star Wars, Star Wars, Star Wars. One person can not watch this much Star Wars.”

“Must be glitch in system. Maybe he hack us?”

“Da, we better just pretend we never found this one.”


#15

My last TV purchase was fabulously dumb and next one will be too, if I have a choice. I prefer to avoid redundant complexity. If I had any desire for streamed content, I’d get a $40 Kodi that beats any tv embedded system.


#16

I’m wondering how this would affect those of us using over-the-air reception (no cable). I doubt any info could be gathered.


#17

See my post above. They’re not just monitoring what you watch.

ETA: This depends, of course, on whether you use any of the smart tv’s smart functionality, such as voice control. Our tv at home is also no-cable, and we use over-the-air digital terrestrial broadcast, but we have to use the tv’s smart menus to get to the digital tv input…


#18

Depending on whatever cues are embedded in the over-the-air signal by the local broadcaster or network, the smart TV could be monitoring that, too. When it comes to building a profile they won’t leave anything on the table if they don’t have to.


#19

Alternatively, “We see you’ve been binge-streaming The Office for ten days straight-- just checking in to make sure you’re okay…”


#20

I don’t plug the Ethernet cable into the TV set, only the HDMI cable from the computer that I use to watch video stuff from.

I suppose they have WiFi now. Well, one can configure one’s WiFi router to require the MAC address of all attached devices.