Feeds

back to article Hey, does your Smart TV have a mic? Enjoy your surveillance, bro

NSA whistleblower Edward Snowden told lawyers he met during his sojourn in Hong Kong to put their cell phones in his fridge to thwart any eavesdroppers. But new research suggests he should have been worried about nearby TVs, too. Smart tellies with built-in microphones and storage can be turned into bugging devices by malware …

COMMENTS

This topic is closed for new posts.

Page:

Silver badge

That's a no brainer...

...considering a long history of consumer electronics actually shipping with malware. For example some TV-sets encrypt all of their recordings taking them hostage.

Then there's HBB aka Red Button which essentially runs a browser directed to an URL provided by the channel.

There's lots of malware intentionally installed by the manufacturers or network operators, that's why you shouldn't give your TV-set Internet access.

11
0
Silver badge

Re: That's a no brainer...

The real no brainers are

1) Don't connect your kit to the internet unless you have to

2) Where you have to do then cover up any cameras and Mic's. A picture with a hand 'giving the man the finger will do nicely' or even better don't install the drivers.

3) monitor your outgoing firewall logs very closely and keep that outbound blacklist up to date.

What? you don't have any outbound firewall? What's stopping you?

4) Apps on my TV? NFL is my answer.

The sad thing is that th Kit makers seem content to do the NSA/GCHQ/FSB/etc bidding for them without questioning it.

10
3
Anonymous Coward

Re: That's a no brainer...

"4) Apps on my TV? NFL is my answer."

I don't see what good it will do you to watch American football...

10
1
Silver badge

Re: That's a no brainer...

"' or even better don't install the drivers."

For the most part these drivers can't be installed or uninstalled. They are compiled into the kernel.

The only way you can be sure the microphone is disconnected involves wire cutters.

5
0
Silver badge

Re: That's a no brainer...

NFL is Not F*****g Likely not that thing the Americans call a sport.

4
3
Bronze badge

>The only way you can be sure the microphone is disconnected involves wire cutters.

Or you could just take the back panel of the TV off and detach any hardware you don't need. One could do this for the control buttons (great if you have kids you want to keep away from the TV), or the IR receiver if you are a true tin-foiler. Not to mention, it is an excellent opportunity to check for suspicious 'extras' that may have found their way there during transit.

0
0
Silver badge
Facepalm

If your that paranoid about this, don't buy a "smart" TV.

There, not that hard was it.

13
0
Anonymous Coward

Re: That's a no brainer...

you shouldn't give your TV-set Internet access

this is, kind of obvious, only that:

- 99.999% of the population, presented with the option (oh, my tv's a computer now, how cool!) - WILL connect to the internet

- sooner rather than later, you won't be able to operate your telly without it being connected to the internet. Not possible? Well, you already can not operate some software (including one, rather well-known OS) without it "calling home". But it's "hardware!" you say? Well, my little (...) e-book reader would NOT be set up without "calling home" to register. No help in the manual, no workarounds, nosir. You either find a wif-fi, or you can shove our fabulous reader up your crack. So I did register, about a year ago, and haven't used wifi since. But I can see it, easily, in a few years' time, similar device, with wifi "on" permanently. Same as your mobile is permanently on. You're not concerned about your position being tracked ANY MORE, right? That's how it develops.

There's a difference between a telly and an e-reader? Well, it's only a matter of what's standard. When the "internet connectivity" for tellies becomes mainstream, at one it will become mandatory - if you want one.

3
1
Silver badge

Re: That's a no brainer...

Stop press: Networked gear with microphone can be used to eavesdrop.

Hardly news. A long-known reason not to buy a phone where you can't remove the battery if you do sensitive things, but not news.

1
0

Re: That's a no brainer...

or not for long

0
0
Bronze badge
Alien

Re: If your that paranoid about this, don't buy a "smart" TV.

What fun is that? A big part of paranoia is pretending YOU'RE important enough that someone cares about YOU.

As for the internet, simple, VGA cable from laptop/netbook. I would hope such a setup is as isolated as the computer, but not at all surprised if shown otherwise.

0
0

Re: That's a no brainer...

I think it is time for a "Reality Check". If your TV is connected to a Cable company's Set Top Box, then there is literally NOTHING you can do, if the camera and /or microphone are inside that Set Top Box. That box 1) belongs to the Cable company and 2) is directly connected to their network. The DOCSIS modem you use to surf the Web is inside that box, and so is a lot of other hardware. So, if you have CableTV, think again, and literally Cut That Cable! Use DSL for your Internet, and an over-the-air antenna with a simple RF amplifier (6 to 10 dB will do) between the antenna for your TV set. The RF amplifier will isolate the set from the antenna, so if the set attempts to transmit ANY RF through the antenna, the amplifier hardware will block it. But the amplifier will probably not hurt the incoming signals because it will help to overcome some of the "line loss" between your antenna and your set, especially if your antenna is mounted outdoors, where it can receive a clear signal (minus RF reflections from moving people, etc.)

If you are paraoid, or do not want an advertising agency to know what you watch on your computer and when, then you may want to look into ussing TAILS Linux, too. That way your traffic will be seriously encrypted before it gets into the Cable Company or your DSL provider's network (within some obvious limits.) But with TAILS Linux, you probably can maintain your privacy at least a little better than having a live camera and / or microphone in your living room all the time -- exactly like Orwell's telescreen.

0
0
Silver badge
Big Brother

FREEDOM IS SLAVERY

But how can GCHQ and NSA protect us against terrorism if they can't watch us and listen to us 24 hours a day by bugging our electronics?

20
1

Which is why…

If I ever buy a smart TV (and I almost certainly won't because I don't seem to have enough time to watch the blasted thing), I'll be buying it from a company that understands about making its operating system secure and keeping it patched. Furthermore, it'll have to be from a company where the customer isn't the product being sold. As far as I can see, the only companies with that kind of clout and track record are Microsoft and Apple. Despite the rumours, I can't see either of them getting into the telly biz - so I'll stick with a dumb TV, thanks.

2
7
WTF?

Re: Which is why…

"Furthermore, it'll have to be from a company where the customer isn't the product being sold. As far as I can see, the only companies with that kind of clout and track record are Microsoft and Apple."

I'm trying to work out if you're either a) trolling b) or being spectacularly, almost endearingly naive.

My career has essentially revolved around Microsoft since the early 90s, and I'd be the first to admit their products have been my bread and butter, along with Linux and (many years ago) Novell Netware, albeit to a lesser extent. I'm grateful for that, but it doesn't mean I seriously think for a second that I matter to Microsoft one iota - I sure as Hell don't trust them, any more than I trust the rest of the players.

Microsoft may not be monetising personal data to the extent that Google is, but many of us will recall the revelation from the Snowden files that they leapt onto the PRISM bandwagon with unseemly zeal, keen to facilitate blanket surveillance, putting up about as much resistance as Apple evidently did to DROPOUT JEEP.

Do I avoid them? No. Do I trust them? No. I acknowledge their failings and walk into usage of their products with my eyes propped firmly open, but I also know there are more ways to sell your customers than just for hard currency.

22
2

Re: Which is why…

Hmm. My apologies. Perhaps I didn't make my point very clearly. It isn't so much about trusting anyone to play nicely with my data, it's about trusting them to ensure that the operating system is patched up regularly so that it presents a reasonable level of security (or facsimile thereof, depending on how tinfoil your hat is)

It isn't that it's impossible to remotely hack a patched up Linux, Mac or Windows system, but it certainly isn't easy. The reason that its difficult is that these systems are regularly patched to ensure that an OS compromise is non-trivial.

Sony, Samsung, insert preferred vendor of soon-to-be-connected gizmo here, have little experience of writing a general purpose OS from scratch and ensuring that it remains patched for the lifetime of the device. And the lifetime of the device is likely to be long. Worse yet, these devices aren't going to be like a computer, where it's easy to reformat the hard drive and replace the OS with one that is more up to date or more suited to your tastes. These devices are going to be more like mobile phones or portable media players. It's not that total replacement of the OS can't be done, it's that it won't be easy - and, anyway, life is too short to be slapping Linux on the telly, fridge, toaster, lightbulbs etc., and then keeping them patched and up to date.

The real problem is that the average lifetime of a television or fridge is an order of magnitude greater than that of a phone. My fridge is fifteen years old, showing no signs of packing up, and therefore not due for replacement. The TV is nearly ten, and much the same applies. Given that Samsung and Sony can't be bothered to ensure that a one year old phone is running the latest version of Android, I can't really see them bothering to update the OS of a ten year old TV.

So what to do? Your TV is now three years old, and you were lucky. You bought a TV from a manufacturer who kept it patched for a year or two. But now its getting on a bit. It's a bit old, and the manufacturer would rather sell you a new device - so no more patches for you. Your options are to disconnect from the internet (rendering the utility of the device somewhat moot), or buy a new one (which isn't very environmentally friendly given the huge piles of toxic crap that we throw away each year). And even sandboxing isn't going to help much - for two reasons. Firstly, because even sandboxing has its limits - only Apple really takes it to its logical limit, and (IMO) its the only reason that older iOS devices aren't hotbeds of malware. Secondly, because geeks, the early adopters, don't like it - look at all the bitching on el Reg about sandboxing on iOS - and on a TV or other consumer device, sandboxing is going to be more essential than ever.

You'll note that I've left government security out of the parameters of my argument. This is because government security challenges are either intractable or blown out of all proportion, depending on how paranoid / realistic about the limits of government probity you are.

9
0
Silver badge

Re: Which is why…

"It's a bit old, and the manufacturer would rather sell you a new device - so no more patches for you."

When the first big "hack" of a TV or similar happens due to a security flaw in the "supplied at point of sale" firmware, I foresee the consumer protection laws getting a good workout. It will be quite easy to prove there was a "manufacturing defect". Under EU law that part of the warranty is valid for an expected reasonable life of the product. There's even a government website which lists all sorts of devices and their expected reasonable life.

4
0

Re: Which is why…

There's even a government website which lists all sorts of devices and their expected reasonable life.

Really? Sounds useful. What's the URL?

5
0
Bronze badge
Thumb Up

Re: Which is why…

Which is why my TV is not and will never be connected to any other wires than the VGA cable from the Linux mediacenter and the mains.

Which is why I will never EVER connect a washing machine/fridge/microwave/over to a network.

Which is why when we get to the internet of things If I have to learn a bit of electronics to "cut" out the internet part so be it.

5
1
Thumb Up

Re: Which is why…

"Sony, Samsung, insert preferred vendor of soon-to-be-connected gizmo here, have little experience of writing a general purpose OS from scratch and ensuring that it remains patched for the lifetime of the device. And the lifetime of the device is likely to be long. "

That was a very well reasoned and measured reply, and I apologise for missing the gist of what you were saying. Have an upvote.

4
0
Silver badge
Joke

Re: Which is why…

"If I ever buy a smart TV (and I almost certainly won't because I don't seem to have enough time to watch the blasted thing), I'll be buying it from a company that understands about making its operating system secure and keeping it patched. "

What mythical company would that be?

2
1

Re: Which is why…

No need for an apology - my initial comment was written at haste and argued, at best, incoherently. Thanks though!

2
0
Silver badge

@John Sanders Re: Which is why…

Which is why I will never EVER connect a washing machine/fridge/microwave/over to a network.

I'm with you on that one. Even Orwell never imagined the subtlety and depth of surveillance that computers and the internet make possible. He never imagined face-recognition and voice-recognition software, for starters, or that tiny cameras could be hidden in every household device (although he did imagine microphones hidden in trees in the countryside!)

While you're keeping your devices' cables disconnected, ensure they can't connect to any wifi either. My own wifi is not only secured with WPA2 and a passkey whose length would do justice to Hamlet's soliloquy, I also have MAC filtering turned on so a device has to be authorised at the router as well as given the passkey.

The other danger is to ensure any other wifi connections detectable from your house are also secured - if a neighbour has an unsecured wifi, offer to secure it for them (I did this with the guy upstairs at no charge; after explaining to him that anyone could connect to his router and steal his internet connection, he was quite happy for me to set up WPA2 for him.) This will ensure that your devices don't go phoning home on someone else's wifi.

Finally, the remaining problem is things like citywide public wifi, or the free wifi offered by places like Starbucks, McDonald's et. al. if there's one near you. This problem is only going to get worse in future. Here in Adelaide, Internode already offers free wifi accessible throughout the CBD, and it won't be long before it pervades the suburbs too. Given that these damned devices tend to automatically leap onto the first available unsecured wifi they can find, this is becoming a very real danger. Once that shit reaches my area, I'm going to be seriously looking at Faraday-shielding my apartment.

1
1
Bronze badge

Re: Which is why…

"When the first big "hack" of a TV or similar happens due to a security flaw in the "supplied at point of sale" firmware, I foresee the consumer protection laws getting a good workout."

really? snowden reveals huge intrusions into our privacy and the government barely utters a squeek and you think anything will happen as a result of some dodgy tellies?

highly optimistic i'd say.

1
0
Bronze badge
WTF?

Re: Which is why…

Which is why I will never EVER connect a washing machine/fridge/microwave/over to a network; they'll just automatically connect themselves via wifi as soon as they get power and charge up their battery backup; just like your leccy meter.

0
0
Silver badge

Re: Which is why…

"There's even a government website which lists all sorts of devices and their expected reasonable life.

Really? Sounds useful. What's the URL?"

For the life of me, I can't find it! It's probably linked from the Sales of Goods Act or similar.

Sale of Goods act does state that you have rights to repair/replace/compensation (eg full or partial refund depending on age) for up to 6 years, but after 6 months it may be up to the consumer to prove the fault was there at manufacture.

0
0
Silver badge

naive question perhaps

I haven't had a tv for a looong time, since before they were 'smart', so I have to ask, why does a tv need a microphone?

@ Steve Davies 3 "What? you don't have any outbound firewall? What's stopping you?"

Read that again. If you suggest putting a firewall behind one's tv as good pratice, things have become very strange indeed without you noticing. Frog boiling comes to mind.

2
1
Silver badge

Re: naive question perhaps

"I haven't had a tv for a looong time, since before they were 'smart', so I have to ask, why does a tv need a microphone?"

RTFA.

"The devices contain microphones and cameras that can be utilised by applications, Skype and similar apps being good examples," Ingram told El Reg.

And as reported in previous El Reg articles, some new TVs can be voice controlled.

6
0
Silver badge

Firewall for Outbound traffic

IMHO makes perfect sense. Easy to block all those Phone Home sites/URL's but with the logs you can get it will tell you who did what when. Then you can keep the rules updated to stop things from talking to sites that they shouldn't be.

Why does 'thing xxxx' keep phoning home? You can stop it at your router.

1
0
Silver badge

Re: Firewall for Outbound traffic

I was watching a Samsung Smart TV last week in a hotel that had the option of 'Voice Recognition'.

I'm now not so sure my first gen d8000 doesn't have a microphone, but I do know it phones home with all the remote control key-presses etc.

It also has a nasty habit of turning itself on and off from standby when it feels like it - very weird the first time that happened in the middle of the night I can tell you.

Smart TV = Shite TV. I like the picture quality, but the rest of it sucks dead donkey balls. As soon as we get a new TV, it won't be 'Smart' and the current one will be delegated to Xbox duties and have no internet connection at all, 4OD be-damned :)

0
0

Re: Firewall for Outbound traffic

Samsung smart TV's 'phone' home at ~1:00am everyday, they switch on for that purpose.

0
0
Silver badge

Internet of Things

White goods live too long to make good tech gear. This is why a pluggable "brain" makes sense. In the case of TV that would be Apple TV, Roku, Chromecast, Android stick or other such that can be swapped out and updated. This should apply to coffee makers, thermostats and refrigerators as well.

Outlets and other home control / monitoring are different in that maintaining a separate brain for each one would be a burden. These need to have minimal intelligence for monitoring and switching, and need to be utterly secure, with the intelligence provided by the home control unit. Otherwise every vulnerability will involve replacing all the outlets and light switches again.

2
0

Re: Internet of Things

I agree. I have never quite understood why TV-size screens are not a product. It is getting hard get a TV which is not "smart" and those that are dumb still have all this stuff on them like card readers, tuners, speakers and some half written semi-smart programs that lets you see youtube or something.

I want a screen and that is that. No firmware to patch, no Internet connection, no usb reader, no nothing. Ok, so there are muppets out there that buy based on the flashy flashy or technobable that a salesman churns out half remembered from the sales brochure, but are we that few geeks out there that there isn't a market for us?

As for the rest of the things with a brain. I completely agree. The biggest thing is also that you get some sort of semi-standardization. There are way too many players and way too many products out there making it impossible to keep all secure. There just isn't enough engineerhours in the world to make them secure in the first place and update over the years. If you fiddle around a little with most new electronic products with some sort of interface and a brain you will usually find glaring bugs and unfinished parts. On a Philips TV the firmware update menu told us to stick in a usb stick and it would write in some sort of html on it. (likely linked to an autorun feature) It did write in an update.html alright. All it contained was in plain text the word "test". We did find the firmware update on their homepage though, it did not update the update feature. The funniest bit is that the TV does have an ethernetplug and connects to a network just fine, so why the usb stick to update. Anyhow, when the product lifecycle is less than three months before the next version is out, then there is no time to do it right.

9
0
Gold badge
Unhappy

mr.K

"I agree. I have never quite understood why TV-size screens are not a product. "

I think Sony or Phillips tried it a long time ago. The suite included a "tuner" module for TV, and I think some kind of sound system upgrade. It was IIRC pretty expensive (this was still the CRT era).

My $0.02 is that people would want such a "monitor" to be better than the standard quality of the whole TV, and I'm not sure it's possible to upgrade the mass screen mfg lines to give you a superior performance

Now we are past the days of co-ax cable being the standard to connect to what interface should it use? HDMI? Ethenet (what speed)?, SCART (for the old folk)?

Personally I think the idea is excellent. Getting a mfg to implement it......

3
0
Bronze badge
Meh

Where will it end?

Got several 'smart' tv sets in our household and when at least two of them are on at the same time all they do is take up all the bandwidth by communicating with each other about what was on last night!

(Me) Erm ... any chance of running the latest update ... or maybe letting me browse the schedules ?

(Tv) Frame hold - and a pause which says 'look buddy you might think that because you paid hard cash for us there's an ownership thing going on here, but we have to put up with the drivel you choose to melt your plasticated mind with, so, no! There are more than 100 channels available here and we're not going to miss any of it, so if you don't mind ...'

[Quote(ish)] from Groucho Marx: "I find the television very intellectually stimulating, whenever it's on in our house, I go and read a book."

6
1
Bronze badge

Reciprocal actions

Could get a lot worse than your TV listening to and watching you. The time to start worrying is when your food has designs on eating you.

4
0
Anonymous Coward

Re: Reciprocal actions

...or when your 'adult novelty toys' decide to... well, the less said the better, really.

2
0
Anonymous Coward

Re: Reciprocal actions

Fleshlight (tm)

1
0
FAIL

Smart TVs

Try and buy a stupid TV, nigh on impossible. Quote from my local TV dealer, "all TVs are smart these days" :-(

3
0
Silver badge

Re: Smart TVs

Unfortunately you are right.

But "smart TV" is the biggest oxymoron ever coined.

Control interfaces designed by people with severe cases of ADHD who have never even heard of a flow chart, 5 zillion ports for, what exactly?, and as another poster pointed out, bandwidth hogging firmware that requires undated that don't work.

A monitor should NEVER need a soft/firmware update. Never. If it does, that means they got it wrong from the factory and you are a sucker.

3
1
Silver badge

Re: Smart TVs

@ecofeco

Just for clarification, having severe ADHD does not automatically result in designing something being unfit for purpose.

For example, I have severe ADHD and design network security systems. My designs and documentation are more easily understood and less error-prone than any other designer I have encountered thus far BECAUSE I have ADHD. I know I make mistakes, so I am always treble-checking my work.

Also, look up Will.I.Am and the stuff he can do.

However, I will agree that a bunch of baboons fighting over a banana trapped inside a keyboard could code a better UI than these damned TV's have.

5
0

No camera or microphone

If you want smart TV (I got one). Just get one that doesn't have a microphone or camera installed. That is the simply way of avoiding this issue.

0
0

Re: No camera or microphone

But if you add then a smart game console (like Xbox with mic and camera) then you end up in same situation.

People tend to have TV's also in their bedrooms where these smart TV's can be used for targeted attacks - for example to record and later use recording for blackmailing.

There is also another attack vector:

As there is now usually many internet connected devices in every home a weakest device can be used to get behind of router firewall and then get access to data shared by other devices.

2
0
Silver badge

Am I missing something with regards to not getting a smart TV?

If you don't want a smart TV, but simply can't buy a dumb one in the type you want, just don't plug it into the internet?

What are you going to lose? The EPG? Plent of other ways of getting that.

6
0
Bronze badge

> just don't plug it into the internet?

Increasingly, smart TVs are equipped with built-in wifi, so inaction is not a solution.

Even if grandma doesn't have any internet connection at all, GCHQ and NSA could still connect to her TV and eavesdrop on her radical terrorist knitting circle.

2
2
Bronze badge
Mushroom

Wifi buil-in TV?

A screwdriver, a pair of scissors, a knife and problem solved.

0
2
Bronze badge

Re: Wifi built-in TV?

> A screwdriver, a pair of scissors, a knife and problem solved.

... and warranty voided.

Good luck explaining to Grandma why her TV is no longer under guarantee after you 'fixed' it.

4
0

Since my WiFi does not broadcast said TV will have trouble connecting via WiFi. None of the neighbours have default passworded routers (I've checked), so the poor TV will have trouble getting online.

IOW you have to setup a Wifi connection, if you don't do so or bork it in software by sending it looking for a non existing proxy then you have the same effect as not connecting the ethernet cable. What do you think the effective range of WiFi is? YMMV in really dense housing instead of semi-detached suburbia like here but the point still stands. WiFi is not long wave radio.

3
0
Black Helicopters

Unfortunately it's worse than that....

http://www.theregister.co.uk/2014/04/02/smarttv_dumb_vuln_philips_hardcodes_miracast_passwords/

So, even if you don't do anything, your TV can itself be a badly secured access point and you are, to use the vernacular, pwned by the dodgy geezer living next door.

First of all the attacker can broadcast video to you.

Secondly they can read USB connected devices.

If there are further weaknesses they might even be able to access said camera / microphone. Not demonstrated in this attack, but the potential is there.

1
0
Silver badge

just don't plug it into the internet?

Increasingly, smart TVs are equipped with built-in wifi, so inaction is not a solution.

Are they also magically hacking said wifi to determine PSK and auto connecting to it? No?

Not a problem then, and inaction would be a perfect solution.

If GCHQ want to listen to you through your TV (and they don't, it's usually MI5 or the police, but no matter), they have MI5 watch your house until you leave, they break in and install a listening device in your TV - just like they did with Ahmed Ali's flat in 2006.

They don't wait until you buy a new Sony, ring up Sony and say "hey, its Bill from MI5 here, gissus a code to connect to the wifi on yous teles".

3
1

Page:

This topic is closed for new posts.