Owners of Samsung smart TVs need to watch what they say if they’ve activated the voice recognition feature on these devices.
Further, Samsung may collect, and the device may capture, voice commands and associated texts to evaluate and improve the feature.
The information has sparked considerable comment in the media since it was first published in The Daily Beast.
If voice recognition is going to be on all the time, “that seems like really poor design, and certainly represents a privacy risk,” commented Justin Brookman, director of the consumer privacy project at the Center for Democracy & Technology.
“Google has a decent approach to this,” Brookman said, “The phone listens for you to say “OK, Google” and then anything after that goes to Google for processing.”
Users can turn off, or not enable, voice recognition, but that will prevent them from using interactive voice recognition commands, Samsung said. And, while this will prevent the company from collecting spoken words, it may still collect associated texts and other usage data for analysis.
A Samsung spokesperson told The Daily Beast that users could disconnect the TV from the home WiFi network, although that raises the question of why anyone should purchase a smart TV set and then use it as an ordinary dumb TV.
“Consumers who are really concerned about privacy don’t have to buy Samsung Smart TVs,” remarked Mike Jude, a manager at the Stratecast service of Frost & Sullivan. “There are a lot of smart TVs out there.”
Samsung did not respond to our request to comment for this story.
The Threat of Smart TVs
Concerns about smart TVs recording voice commands or transmitting them to third parties may not be overblown.
Smart TVs can be hacked into and used to spy on their owners, security experts at Italian firm ReVuln warned back in 2012, when they posted a video demonstrating how to hack a Samsung Smart TV by exploiting a zero-day vulnerability.
“Users need to have more power over the devices that they’re buying and bringing into their houses,” Parker Higgins, an activist at the Electronic Frontier Foundation, told TechNewsWorld.
It would “go a long way [if] users…[could] really look at the security of these devices and…replace the software if they want to,” Higgins suggested.
Security “is a real concern, no matter how this product is deployed,” the CDT’s Brookman said. Concerns over security will impede the adoption of the Internet of Things because, “for a lot of products, the value proposition just isn’t worth the potential threat.”
Back in 2013, LG smart TV owner DoctorBeet reported that his device logged what he was watching and sent the data back to the company’s servers without encrypting it, whether or not he had this option enabled.
The news caused a furor, and LG eventually explained that the TV did not collect or retain personal data, and that it would issue a firmware update to resolve the problem.
Still, security and privacy issues “should be an engineering concern at the companies that are building these [devices],” suggested the EFF’s Higgins.
The Bigger Picture
“The larger issue is that there’s an inverse correlation between embedded intelligence and privacy,” Jude posited.
Much of the intelligent functionality in a voice-activated feature, like Apple’s Siri, “is deep voice and context analysis that literally takes what we called supercomputing 20 years ago” and that’s processed in the cloud, Jude said.
In that case, “you will have to accept [the intelligence] will be provided as a utility from the cloud and, whenever something’s in the cloud, there’s the potential of its being hacked,” Jude pointed out. Sure, intelligent devices are useful, but “be careful what you ask for.”