Smart enough to eavesdrop

Druckfreundlich, PDF & E-Mail

There's some ongoing chatter about Samsung's SmartTV privacy policy, which discloses that private conversations overheard by the device may be sent to a third party:

“Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party,”

The privacy policy doesn't identify the third party or give any more information on how, when, and why, this data may be captured.  Chris Matyszczyk (@ChrisMatyszczyk) followed up with Samsung and was given this explanation:

“Samsung does not retain voice data or sell it to third parties. If a consumer consents and uses the voice recognition feature, voice data is provided to a third party during a requested voice command search. At that time, the voice data is sent to a server, which searches for the requested content then returns the desired content to the TV.”

It seems pretty straightforward.  Robust voice recognition technologies require processing that often takes place on a remote server.  Without this server and the connectivity to reach it, voice recognition simply can't do what we expect.  Does anyone really believe that the Samsung SmartTV can “find me an action movie” without the help of some big brain on the back end?

I asked Steve Pao what he thought of all this.  Steve is our GM Security Business, and he had a few interesting things to say:

This is actually very common.  Think about your mobile phone.  It has speakerphone capability, awesome battery life, storage space, voice recognition capability, processing power, and voice and data network access.  If you enable “Hey Siri,” you are already configuring the iPhone to be always listening for commands.  A bad guy could theoretically hack an iPhone and configure it to send audio snippets over the voice (MMS) or data network.   Samsung is just making it clear that when it’s listening in the background, it might catch something by accident the way that “Hey Siri” might catch something.  This is a tradeoff between having great features and security/privacy.

Vendor selection is key when it comes to protecting yourself from malicious use of your data.  Vendors should be doing the right things to respect consumer privacy, which includes implementing the right security measures to ensure they are not hacked.  They should also make their communications protocols transparent to white hat security researchers and security technology providers.  This will help create a system of proper checks and balances.

Some vendors use advanced encryption to prevent hacks like man-in-the-middle attacks.  iMessage is a good example of this.  Personally, I believe this kind of encryption is the future.

Smart devices are here to stay, and they're bound to get smarter as consumer expectations continue to rise.   Samsung's SmartTV is an easy target right now, but it isn't new, and it isn't the only device to open a doorway into your home.   Consumers need to be aware of how these things work.  A smart device is a connected device, and almost always listening for its name.

Nach oben scrollen