By Jeremy Hsu on September 24, 2024
Popular smart TV models made by Samsung and LG can take multiple snapshots of what you are watching every second – even when they are being used as external displays for your laptop or video game console.
Smart TV manufacturers use these frequent screenshots, as well as audio recordings, in their automatic content recognition systems, which track viewing habits in order to target people with specific advertising. But researchers showed this tracking by some of the world’s most popular smart TV brands – Samsung TVs can take screenshots every 500 milliseconds and LG TVs every 10 milliseconds – can occur when people least expect it.
“When a user connects their laptop via HDMI just to browse stuff on their laptop on a bigger screen by using the TV as a ‘dumb’ display, they are unsuspecting of their activity being screenshotted,” says Yash Vekaria at the University of California, Davis. Samsung and LG did not respond to a request for comment.
Vekaria and his colleagues connected smart TVs from Samsung and LG to their own computer server. Their server, which was equipped with software for analysing network traffic, acted as a middleman to see what visual snapshots or audio data the TVs were uploading.
They found the smart TVs did not appear to upload any screenshots or audio data when streaming from Netflix or other third-party apps, mirroring YouTube content streamed on a separate phone or laptop or when sitting idle. But the smart TVs did upload snapshots when showing broadcasts from the TV antenna or content from an HDMI-connected device.
The researchers also discovered country-specific differences when users streamed the free ad-supported TV channel provided by Samsung or LG platforms. Such user activities were uploaded when the TV was operating in the US but not in the UK.
By recording user activity even when it’s coming from connected laptops, smart TVs might capture sensitive data, says Vekaria. For example, it might record if people are browsing for baby products or other personal items.
Customers can opt out of such tracking for Samsung and LG TVs. But the process requires customers to either enable or disable between six and 11 different options in the TV settings.
“This is the sort of privacy-intrusive technology that should require people to opt into sharing their data with clear language explaining exactly what they’re agreeing to, not baked into initial setup agreements that people tend to speed through,” says Thorin Klosowski at the Electronic Frontier Foundation, a digital privacy non-profit based in California.
LOL “if it was opt-in, no one would do it!”
no fucking shit. there is nothing worth watching that i would buy a smart tv for
if it was opt-in, no one would do it!
Which should be telling them that not only does no one want it, but maybe just maybe we already paid for your fucking TV. Either raise the price or stop being so fucking goddamn greedy to the point that you force us to make the government force you to stop.
Of course the bought and paid for US government won’t, but hopefully EU governments will.
If they raise the price, then they only get money once. If they sell your data, now they have an income stream.
One issue that has come up recently in discussions on here is that it’s hard to get dumb TVs or computer monitors in large format in 2024.
Not impossible, but surprisingly difficult. I went looking for a large computer monitor for some user who wanted a large one. I eventually found an older one on Amazon still for sale, but it’s not that easy to get large computer monitors, which I think is part of what drives people to use smart TVs as computer monitors.
You can get projectors, but that’s not what everyone’s after.
A smart tv without an internet connection is usually close enough to a dumb TV. It’s not like your TV needs regular security updates so leaving it off your home network is fine.
I do not know how true it is, but I’ve heard that some of them will create a mesh network if your neighbor has the same brand and it’s connected to the internet.
I’ve always meant to look into it but I have big dumb TVs that work for now.
Open the tv and rip out the antenna. Y’all already forgot the classic secret agent trope of checking the hotel room for bugs? Now we all get to play that game!
Nowadays the antenna is often embedded into the pcb, so no way to rip it out other than scraping off the traces
Google part numbers (if they aren’t scratched off/lasered off/ epoxied). Once you’ve found the ethernet controller, you can short out the pins, or yeet it off the board.
“mechanical malfunction, please contact support” as a big red warning that you cannot dismiss
It’s called wardriving, a practise Samsung TVs are infamous for.
I never put that together with wardriving but that’s exactly what it is. Thank you for that.
Unrelated story: ~20 years ago I was in the military and broke as hell. I went wardriving in my neighborhood looking for open wifi and found a business not too far away that had it. So I built an antenna out of a coffee can, mounted it up just outside my window, and got free wifi for months.
To me, Wardriving is back in the day when you used to drive around town with a laptop and a program that catalogues all the open wifi networks in range.
Would love to know how true this is as I wouldn’t put it past manufacturers
There’s another reply further down that goes into specifics. I ain’t the one because I didn’t come with receipts and I’m just a drunk.
I will not give them the satisfaction.
Smart TVs are only smart when they are connected to the internet.
As mentioned by others, they sometimes network with nearby devices such as your neigbor’s TV or an unsecured wifi.
You hear that? It’s a whisper… It’s a multinational multibillion dollar class action lawsuit coming after Samsung and LG. WTF!
I run a pi hole and it blocks 1000 attempts per minute from a single Samsung TV, then it outright denies requests from the tv. Duck those douches.
DNS sinks can often cause elevated traffic numbers because the client is constantly failing and retrying.
I bet if you enabled it to test the numbers would drop dramatically.
Causing the smart TV become even slower hahaha
Those are just dns lookups.
It’s not just DNS. I have this rule in my firewall:
udp dport 15600 counter drop comment "Block Samsung TV shenanigans"So far, it has blocked 20575 packets (constituting 1304695 bytes) in 6 days and 20 hours.
I also see it with Wireshark on my network using the
udp.port == 15600filter.It could also be the f*king soundbar?? https://github.com/home-assistant/core/issues/34810#issuecomment-621507325
Dynamic Host Configuration Protocol (DHCP) called Boot Server Discovery Protocol (BSDP), which is displayed in the data package section (version 0.1?).
No wonder these things operate slow as shit!
The only sensible way to operate these TVs is with no internet connection. We run our entertainment through an AppleTV. If that ever starts showing ads at rest, I’ll replace it with a Mac mini or a NUC. Fuck these companies and their race to the bottom.
Time should have stopped to 1999.
They collect all this data and then still cancel the most watched/best shows.
Morons.
Mine isn’t connected to the internet. Too bad so sad greedy fucks
Do not connect your Smart TVs to network people, seriously. Just a bad idea. Use a media center PC or some other device that allows you to stream content, and make sure the TV itself is just a big monitor, nothing more.
Friendly reminder that gaming console monitors, computer monitors, projectors, dumb TVs, and commercial displays exist.
Yes, I could hack a smart TV to disable its networking capabilities. (Merely withholding my wifi password is not reliable.) But that would still be showing the manufacturers that I find spyware TVs acceptable, and supporting the production of those models.
Also, this would be a good time to pressure our legislators into criminalizing this nonsense.
dumb TVs
Only one company makes Dumb TVs anymore, Sceptre, and the quality is very hit or miss due to the way they acquire their screens.
It’s also harder to find them in larger sizes any more, even for the few for which sell them at all, so if you want a larger one, you may not have much by way of options.
https://assetbasedlife.com/dumb-tvs-are-a-dying-breed/
This lists Insignia, which is a Best Buy store brand.
This has a couple, at least as of last year:
https://www.tomsguide.com/features/dumb-tvs-heres-why-you-cant-find-them-anymore
Your best bet of grabbing one is to head over to Best Buy and look out for the Insignia brand of TVs. There you can find a 43-inch dumb TV for around $169 or a 32-inch model for $69 . (Links to Best Buy.)
On Amazon, you can simply search for dumb TV and you should be able to find a few options from manufacturers like Westinghouse, RCA or Sceptre. (Links to Amazon.)
It’s also possible to buy a used TV, but obviously, as with getting used cars to avoid monitoring stuff in newer cars, the pool of those will only be around for so long, and you can’t take advantage of any technological advances subsequent to them.
Plenty of companies make display TVs that only display commercial content. You see them all the time displaying menus in fast food restaurants.
These can also have all smart tech turned off because some companies also use them as digital whiteboards to display proprietary or confidential information.
Those typically come at commercial pricing, which is insane.
I would hardly consider that pricing insane. Consumer TVs are massively subsidized by the smart tech built into them, in some cases by up to 60%. Plus, they are often fragile with cheaper components because they are expected to be mounted in “safe” places away from unusual conditions or extreme temperatures.
Considering the more robust construction (for commercial use) and lack of subsidization, I would consider those prices to be spot-on and rather reasonable.
Those commercial displays are nothing but heavily stripped down TVs with anything unnecessary to being a advertising display removed. and maybe a tiny, grossly overpriced and heavily cut down computer built into it to run the slideshows/menus/whatever.
also, TVs in a certain size range are generally cheap because manufacturing has gotten to the point that each mother can produce a ton of screens for it. and the reason that cheap range size has gone up over the years is because improvements in the printing technology and the size of the mother glass.
Not putting your WiFi password in would absolutely be reliable. I’d love to hear your ideas on how they’d remotely break into your WiFi Network
Not putting your WiFi password in would absolutely be reliable.
No, it would not.
I’d love to hear your ideas on how they’d remotely break into your WiFi Network
They wouldn’t, of course, nor did I say they would.
(But since you brought it up, we have already seen internet providers quietly using their CPE to create special-purpose wireless networks surrounding customers’ homes. These could obviously be made available to any company that paid the ISP for access, just as cellular networks have been made available to companies like OnStar. So a TV could do this with a business deal rather than breaking in to your normal WiFi.)
However, your network is not the only network in the world, and WiFi is not the only kind of link. Neighbors exist. Open guest networks exist. Drive-by and fly-by networks exist. Mesh networks exist (and are already created by devices like Amazon Echo). Power line networking exists. Bluetooth, LoRa, cellular, etc. etc. etc. Maybe you live on an isolated mountain top where these things are unlikely to reach you (at least until satellite links become a little smaller and cheaper) but even that is not absolute, and most of us don’t.
Unless you disassemble your TV and examine all the components within, and know what they do, it could have any number of these capabilities.
Also, partly due to how prevalent multi-network support is becoming in electronics integration, it is not unusual for related functionality to be dormant at first yet possible to activate later.
I’d love for you not to be adversarial, and to learn more about a topic before making bold claims about it in absolute terms.
To add to this, often, even if you turn off Bluetooth, your devices can still communicate via Bluetooth Low Energy, something that’s separate from classic Bluetooth and typically (to my knowledge) cannot be turned off. As an example, I’ve heard that Google uses it to send ad targeting info between devices.
Remember how Comcast routers made that ghost mesh network?
And Amazon sidewalk.
Any link to news? This is my first time heard of this.
Sounds standard for Comcast or whoever they are now. Couldn’t find anything though. Curious
I don’t have a link but Comcast offered a get WiFi anywhere option for their customers where they could use anyone’s combination modem/router from Comcast to get online with their company credentials. This was (is?) impossible to disable.
If you have a samsung phone in the house, it can connect to the TV and give it a hotspot of sorts. This is a hypothetical, not real (yet!)
Why is withholding the WiFi password not enough? Could they somehow piggyback off a different device or something?
I’ve heard that some of them will connect to any wifi available. So if your neighbor does not have a password on their network. The tv will connect and upload the data.
Yes. It could talk to another smart device and ask it to send its packages. You could be careful and connect none of the smart crap in your house to your network, but the smart fridge in your upstairs neighbor’s kitchen could still be helping with smuggling your data out. Or your devices could be connected to some unsecured network around.
In any case, the only surefire way to stop your data from getting smuggled out is to physically kill all the wireless connectivity capabilities of the device. Disconnect antennae, desolder chips, scrape out pcb traces. Otherwise you’re just hoping the firmware is not doing anything funny. Fortunately I think these are all hypotheticals that have not (yet) been observed in real smart home products.
but the smart fridge in your upstairs neighbor’s kitchen could still be helping with smuggling your data out
I can understand that if you have a Samsung TV and a Samsung fridge, they can talk with each other. But will it work if you have a fridge from a different OEM? (I’m assuming the OEMs haven’t formed a cartel for illegal data smuggling)
Good question. Please see my follow-up comment.
Don’t let your TV connect to the internet. I have mine on my wifi so I can control them using Home Assistant, but they’re on an isolated VLAN with no internet access.
Edit: Of course, this only works if you use an external box for streaming, like an Nvidia Shield, Apple TV, Google Chromecast TV or whatever they call it now, etc.
The question now is, even if I don’t connect the TV to Internet, what TV brand should I buy? Currently I have LG, but no way I’m supporting that even without Internet connection.
Buy a computer monitor, a projector or a commercial display instead, they tend to be dumb.
Alternatively, don’t connect your TV to the internet (bear in mind some are wireless). Unplug it from the wall when not in use.
As if Microsoft’s Recall wasn’t enough…
Not if you never connect your smart TV to the internet to complete the setup and instead use it as a dumb display (I hope)
I hope they enjoy my 25 million screenshots of Buffy, Angel, and Stargate.
