By Jeremy Hsu on September 24, 2024
Popular smart TV models made by Samsung and LG can take multiple snapshots of what you are watching every second – even when they are being used as external displays for your laptop or video game console.
Smart TV manufacturers use these frequent screenshots, as well as audio recordings, in their automatic content recognition systems, which track viewing habits in order to target people with specific advertising. But researchers showed this tracking by some of the world’s most popular smart TV brands – Samsung TVs can take screenshots every 500 milliseconds and LG TVs every 10 milliseconds – can occur when people least expect it.
“When a user connects their laptop via HDMI just to browse stuff on their laptop on a bigger screen by using the TV as a ‘dumb’ display, they are unsuspecting of their activity being screenshotted,” says Yash Vekaria at the University of California, Davis. Samsung and LG did not respond to a request for comment.
Vekaria and his colleagues connected smart TVs from Samsung and LG to their own computer server. Their server, which was equipped with software for analysing network traffic, acted as a middleman to see what visual snapshots or audio data the TVs were uploading.
They found the smart TVs did not appear to upload any screenshots or audio data when streaming from Netflix or other third-party apps, mirroring YouTube content streamed on a separate phone or laptop or when sitting idle. But the smart TVs did upload snapshots when showing broadcasts from the TV antenna or content from an HDMI-connected device.
The researchers also discovered country-specific differences when users streamed the free ad-supported TV channel provided by Samsung or LG platforms. Such user activities were uploaded when the TV was operating in the US but not in the UK.
By recording user activity even when it’s coming from connected laptops, smart TVs might capture sensitive data, says Vekaria. For example, it might record if people are browsing for baby products or other personal items.
Customers can opt out of such tracking for Samsung and LG TVs. But the process requires customers to either enable or disable between six and 11 different options in the TV settings.
“This is the sort of privacy-intrusive technology that should require people to opt into sharing their data with clear language explaining exactly what they’re agreeing to, not baked into initial setup agreements that people tend to speed through,” says Thorin Klosowski at the Electronic Frontier Foundation, a digital privacy non-profit based in California.
Yeah. My Samsung claws my firewall like a squirrel trapped in a box. It intensifies on certain hours of the day. I’m quite sure it also tries to send what devices are connected and filenames are in attached memory sticks. Maybe also some media file checksums.
Do your firewall rules allow you to block your tv’s telemetry, while allowing you to still use the internet on it? If so, would you mind sharing how you did it?
You should look into PiHole, if you’re half-savvy with computers. They should be able to block all the destinations smart TVs are trying to connect to
Sinkholes can be negated by manufacturers using static, hardcoded dns addresses. Be careful and don’t check traffic regularly.
And those can be blocked and even redirected at the router level. Though not as simple as spinning up a pihole.
Actually simpler, if you have an Asus router. Just remember to disable its telemetry stuff…
… Sending telemetry to Asus about the TV sending telemetry to LG? Wtf is this timeline?
We are on the “let’s see how back corporate greed can get” simulation server.
And they do. My Philips TV didn’t even ask for DNS until hardcoded IPs for Netflix et al. timed out. And when it did, it asked Google, not my router.
This is why you need to do DNS hijacking to handle hardcoded DNS requests.
Very easy to circumvent
Pi hole won’t help.
Not if you never connect your smart TV to the internet to complete the setup and instead use it as a dumb display (I hope)
For example, it might record if people are browsing for baby products or other personal items.
Don’t mind baby products and dildos or whatever.
They could see bank activity and even login credentials when someone is temporarily displaying their own passwords.
This basically ignores all security measures regarding everything. Sensitive communication, company secrets and so on.
That’s fucking seriously huge. What the fuck?!
Don’t buy them, they are excessively expensive and tt’s a better idea to separate the smart functionality into an HDMI device of your choice anyway.
These are criminal violations of the Computer Fraud and Abuse Act. Jail the motherfucking felon CEOs!
So LG and Samsung likely have tons of illegal (copyright) content on their servers then? Ownership is 9/10ths of the law so they say. That’s gotta be exabytes
Most likely yes… And other privacy sensitive information like banking details, passwords and more.
But the supreme court ruled to save the conviction for the election.
Worse than that, they have free speech to corporations, and now that includes doing nearly anything involving communication or spending money.
You know what’s really fucked up? The concept of “corporate personhood” that Citizens United depends upon was invented wholesale by a goddamn clerk! The Santa Clara County v. Southern Pacific Railroad Co. decision itself didn’t actually address the issue; the clerk just wrote a headnote “assuming” that the Equal Protection Clause of the 14th Amendment applied to corporations for ~reasons~ and subsequent courts treated as if it were gospel.
On politics itself no less.
I’ll believe corporations are people the moment Texas executes ones.
Friendly reminder that gaming console monitors, computer monitors, projectors, dumb TVs, and commercial displays exist.
Yes, I could hack a smart TV to disable its networking capabilities. (Merely withholding my wifi password is not reliable.) But that would still be showing the manufacturers that I find spyware TVs acceptable, and supporting the production of those models.
Also, this would be a good time to pressure our legislators into criminalizing this nonsense.
Not putting your WiFi password in would absolutely be reliable. I’d love to hear your ideas on how they’d remotely break into your WiFi Network
Remember how Comcast routers made that ghost mesh network?
And Amazon sidewalk.
Any link to news? This is my first time heard of this.
I don’t have a link but Comcast offered a get WiFi anywhere option for their customers where they could use anyone’s combination modem/router from Comcast to get online with their company credentials. This was (is?) impossible to disable.
Sounds standard for Comcast or whoever they are now. Couldn’t find anything though. Curious
Not putting your WiFi password in would absolutely be reliable.
No, it would not.
I’d love to hear your ideas on how they’d remotely break into your WiFi Network
They wouldn’t, of course.
However, your network is not the only network in the world, and WiFi is not the only transport in the world. Neighbors exist. Open guest networks exist. Drive-by and fly-by networks exist. Mesh networks exist. Bluetooth, LoRa, cellular, etc. etc. etc. Maybe you live on an isolated mountain top where these things are unlikely to reach you (at least until satellite network links become smaller and cheaper), but even that is not absolute, and most of us don’t.
Unless you disassemble your TV and examine all the components within, and know what they do, it could have any of these capabilities.
Also, given how prevalent multi-network support is becoming in electronics integration, it is not unusual at all for hardware functionality to be dormant at first but available for activation later.
I’d love for you not to be adversarial.
To add to this, often, even if you turn off Bluetooth, your devices can still communicate via Bluetooth Low Energy, something that’s separate from classic Bluetooth and typically (to my knowledge) cannot be turned off. As an example, I’ve heard that Google uses it to send ad targeting info between devices.
If you have a samsung phone in the house, it can connect to the TV and give it a hotspot of sorts. This is a hypothetical, not real (yet!)
Why is withholding the WiFi password not enough? Could they somehow piggyback off a different device or something?
I’ve heard that some of them will connect to any wifi available. So if your neighbor does not have a password on their network. The tv will connect and upload the data.
Yes. It could talk to another smart device and ask it to send its packages. You could be careful and connect none of the smart crap in your house to your network, but the smart fridge in your upstairs neighbor’s kitchen could still be helping with smuggling your data out. Or your devices could be connected to some unsecured network around.
In any case, the only surefire way to stop your data from getting smuggled out is to physically kill all the wireless connectivity capabilities of the device. Disconnect antennae, desolder chips, scrape out pcb traces. Otherwise you’re just hoping the firmware is not doing anything funny. Fortunately I think these are all hypotheticals that have not (yet) been observed in real smart home products.
but the smart fridge in your upstairs neighbor’s kitchen could still be helping with smuggling your data out
I can understand that if you have a Samsung TV and a Samsung fridge, they can talk with each other. But will it work if you have a fridge from a different OEM? (I’m assuming the OEMs haven’t formed a cartel for illegal data smuggling)
Good question. Please see my follow-up comment.
dumb TVs
Only one company makes Dumb TVs anymore, Sceptre, and the quality is very hit or miss due to the way they acquire their screens.
It’s also harder to find them in larger sizes any more, even for the few for which sell them at all, so if you want a larger one, you may not have much by way of options.
https://assetbasedlife.com/dumb-tvs-are-a-dying-breed/
This lists Insignia, which is a Best Buy store brand.
This has a couple, at least as of last year:
https://www.tomsguide.com/features/dumb-tvs-heres-why-you-cant-find-them-anymore
Your best bet of grabbing one is to head over to Best Buy and look out for the Insignia brand of TVs. There you can find a 43-inch dumb TV for around $169 or a 32-inch model for $69 . (Links to Best Buy.)
On Amazon, you can simply search for dumb TV and you should be able to find a few options from manufacturers like Westinghouse, RCA or Sceptre. (Links to Amazon.)
It’s also possible to buy a used TV, but obviously, as with getting used cars to avoid monitoring stuff in newer cars, the pool of those will only be around for so long, and you can’t take advantage of any technological advances subsequent to them.
Plenty of companies make display TVs that only display commercial content. You see them all the time displaying menus in fast food restaurants.
These can also have all smart tech turned off because some companies also use them as digital whiteboards to display proprietary or confidential information.
Those typically come at commercial pricing, which is insane.
I would hardly consider that pricing insane. Consumer TVs are massively subsidized by the smart tech built into them, in some cases by up to 60%. Plus, they are often fragile with cheaper components because they are expected to be mounted in “safe” places away from unusual conditions or extreme temperatures.
Considering the more robust construction (for commercial use) and lack of subsidization, I would consider those prices to be spot-on and rather reasonable.
Those commercial displays are nothing but heavily stripped down TVs with anything unnecessary to being a advertising display removed. and maybe a tiny, grossly overpriced and heavily cut down computer built into it to run the slideshows/menus/whatever.
also, TVs in a certain size range are generally cheap because manufacturing has gotten to the point that each mother can produce a ton of screens for it. and the reason that cheap range size has gone up over the years is because improvements in the printing technology and the size of the mother glass.
Earlier this month I finally disconnected the wifi for my 7 year old Roku TV. I miss being able to turn it on w/ voice activation but I’ll trade that in for my privacy
So how do you all guys watch content on these “dumb TVs”?
If you connect e.g. android box, how is it any different than connecting the TV itself? Do you think producers of android boxes aren’t such pricks? This bugs my mind.
best way is a mini pc you can put an open source OS on
then you totally control it. they can be found cheap used and are usually upgradable
they are thrown out by schools and buisnesses all the time. it does not have to be very powerful by pc standards
it can also be your first home server if youre interested
But that is terrible to use. I can’t imagine my kids or wife to use this with TV…
no, not true you can put whatever you want on it. ours boots into a nice tv like ui and they open stremio with a remote and thats it
its up to you to make it nice and easy
the user experience is not radically different from a corporate experience except its faster and without ads or spying
They’re eating the dogs. 😊
Use a pihole people, don’t go barebacking the internet
mine would be getting only choppy static more than anything. where i live there is only sattelite available and it costs more than cable
So I guess they learned nothing from the last class action lawsuit https://topclassactions.com/lawsuit-settlements/lawsuit-news/lg-samsung-sony-class-action-alleges-smart-tv-privacy-violations/. Also reminded me of this past gem from LG: https://arstechnica.com/information-technology/2013/11/lg-smart-tv-snooping-extends-to-home-networks-second-blogger-says/.
The amount of effort i had to put into buying a dumb tv the last time it was new tv time is positively infuriating.
I couldn’t even find one last time
Yup. When we went to buy a TV I knew this was happening because the smart TVs with wifi and extra hardware and software were cheaper than the dumb TVs. Nothing is free, I knew they had to be doing this shit.
Cool. I’ve already got more books than I’ll be able to finish before I die. Might as well get back into reading. Fuck those bastards.
/song note emoji/I always feel like/end song note emoji/
Buy a computer monitor, a projector or a commercial display instead, they tend to be dumb.
Alternatively, don’t connect your TV to the internet (bear in mind some are wireless). Unplug it from the wall when not in use.
As if Microsoft’s Recall wasn’t enough…
awful ethics aside what a disgusting waste of processing power. software already barely runs
now you know why
Screenshotting every 500ms is insane.
Even a 0.30$ ch32v003 could handle this tiny amount of data. It’s not a resource limit
I was curious enough to check and with 2KB SRAM that thing doesn’t have anywhere enough memory to process a 320x200 RGB image much less 1080p or 4K.
Further you definitelly don’t want to send 2 images per-second down to a server in uncompressed format (even 1080p RGB with an encoding that loses a bit of color fidelity to just use two bytes per pixel, adds up to 4MB uncompressed per image), so its either using something with hardware compression or its using processing cycles for that.
My expectation is that it’s not the snapshoting itself that would eat CPU cycles, it’s the compression.
That said, I think you make a good point, just with the wrong example - I would’ve gone with: a thing capable of handling video decoding at 50 fps - i.e. one frame per 20ms - (even if it’s actually using hardware video decoding) can probably handle compressing and sending over the network two frames per second, though performance might suffer if they’re using a chip without hardware compression support and are using complex compression methods like JPEG instead of something simpler like LZW or similar.
Why think of it as a compression problem? Isn’t the spy device already getting compressed video form some source? That makes it a filtering problem. You would set it to grab and ship key frames (or equivalent term) if you wanted a human to be able to see the intel. But for content matching, maybe count some interval of key frames and then grab the smallest difference frame between the next two key frames. Gives a nice, premade small data chunk. A few of those in sequence starts looking like a hash function (on a dark foggy night).
Would want some way to sync up the frames that the spy device grabs and the ones grabbed when building the db to match against. Maybe resetting the key frame interval counter when some set of simple frames come through would be enough. Like anything with a uniform color across the whole image or something similar.
Just spitballing here. I like your impulse to math this.
We’re talking about fingerprinting stuff coming in via HDMI, not stuff being played by the “smart” part of the TV itself from some source.
You would probably not need to actually sample images if it’s the TV’s processor that’s playing something from a source, because there are probably smarter approaches for most sources (for example, for a TV channel you probably just need to know the setting of the tuner, location and the local time and then get the data from available Program Guide info (called EPG, if I remember it correctly).
The problem is that anything might be coming over HDMI and it’s not compressed, so if they want to figure out what that is, it’s a much bigger problem.
Your approach does sound like it would work if the Smart TV was playing some compressed video file, though.
Mind you, I too am just “thinking out loud” rather that actually knowing what they do (or what I’m talking about ;))
I don’t think they will compress the screenshot and send them but run content in a tensorflow lite model or even just hash a few of the pixels to try for an ID match
Well that makes sense but might even be more processor intensive unless they’re using an SOC that includes an NFU or similar.
I doubt it’s a straight forward hash because a hash database for video which includes all manner of small clips and has to somehow be able to match something missing over 90% of frames (if indeed the thing is sampling it at 2 fps, then it only sees 2 frames out of every 25) would be huge.
A rough calculation for a system of hashes for groups of 13 frames in a row (so that at least one would be hit if sampling at 2 fps on a 25 fps system) storing just one block of 13 frame hashes per minute in a 5 byte value (so large enough to have 5 trillion distinctive values) would in 1GB store enough hashes for 136k 2h movies in hashes alone so it would be maybe feasible if the system had 2GB+ of main memory, though even then I’m not so sure the CPU speed would be enough to search it every 500ms (though if the hashes are ordered by value in a long array and there’s a matching array of clip IDs, it might be doable since there are some pretty good algorithms for that).
I would sample a few dozens equally space pixels out of the frame, then drop similar value frames, and send that with timestamp. In the cloud, you runs those few pixels in a content recognition model.
It doesn’t have to be especially accurate or know any niche content, the point is to make a psychomarketing profile of the customer like “car guy, watches tool reviews”.
TVs I’ve come across are such displeasure to use, it’s incredible
