2

We can read on Wikipedia page (about Weeping Angel) that Samsung smart televisions can be hacked by hackers which allows them to record conversations in the room and send it over the internet even if the TV appears to be off.

How exactly does the bug work and how can I know whether a specific Samsung smart television model is safe from this exploit?

Henry WH Hack v3.0
  • 2,109
  • 2
  • 23
  • 37
kenorb
  • 799
  • 4
  • 8
  • 27
  • 1
    Why care whether it's vulnerable or not? Just don't connect it to a network and it'll be safe. – André Borie Mar 11 '17 at 15:04
  • 2
    If you'd like to watch some YouTube videos or Netflix movies, the connection to network is needed. Disconnecting network completely isn't a great solution to the problem. – kenorb Mar 11 '17 at 15:06
  • Would you trust Samsung with making a secure network-connected device and keeping it up to date? They can't even do it with their phones, do you really think they will be able to do so with their TV? Use a computer/Apple TV/Chromecast instead. – André Borie Mar 11 '17 at 15:12
  • 1
    While it's not an answer to your question, you can minimize the time you're exposed to a possible exploit by cutting power to your TV when you're not using it. with cutting power I don't mean turning it off with the remote; I'm talking about having something with an on/off switch between the TV and the socket. – Out of Band Mar 11 '17 at 16:51

2 Answers2

3

A partial answer:

Which models are safe

All models which don't have any microphones built-in.

How this bug exactly works

The how is easy. If your TV has a microphone (for example your remote might have one to enable you to control the TV via voice recognition), an attacker can turn on the microphone, record everything that it picks up and send it to a server on the internet where it can be picked up by an attacker. This is the same kind of attack that can be done on smart phones, except that there an attacker can also turn on the camera without your knowledge. This is why some people put a tape over the front camera of their smartphone and the builtin webcams of their laptops.

While André's suggestion not to connect the TV to a network might not be practicable, it's really the only way to be sure that your TV doesn't spy on you (the microphone recording is the biggest problem, but the TV can also spy on you by recording what you watch and when you watch it). I'm pretty sure netflix does this as a normal part of their business.

Another solution, if you're not afraid of operating on your TV set, would be to physically disconnect the microphone.

Out of Band
  • 9,150
  • 1
  • 21
  • 30
  • This exploit is much harder in phones and PCs. Only malicious apps with root access will be able to turn on microphone and camera in phones without permission. In PCs they might be able to turn on microphone but turning camera would be visible due to the LED. Firmwares in TV are more vulnerable to exploits. Attacker can wait for TV to be online and he may find loophole to inject his program into the firmware which will boot as soon as you turn on TV. – defalt Mar 11 '17 at 19:10
1

The TV is not "hacked" the Samsung User Manual Privacy Policy says in the Fine Print: "capture voice commands and associated texts so that we can provide you with Voice Recognition features and evaluate and improve the features" - it's a Diagnostic Test Mode.

The TV may appear to be Off but there's a blue light on the back that is On.

To disable: Head to your television’s settings menu, choose “Smart Features” and then move down to the “Voice Recognition” feature and switch it off.

Rob
  • 530
  • 1
  • 3
  • 11
  • After following these instructions is it really safe? Could it then actually be hacked such that it’s still listening? – Geoff Jul 22 '20 at 20:48
  • @Geoff, a burglar can always break in and change the settings. There [are many things](https://news.uchicago.edu/story/how-hackers-could-use-wi-fi-track-you-inside-your-home) to guard against. – Rob Jul 22 '20 at 23:26