Owners of Samsung smart TVs need to watch what they say if they've
activated the voice recognition feature on these devices.
The
feature may transmit some voice commands, together with information about the
device, to a third-party service that converts speech to text,Samsung's global privacy
policy warns.
Further,
Samsung may collect, and the device may capture, voice commands and associated
texts to evaluate and improve the feature.
The
information has sparked considerable comment in the media since it was first
published in The Daily Beast.
If voice
recognition is going to be on all the time, "that seems like really poor
design, and certainly represents a privacy risk," commented Justin
Brookman, director of the consumer privacy project at the Center for Democracy & Technology.
"Google
has a decent approach to this," Brookman said, "The phone listens for
you to say "OK, Google" and then anything after that goes to Google
for processing."
Available Alternatives
Users can turn off, or not enable, voice recognition, but
that will prevent them from using interactive voice recognition commands,
Samsung said. And, while this will prevent the company from collecting spoken
words, it may still collect associated texts and other usage data for analysis.
A Samsung spokesperson told The Daily Beast that users could
disconnect the TV from the home WiFi network, although that raises the question
of why anyone should purchase a smart TV set and then use it as an ordinary
dumb TV.
"Consumers who are really concerned about privacy don't
have to buy Samsung Smart TVs," remarked Mike Jude, a manager at the Stratecast
service of Frost & Sullivan.
"There are a lot of smart TVs out there."
Samsung did not respond to our request to comment for this
story.
The Threat of Smart TVs
Concerns about smart TVs recording voice commands or
transmitting them to third parties may not be overblown.
Smart TVs can be hacked into and used to spy on their owners,
security experts at Italian firm ReVuln warned back in 2012, when they posted
a video demonstrating how to hack a Samsung Smart TV by exploiting a zero-day
vulnerability.
"Users need to have more power over the devices that
they're buying and bringing into their houses," Parker Higgins, an
activist at the Electronic Frontier
Foundation, told TechNewsWorld.
It would "go a long way [if] users...[could] really look
at the security of these devices and...replace the software if they want
to," Higgins suggested.
Security "is a real concern, no matter how this product
is deployed," the CDT's Brookman said. Concerns over security will impede
the adoption of the Internet of Things because, "for a lot of products,
the value proposition just isn't worth the potential threat."
Back in 2013, LG smart TV owner DoctorBeet reported that his device logged what he was
watching and sent the data back to the company's servers without encrypting it,
whether or not he had this option enabled.
The news caused a furor, and LG eventually explained that the TV did not collect or retain
personal data, and that it would issue a firmware update to resolve the
problem.
Still, security and privacy issues "should be an
engineering concern at the companies that are building these [devices],"
suggested the EFF's Higgins.
The Bigger Picture
"The larger issue is that there's an inverse correlation
between embedded intelligence and privacy," Jude posited.
Much of the intelligent functionality in a voice-activated
feature, like Apple's Siri, "is deep voice and context analysis that
literally takes what we called supercomputing 20 years ago" and that's
processed in the cloud, Jude said.
In that case, "you will have to accept [the
intelligence] will be provided as a utility from the cloud and, whenever
something's in the cloud, there's the potential of its being hacked," Jude
pointed out. Sure, intelligent devices are useful, but "be careful what
you ask for."
No comments:
Post a Comment