By Jeremy Hsu on September 24, 2024
Popular smart TV models made by Samsung and LG can take multiple snapshots of what you are watching every second – even when they are being used as external displays for your laptop or video game console.
Smart TV manufacturers use these frequent screenshots, as well as audio recordings, in their automatic content recognition systems, which track viewing habits in order to target people with specific advertising. But researchers showed this tracking by some of the world’s most popular smart TV brands – Samsung TVs can take screenshots every 500 milliseconds and LG TVs every 10 milliseconds – can occur when people least expect it.
“When a user connects their laptop via HDMI just to browse stuff on their laptop on a bigger screen by using the TV as a ‘dumb’ display, they are unsuspecting of their activity being screenshotted,” says Yash Vekaria at the University of California, Davis. Samsung and LG did not respond to a request for comment.
Vekaria and his colleagues connected smart TVs from Samsung and LG to their own computer server. Their server, which was equipped with software for analysing network traffic, acted as a middleman to see what visual snapshots or audio data the TVs were uploading.
They found the smart TVs did not appear to upload any screenshots or audio data when streaming from Netflix or other third-party apps, mirroring YouTube content streamed on a separate phone or laptop or when sitting idle. But the smart TVs did upload snapshots when showing broadcasts from the TV antenna or content from an HDMI-connected device.
The researchers also discovered country-specific differences when users streamed the free ad-supported TV channel provided by Samsung or LG platforms. Such user activities were uploaded when the TV was operating in the US but not in the UK.
By recording user activity even when it’s coming from connected laptops, smart TVs might capture sensitive data, says Vekaria. For example, it might record if people are browsing for baby products or other personal items.
Customers can opt out of such tracking for Samsung and LG TVs. But the process requires customers to either enable or disable between six and 11 different options in the TV settings.
“This is the sort of privacy-intrusive technology that should require people to opt into sharing their data with clear language explaining exactly what they’re agreeing to, not baked into initial setup agreements that people tend to speed through,” says Thorin Klosowski at the Electronic Frontier Foundation, a digital privacy non-profit based in California.
Friendly reminder that gaming console monitors, computer monitors, projectors, dumb TVs, and commercial displays exist.
Yes, I could hack a smart TV to disable its networking capabilities. (Merely withholding my wifi password is not reliable.) But that would still be showing the manufacturers that I find spyware TVs acceptable, and supporting the production of those models.
Also, this would be a good time to pressure our legislators into criminalizing this nonsense.
Only one company makes Dumb TVs anymore, Sceptre, and the quality is very hit or miss due to the way they acquire their screens.
Plenty of companies make display TVs that only display commercial content. You see them all the time displaying menus in fast food restaurants.
These can also have all smart tech turned off because some companies also use them as digital whiteboards to display proprietary or confidential information.
Those typically come at commercial pricing, which is insane.
I would hardly consider that pricing insane. Consumer TVs are massively subsidized by the smart tech built into them, in some cases by up to 60%. Plus, they are often fragile with cheaper components because they are expected to be mounted in “safe” places away from unusual conditions or extreme temperatures.
Considering the more robust construction (for commercial use) and lack of subsidization, I would consider those prices to be spot-on and rather reasonable.
Those commercial displays are nothing but heavily stripped down TVs with anything unnecessary to being a advertising display removed. and maybe a tiny, grossly overpriced and heavily cut down computer built into it to run the slideshows/menus/whatever.
also, TVs in a certain size range are generally cheap because manufacturing has gotten to the point that each mother can produce a ton of screens for it. and the reason that cheap range size has gone up over the years is because improvements in the printing technology and the size of the mother glass.
It’s also harder to find them in larger sizes any more, even for the few for which sell them at all, so if you want a larger one, you may not have much by way of options.
https://assetbasedlife.com/dumb-tvs-are-a-dying-breed/
This lists Insignia, which is a Best Buy store brand.
This has a couple, at least as of last year:
https://www.tomsguide.com/features/dumb-tvs-heres-why-you-cant-find-them-anymore
It’s also possible to buy a used TV, but obviously, as with getting used cars to avoid monitoring stuff in newer cars, the pool of those will only be around for so long, and you can’t take advantage of any technological advances subsequent to them.
Not putting your WiFi password in would absolutely be reliable. I’d love to hear your ideas on how they’d remotely break into your WiFi Network
No, it would not.
They wouldn’t, of course.
However, your network is not the only network in the world, and WiFi is not the only transport in the world. Neighbors exist. Open guest networks exist. Drive-by and fly-by networks exist. Mesh networks exist. Bluetooth, LoRa, cellular, etc. etc. etc. Maybe you live on an isolated mountain top where these things are unlikely to reach you (at least until satellite network links become smaller and cheaper), but even that is not absolute, and most of us don’t.
Unless you disassemble your TV and examine all the components within, and know what they do, it could have any of these capabilities.
Also, given how prevalent multi-network support is becoming in electronics integration, it is not unusual at all for hardware functionality to be dormant at first but available for activation later.
I’d love for you not to be adversarial.
To add to this, often, even if you turn off Bluetooth, your devices can still communicate via Bluetooth Low Energy, something that’s separate from classic Bluetooth and typically (to my knowledge) cannot be turned off. As an example, I’ve heard that Google uses it to send ad targeting info between devices.
Remember how Comcast routers made that ghost mesh network?
And Amazon sidewalk.
Any link to news? This is my first time heard of this.
Sounds standard for Comcast or whoever they are now. Couldn’t find anything though. Curious
I don’t have a link but Comcast offered a get WiFi anywhere option for their customers where they could use anyone’s combination modem/router from Comcast to get online with their company credentials. This was (is?) impossible to disable.
If you have a samsung phone in the house, it can connect to the TV and give it a hotspot of sorts. This is a hypothetical, not real (yet!)
Why is withholding the WiFi password not enough? Could they somehow piggyback off a different device or something?
I’ve heard that some of them will connect to any wifi available. So if your neighbor does not have a password on their network. The tv will connect and upload the data.
Good question. Please see my follow-up comment.
Yes. It could talk to another smart device and ask it to send its packages. You could be careful and connect none of the smart crap in your house to your network, but the smart fridge in your upstairs neighbor’s kitchen could still be helping with smuggling your data out. Or your devices could be connected to some unsecured network around.
In any case, the only surefire way to stop your data from getting smuggled out is to physically kill all the wireless connectivity capabilities of the device. Disconnect antennae, desolder chips, scrape out pcb traces. Otherwise you’re just hoping the firmware is not doing anything funny. Fortunately I think these are all hypotheticals that have not (yet) been observed in real smart home products.
I can understand that if you have a Samsung TV and a Samsung fridge, they can talk with each other. But will it work if you have a fridge from a different OEM? (I’m assuming the OEMs haven’t formed a cartel for illegal data smuggling)