Will Spying TVs Be the Next Frontier in a War Between Good and Evil Hackers?

Amid concern over what new generation television sets are capable of doing, one group seeks a legal exemption to pry open the software.
Samsung

There were a lot of people watching the series debut of Better Call Saul on Sunday, so here's a tough question: How many of those television sets were tuning in to spy on their viewers? If TV countersurveillance is actually a thing, what role will hackers play?

The issue of television eavesdropping is suddenly turning heads after The Daily Beast reported Thursday that buried in the privacy policy for Samsung's Internet-connected SmartTV was an advisement that device owners should "please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party.”

Parker Higgins, an activist at the Electronic Frontier Foundation, had some fun with the revelation, comparing it to a scene out of George Orwell's 1984:

After the Daily Beast story came out, Samsung rushed to note that it took privacy seriously, that it employed "industry-standard security safeguards and practices, including data encryption," that voice recognition could be deactivated or that the TV owner could always disconnect the TV from the WiFi network. In other words, the SmartTV could always be rendered less useful. Some commentators opined the flap was "no big deal," while other TV owners are being cautioned, "Watch what you say around your Smart TV."

But there's another issue — perhaps an even bigger one — that was highlighted in a comment by the Software Freedom Conservancy to the U.S. Copyright Office last week.

Every three years, this office hears petitions to exempt certain activities from being illegal under the Digital Millennium Copyright Act's anti-circumvention protections. This time, the Software Freedom Conservancy is making a bid to essentially allow the hacking of Smart TVs. The main basis for its proposal is to achieve interoperability and advances that will make for better Smart TV applications.

Then, there's the issue of surveillance.

Yes, tools such as voice recognition can be deactivated, but on pages 8-9 of a 38-page comment, the Software Freedom Conservancy also raises the scary prospect of what others — beyond manufacturers like Samsung and advertisers — might do with the broad functionality of Internet-enabled audio and video recording devices in pretty much every living room in the country. Might someone activate a microphone from afar?

"Smart TVs have been shown to contain security vulnerabilities that can be exploited by malicious hackers to access them remotely and run harmful code," writes the Software Freedom Conservancy. "Some of these also make use of a Smart TV's built-in microphone and camera. In sum, research on the security of the Smart TVs on the market strongly suggests that manufacturers do not build sufficient privacy or security safeguards into their TVs."

Apparently, the proposed solution to black hat hackers is some white hat hackers. The Smart TVs have all sorts of firmware encryption and administrative access controls, and viewed in a certain light, that's a good thing. In its response to the Daily Beast story, Samsung itself pointed to encryption. But not everyone trusts a corporate behemoth to ensure privacy —especially when these companies are promulgating disclaimers about the personal data being collected. Thus, the group asks for permission to circumvent technology protection measures for the purpose of finding and exposing security and privacy issues in Smart TVs.

It's noted that copyright law contains an exemption for good faith "security testing," but according to the filed comment, "the exemption favors private disclosure, potentially giving courts discretion to withhold it from researchers who publish information about security vulnerabilities in Smart TVs."

In short, the "good" hackers want permission to expose what the "malicious" hackers might do with your television set. What's stopping them at the moment is access control and copyright law. It may be possible to find out who is watching the watchers — or at least, how — but that's said to be too much of a secret at the moment. Sure, Orwell had this one right.

Email: Eriq.Gardner@THR.com
Twitter: @eriqgardner

comments powered by Disqus