Samsung’s 2012 top-of-the-line plasma and LED HDTVs offer new features never before available within a television including a built-in, internally-wired HD camera, twin microphones, face tracking and speech recognition. While these features give you unprecedented control over an HDTV, HD Guru is reporting that the devices themselves, more similar than ever to a personal computer, may allow hackers or even Samsung to see and hear you and your family, and collect extremely personal data.
While Web cameras and Internet connectivity are not new to HDTVs, their complete integration is. And it's the always connected camera and microphones, combined with the option of third-party apps (not to mention Samsung's own software), that gives us cause for concern regarding the privacy of TV buyers and their friends and families.
Samsung demoed these features to the press earlier this month. The camera and microphones are built into the top if the screen bezel in the 2012 8000-series plasmas and are permanently attached to the top of the 7500- and 8000ES-series LED TVs. A Samsung representative showed how, once set up and connected to the Internet, these models will automatically talk to the Samsung cloud and enable viewers to use new and exciting apps.
These Samsung TVs locate and make note of registered viewers via sophisticated face recognition software. This means if you tell the TV whose faces belong to which users in your family, it personalizes the experience to each recognized family member. If you have friends over, it could log these faces as well.
In addition, the TV listens and responds to specific voice commands. To use the feature, the microphone is active. What concerns us is the integration of both an active camera and microphone. A Samsung representative tells us you can deactivate the voice feature; however this is done via software, not a hard switch like the one you use to turn a room light on or off.
And unlike other TVs, which have cameras and microphones as add-on accessories connected by a single, easily removable USB cable, you can't just unplug these sensors.
During our demo, unless the face recognition learning feature was activated, there was no indication as to whether the camera (such as a red light) and audio mics are on. And as far as the microphone is concerned, there is no way to physically disconnect it or be assured it is not picking up your voice when you don’t intend it to do so.
Samsung does provide the ability to manually reposition the TV's camera away from viewers. The LED TV models allow you to manually point it upward, facing the ceiling; the plasma’s camera can be re-aimed to capture objects in the rear of the TV, according a Samsung spokesperson.
We began to wonder exactly what data Samsung collects from its new “eyes and ears” and how it and other companies intend use it:
- Can Samsung or Samsung-authorized companies watch you watching your Samsung TV?
- Do the televisions send a user ID or the TV’s serial number to the Samsung cloud whenever it has an Internet connection?
- Does Samsung cross reference a user ID or facial scan to your warranty registration information, such as name, address etc.?
- Can a person or company listen to you, at will, via the microphone and Internet connection?
- Does Samsung’s cloud store all this information? How secure is this extremely personal data?
- Can a hacker intercept this data or view you via the built in camera?
- Can a third-party app program do any of the above?
- Exactly what information does the TV send to Samsung or other parties?
- Does Samsung intend to sell data collected by its Smart TV owners, such as who, what and when one is viewing?
Companies desiring to provide highly targeted advertisements to you via the TV screen or external marketing would find this data extremely valuable. “Hey, you look a little tired, how about some Ambien? I’m seeing a little grey, have you tried Grecian Formula? Joe, it looks like you packed on a few pounds recently, here’s information from Weight Watchers. Hey kids, you look bored, look at these TOYS!”
So what, if any, privacy does Samsung promise by way of a stated policy?
Weeks have passed since we formally requested answers to these questions from Samsung asking what if any privacy assurances Samsung provides. To date, no privacy statement has been furnished to HD Guru or end users.
The first models with these features arrived on dealer’s shelves over two weeks ago. All that we’ve been told is that when connecting to the Internet, the TVs first connect to the Samsung cloud, and from there, they connect to the various streaming video services and other apps for activation.
Samsung induces its new Smart TV owners to register online by offering a free three-month extension of the TV’s warranty. This would couple user names and addresses to their TV serial numbers, if the company so desired.
Want to read the owner’s manual for your new Samsung TV? This is accomplished by download, as Samsung stopped including printed owner’s manuals at least two years ago. However, before you may download the manual, you must first agree to the following online statement:
Samsung assumes no responsibility, and shall not be liable, in connection with whether any such products or services will be appropriate, functional or supported for the Samsung products or services available in your country.
We asked Samsung to define “appropriate” but to date have not received a response.
Don’t assume a TV is an un-hackable island! Samsung does not disclose what operating system is within its TVs, therefore we cannot confirm if it is Android and/or any other that might have a prior history of hacking.
It has been widely reported that Android phones have been hacked via third party apps allowing outside control of phones, .
Countless companies have had their networks hacked, causing thousands of customers’ personal data to be released to the world. If this were to happen to Samsung, it is theoretically possible hackers could gain access to names, addresses -- and images of the faces of entire families.
The TV has a built-in Facebook app. Can the TV make the next connection and access your Facebook account and match other viewers to their Facebook pictures for even more personal data?
A Samsung representative said the company is working on apps that will allow its Smart TV owners to turn their televisions into a silent home-security system by allowing remote viewing on a smartphone or tablet via the TV’s built-in camera. This ability makes us ask, “Who else could gain access this video feed?”
There are security systems that go over the Internet, however, many are encrypted. Is any of Samsung’s data encrypted? The company doesn't say. Generally security companies let customers know when their data is encrypted, as it is a selling point.
In addition, the Samsung HDTVs come with an external infrared blaster that allows users to control a cable or satellite box via voice, gesture or the Samsung remote. We ask: does the TV send this information over to Samsung’s cloud as well? Does Samsung now know what other equipment you have, when you’re home to use it, what channel you’re viewing and when?
The models with this unprecedented feature set are the 2012 8000 series plasmas PN51E8000, PN60E8000, PN64E8000 and LED models UN46ES7500, UN50ES7500, UN55ES7500, UN46ES8000, UN55ES8000, UN60ES8000 and UN65ES8000. Many of these models are now at dealers with the rest scheduled to ship within the next few weeks.
While there is no current evidence of any particular security hole or untoward behavior by Samsung's app partners, with so many questions raised and no answers provided, HD Guru recommends you weigh the possibilities and decide whether or not you care about the unknown personal privacy risks before purchasing one of these HDTVs.