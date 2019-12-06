The FBI Says Your TV Is Probably Spying On You
Like most of the infamous "internet of things," (IOT) smart TVs are a security and privacy dumpster fire. Numerous set vendors have already been caught hoovering up private conversations or transmitting private user data unencrypted to the cloud. One study in 2017 surmised that around 90% of smart televisions can be hacked remotely, something intelligence agencies, private contractors and other hackers are clearly eager to take full advantage of.
This week, the FBI, that bastion of sage privacy and security advice, issued a blog post out of its Portland field office warning cyber Monday shoppers that their smart TV is a little too smart, and likely watches you as much as you watch it. The post is filled with some handy tips to help you protect your privacy:
"Know exactly what features your TV has and how to control those features. Do a basic Internet search with your model number and the words “microphone,” “camera,” and “privacy.” Don’t depend on the default security settings. Change passwords if you can – and know how to turn off the microphones, cameras, and collection of personal information if possible. If you can’t turn them off, consider whether you are willing to take the risk of buying that model or using that service. If you can’t turn off a camera but want to, a simple piece of black tape over the camera eye is a back-to-basics option. Check the manufacturer’s ability to update your device with security patches. Can they do this? Have they done it in the past? Check the privacy policy for the TV manufacturer and the streaming services you use. Confirm what data they collect, how they store that data, and what they do with it."
Granted such tips don't really do much to fix a broken sector where privacy and security remains an afterthought. A Consumer Reports study from last year found that things aren't really improving in the space. Government hasn't done much to pass any meaningful privacy law for the internet era. Gadget obsessed consumers are historically oblivious or apathetic to the problem. And product makers are too busy worrying about margins and the next big product launch to spend money to upgrade past sets or improve their privacy and security practices (at least not until there's another major scandal).
And if you've shopped for a TV recently, you may have noticed that it's largely impossible to just buy a "dumb" TV set without all of the "smart" internals. More specifically, most TV vendors don't want to sell you a bare-bones set because they want you to use their streaming services. Even more specifically, they want you to buy their sets with their specific streaming functionality because they want to spy on you and monetize your usage data.
So yeah, the FBI's tips are great and all, but they don't really get to the root of the market dysfunction that's plaguing the IOT space. There are plenty of fractured entities trying to help (like Consumer Reports' efforts to integrate an open source privacy and security standard in hardware reviews, or efforts at Princeton to make it clear what devices are actually doing on the network), but in terms of any kind of cohesive solution to the problem, there's little to nothing on the horizon.
FBI Not Using This???
These are the same guys that have no problem using domestic NSA data for parallel construction, hosting child porn on darkweb sites, and thinks encryption is a tool only used by terrorists and should be banned... How bad does TV security have to be that even the FBI says 'yeah... that is even too much for us...'?!
Re: FBI Not Using This???
Could it be that they are upset that they don't have access to those feeds? We already know that they are very sensitive to butt hurt. On the other hand, maybe they found out that some of them own such TV's and are upset that THEY are being spied upon.
Re: Re: FBI Not Using This???
They do seem to hate competition.
Re: FBI Not Using This???
To be fair, this comes from the Portland office. If you check previous missives from the FBI, you'll find that most of the ones that actually have US citizens in mind come from the Portland office.
The FBI has no problems with the west coast helping citizens while the east coast manufactures larger budgets for next year.
Re: Re: FBI Not Using This???
That’s pretty interesting. I never noticed that before. So it’s not so much that the FBI is being hypocritical; it’s just that there is more than one office that ostensibly speaks for the FBI, and the words and actions of one office don’t really fit the words and actions of another.
Re: FBI Not Using This???
Everyone is being watched, this will only get worse
Time to nuke this experiment called "human life" hahahahahaha
...and they're jealous they don't have that kind of warrant-free access.
Late to the Party
Solutin to "Smart TV" :
Do not connect it to the Internet. If TV wants WiFi connection, most likely, black hole it to loop back.
This comment requires disclaimer - cut ground wire (by warranty) to mic and camera.
Re: Late to the Party
I fully agree with your first point. DO NOT CONNECT.
Re: Re: Late to the Party
Item #1 will be any option to consumers. TV with all kinds of apps that are marketed as features id just "make the tablet bigger". I have Amazon TV Stick on HDMI but there is a trust level that IoT will never have. Is Amazon TV watching me? Why bother they already know everything useful business wise.
So, would a trusted device that has gets no benefit from watching people-watching-porn-and-having-sex-party? Big No. But someone who gets off sneaking into IoT lame to no security = BIG YES.
Lastly, trusted devices are not error free - it is tricky keeping wolves out. That doorbell just told the coppers teenagers are drunk on your porch.Video at eleven.
Re: Re: Re: Late to the Party
In order to make a trusted device (assuming it deserves trust and you're not trusting an insecure piece of crap) you have to take steps to secure it like not connecting it to the internet, manually (professionally) inspecting its source code, and/or manually inspecting the source of any updates you apply to it.
That includes the OS, drivers, and if you're being really careful, making sure the circuit schematics are what you ordered.
You should not trust off the shelf consumer electronics to not be breached if someone tries.
Re: Re: Re: Late to the Party
"trusted device"
Big mistake
Re: Late to the Party
Goes to show what kind of world we live in where we have to "dumb down" our TVs manually instead of having the option. Personally all I want from my TV is to play discs and watch television. That's it. I don't care about it having apps, the latest up-to-date news, etc.
Guess I chalk it up to growing up in a time where a TV was just a TV instead of the dumpster fire TVs we have now.
Re: Re: Late to the Party
You do have options. You're either into the computer monitor market, or, if you want a larger screen, the commercial display market (effectively, TVs for meeting rooms, transit schedules, etc.—usually HDMI and/or DisplayPort inputs, no TV tuner, may or may not be "smart"). The commercial displays cost more and probably don't go on sale.
Re: Re: Re: Late to the Party
IOW, larger “dumb” TVs are more costly and/or harder to acquire than smart TVs of the same size. Otherwise, you go for a computer monitor or an older TV from a pawn shop to avoid your TV being part of the IOT.
Re: Late to the Party
Number one all day long.
This is what I did with my TV. I never connected it to my WiFi. If I want to stream something I can either connect my computer, use my Xbox or cast to my Chromecast. (Yes I realize there are potential privacy issues with Chromecast as well but I can lock some of that down via firewall and it's not watching or listening to me in my house, it can only see what I cast to it.)
Number 2 is not technically feasible for your average user as they would have to take apart the TV and know exactly which wires to cut or not cut.
Number 3 is rarely an option anymore as most TVs are no longer made without smart capabilities. So while technically you can find an older one without IoT, it won't have all the new hardware and display features that AREN'T related to IoT that you may actually want. I ran into this when buying my current TV.
Re: Late to the Party
In theory, that shouldn't affect the warranty of other TV components (by the Magnussen-Moss Warranty Act). See also Snowden's "Going Black" video.
Re: Late to the Party
I agree with the 'don't connect to the internet'. The data is not passed on and no one is coming back to hack in. I'm happy with an antenna and so far, I've heard nothing of these smart tvs broadcasting back.
Don't spend much tv watching time.
"a simple piece of black tape over the camera eye is a back-to-basics option. "
They will just embed the cam into the display, in multiple places, you may not be able to see them. Best to not connect it to the internet.
Re:
That's easy to say, but unless you have a Faraday cage, how do you know it's not on the internet? They have Wifi now, and maybe a neighbor has an open access point—or some ISP-provided access point the manufacturers have purchased access to.
The FBI qualifying the tape-over-camera option with "If you can’t turn off a camera" is just silly. Few people have the expertise to confirm that the camera was actually disabled when requested, and shall remain disabled—even if, for example, the TV receives a malformed broadcast signal that triggers a buffer overflow. (Sure, if the company lies or has terrible security the FTC might hit them with a small fine and make them promise not to do it again... and maybe if a class-action is started and you didn't waive your rights in a clickthough agreement, you'll get five bucks off your next TV, in a decade, if you still have your receipt...)
Tape works, and one doesn't require a PhD in computer security to demonstrate that. People are not yet complaining about TV bezels and notches such that companies are looking to hide cameras. Disable cameras, microphones, networking in software, and open up the TV and disconnect wires if you're comfortable with that, but don't skimp on the most effective and easiest security fix ever devised.
Re: Re:
"They have Wifi now"
wifi needs an antenna, remove it.
Re: Re:
Few smart TVs—if any—connect to the internet without user input, if only to select which access point to use. And where did you get the idea that ISPs provide backdoors like that? I mean, it’s not completely improbable, but what evidence do you have for that?
To be clear, I agree with most of what you said, but this point stuck out to me as less plausible than the others.
Re:
My wife talks to her Amazon TV but it is not voice activated - press and hold button down then talk. Microphone in TV needs is always listening for keyword. I disabled Alexa option in Amazon TV. Bugging my living room or any place in my house is crazy.
Copper mesh on sale? Class? Anyone?
Re: Re:
And those stupid tv remote controllers that you have to talk to, what a piss poor excuse for requiring a live microphone. What kind of silly assed excuse will they come up with for a webcam requirement?
Not connecting them to the internet will only work until the manufacturers decide to have them connect to any unsecured network on their own. Better option might be to buy cheap router and connect all IoT devices to it, and just not connect the router to the internet.
Re:
Disconnect the antenna
Re: Re:
Not in consumer reality. First off nobody is going to take brand new TV apart in order to look something that does not look like antenna on a car or something.
And special tools are no cheap. So, new cottage industry Make My TV Stupid†®
Re: Re: Re:
"nobody is going to take brand new TV apart in order to look something"
Hello, My name is nobody and I have taken wifi antennas out of devices thus ensuring there is no wifi connectivity. In addition, I disabled any and all relevant options in configuration of said device. I accomplished this without the use of any special tools.
Do not sell the average consumer short some of them know what a wifi antenna looks like.
Yes, I agree that there will be some demand for making devices secure.
Re: Re: Re: Re:
I would not consider most average consumers to be both the type to take an electronic device apart unless it stops working properly and be able to recognized every WiFi antenna as distinct from other antennas and disconnect it without affecting other, non-internet features. It’s also less likely that they would do something that could plausibly affect the warranty or have some permanent effect on the TV. Now, would it be that far above average? No. Could an average consumer do it? Absolutely, at least in most cases. However, we’re talking about what the average consumer is likely, willing, and able to do to a perfectly functional TV to protect their privacy. Tape across the camera? Sure. Disconnect it from the internet via the internal software (or choose not to connect it in the first place)? Perhaps. Disassemble it to remove the WiFi antenna, likely in a manner which you cannot fix later? Not so much.
Also, in this materialistic society with a large focus on consumerism full of people who demand others fix their problems, I’d expect a lot of average consumers to get a new TV that lacks the option or ignore what they can do to protect their own privacy.
Re:
And this is why you should ALWAYS password protect your WiFi network.
Granted if you live in a place like an apartment where you might have a bunch of networks in range and your neighbors didn't secure theirs, then this obviously is a moot point.
However, I'm betting it's unlikely manufacturers will set it up to auto-connect to any unsecured network. That could create a whole host of problems that would land them in real hot water, real fast. Not to mention it would make it much more difficult for the actual owner of the TV to hook it up to their secured network if they so chose.
Re: Re:
My bet is that when it happens, it will be "by accident". Because they integrated some gigantic ball of software, maybe Android, and they've got some auto-connect feature just to gather network statistics or maybe set the clock, and the firewall rules that were supposed to stop other access broke without anyone noticing...
Re:
That is why I said WiFi will probably be the method used. Most IoT prefers the any kind of connection, even no password hotel wifi.
An old Apple airport can be configured to accept any intranet (inside firewall) connection and not let do anything but wait forever.
My sister, mother will not do this. It is outside their reality -- they would not know what to do. Assumes the TV is just a TV with features.
Naaaaw...
BWAHAHAHA... No, my TV isn't spying on me. You know how I know...? You better sit down for this: it's a CRT unit. From twenty or so years ago. And at the rate it's getting used recently, it's going to last another forty...
Re: Naaaaw...
Side note, it is not easy to create a large format cathode ray tube for television.
[ reply to this | link to this | view in chronology ]
Re: Re: Naaaaw...
Side side note, the 16:9 aspect ratio was developed because it was the widest screen cathode ray tube that could be practically produced at the time, not because it related to a wide screen movie in any way.
I just remembered the last time I had to move a big CRT. I swear the center of gravity was about an inch in from that enormous layer of glass.
Re: Re: Re: Naaaaw...
Sounds about accurate, the unit is effectively immovable. The day I have to move it to a service shop is the day I replace it (then again, I did fix it at home before - PSU chip literally exploded for some reason). So it's most likely effectively limited by the lifespan of the CRT. In the mean time: you only need huge screens if you sit far from them - this one is big enough to watch from a bed's length, even if it's only 4:3...
Re: Re: Re: Re: Naaaaw...
When that day approaches, post an online ad for a spyware-free TV. Free to whoever can come to your house and remove it without your help.
Re: Re: Re: Naaaaw...
Yes, blowing the glass was not easy but I was thinking about the problems encountered at the edges of the display when trying to maintain a rectangular image.
Smart TV in dumb mode
My TV isn't even connected to my network, so LG probably thinks it fell off the face of the earth.
Unfortunately the gap between using technology and understanding how the technology works has increased to the point that we have a world of technical illiterates at the mercy of the fewer number of people who care about how things work. The idea that anything connected to the internet that has a camera and microphone in it should have been immediately suspect to anyone, but apparently, most people equate technology with not having to think. How stupid must people be to not have seen the obvious implications of this? Pretty fucking stupid.
Re:
"a world of technical illiterates at the mercy of the fewer number of people who care about how things work."
at the mercy of the fewer number of people who will do anything for money
Re: Re:
Are you replacing the original quote or adding to it?
In other words, who is at the mercy of the money-grubbers? The technical illiterates, or the ones who care how things work?
It is safe to assume that anything with an internet connection and closed source software in it is sending behavioural data back home. It is standard now.
And let us not forget that the Patriot Act permits the government to secretly compel US companies to hand it all over without question.
Don't worry, unless you are an investigative journalist, whistleblower, political rival, or some unfortunate that gets in the way of someone that matters, you should be fine.
Nothing to hide...
Just don't turn your TV off. That shit looks suspicious.
Re:
"you should be fine"
Should be, but not.
The better to protect you, Little Red Riding Hood
Somehow I am not hearing FBI protecting citizens, I am hearing the FBI say, "Let the buyer beware."
Re: The better to protect you, Little Red Riding Hood
The FBI doesn't run its own semiconductor fabs. It can't do much about it.
So what?
The problem is not a spying SmartTV. Even if it was, pulling the plug and using a streaming device will solve the problem.
The problem is a spying FBI: not only have then been drumming for both authorization and technical ability to spy on everybody, anytime. The FBI has also been caught repeatedly using the information for framing and entrapping innocents.
While TV-Manufacturers may collect information to improve their products or to sell advertisements, the FBI uses information to destroy people's careers, even lives.
Which, btw, raises the question where the FBI's sudden concern for our privacy comes from ...
Re: So what?
They found out their TV's are spying on them too?
Re: So what?
Cynically, the TVs are spying for PRC and not USA.
Probably, cyber defence is big business now and it is not entirely corrupted by politics. It is recognised that identity theft and other cyber crime is facilitated by bad security on these devices. There are people paid in the agencies to address cyber threats (as best they can, under the circumstances).
The FBI is not a monolith. There are departments in it that legitimately do good work. The are some departments that do mostly bad work that have some legitimately good actors. Same for most government agencies.
My view is that the problem is primarily corrupt, deeply politicised leadership in these agencies, installed by completely corrupt political leadership.
Re: Re: So what?
The crime some in the industry like to call Identity Theft is really just fraud perpetrated upon some business using someone else's identity.
The term Cyber Crime is quite nebulous and I suppose could refer to just about anything deemed a crime so long as the internet was involved in some way.
I think you will find that corruption makes the world go 'round.
fox /hen
The fox warning the henhouse that eggs are fragile.
That's why i choose prime video instead
i don't think TV's really spying on us! Because i have smart tv and most of time I watch tv series online.
There are many video streaming services from which you can watch any tv shows securely and for free.
So, keep calm! FBI don't have that much time to look for each persons daily life activity.
For more security, cover your television with clothes.
haha :)
