Recently when users started to claim that Samsung’s Smart TVs recorded conversations and sent them to a third party server company Nuance, Samsung had countered all these claims.
Samsung stated that all of these data transmissions to and from its televisions were encrypted. However when testing demonstrated that the data in question wasn’t encrypted even thought it was being sent through Port 443 which is basically used for HTTPS traffic, the Korean company changed its stance.
The company then claimed that it were the new TVs which were being encrypted properly and not the old ones. However it seems that nothing is going in Samsung’s way and this claim too has now been proven wrong.
This time the team of security researchers at Pentest Partners tested a UE55HU7500 which is the most current Samsung TV and is being sold at a price of £1,569.86 in the UK.
The team has tested this new television in the same manner as the old and once again found that the data is still being transferred in plaintext. This means that Samsung is still misleading the consumers about the encryption on its TVs.
Then there was even a chance that a firmware update to the television could solve this problem. So the team applied it but again there was no effect and the data still remains unencrypted.
Well if we compare the Lenovo Superfish disaster to this Samsung problem then the Lenovo problem is much more grave and worse. However this does not mean that Samsung will not be scrutinized as the root problem of both these disasters is the failure on the part of the companies to verify that security procedures have been followed and implemented at every level.
Security is no doubt very expensive and time consuming but nonetheless is vital. Moreover companies like Samsung who emphasize on shipping a huge number of SKU’s are ill-suited to the kind of lengthy test cycles that are needed to guarantee security of its products and users data.
Well if such things continue Smart TVs will acquire a reputation for risking user security and consumers will not indulge in acquiring them. This will in the long term damage the market and the Internet of Things ecosystem.