Ultrasonic to a phone or Alexa/Siri/etc, connect to an unsecured network, send data to a neighbor’s smart TV which is connected to Internet, Bluetooth or other to a phone
It would show the encrypted out bound traffic right? You wouldn’t be able to identify it by reading the bits, but you could by the volume and not doing anything else.
Maybe. They might do some processing locally and just upload as text so it might be easy to batch the data, making the upload volume and pattern less obvious.
It also saves them network bandwidth so I’m sure that would motivate them too. Uploading raw mic data from all TVs would be expensive.
If it were, it would be pretty common knowledge and there would be several news cycles about it. I don’t doubt that they could bury it in the terms of service, but we have wiretap laws in enough places that are two-party consent that it would have had to come out by now. Not to mention nerds like me running pi-hole and monitoring their traffic, repair people who could easily regonize a mic in the device, etc.
The privacy agreement in them covers it, just like Alexa.
Check yours, if you don’t agree to the privacy agreement, things like cable and broadcast channel recognition don’t work.
It also breaks Automatic Content Recognition, which enables the manufacturer to monitor what you’re watching.
Granted that’s not the same as listening, but it’s close enough. And we know Google employees have been caught listening/watching people. There was another article just the other day of another company caught doing the same.
Just because something’s illegal doesn’t stop people from doing it.
As for catching it with monitoring… We know Microsoft has hard coded domain names into certain DLL’s since XP, so you can’t block the domains with a hosts file. There’s some talk in the Pihole community about smart tv’s being able to bypass your DNS with hard-coded IP destinations - they only need one to be able to then deliver their own DNS.
Some smart TV’s will connect to others via wifi if they don’t have connectivity, yet another way to bypass our efforts to block their connections.
That manufacturers are so blatantly adversarial makes it pretty clear they’ll try to get away with anything they can. And anything I can think of, surely their dedicated teams of engineers thought of it long before me.
Edit: then there’s apps like Netflix, Prime, Peacock, Hulu, YouTube, etc, that make encrypted connections to home. It would be trivial to permit those apps to deliver alternative name resolution for the entire OS on TV’s since we don’t control the OS.
I’m confident this is built in to many smart TVs these days.
Well. Wireshark would confirm that if it were true.
I’m sure it will show HTTPS traffic outbound from your TV.
I’m sure it will show no traffic whatsoever if you don’t connect your TV to your network
deleted
Source?
Either way, open networks are very uncommon in residential areas (and honestly in general)
deleted
Source that it happens obviously.
You claimed that they connected to open networks.
deleted
There’s a dozen ways they could jump the air gap.
Ultrasonic to a phone or Alexa/Siri/etc, connect to an unsecured network, send data to a neighbor’s smart TV which is connected to Internet, Bluetooth or other to a phone
But this would be proven then?
At that point the customer acquisition cost is t worth it.
It would show the encrypted out bound traffic right? You wouldn’t be able to identify it by reading the bits, but you could by the volume and not doing anything else.
Maybe. They might do some processing locally and just upload as text so it might be easy to batch the data, making the upload volume and pattern less obvious.
It also saves them network bandwidth so I’m sure that would motivate them too. Uploading raw mic data from all TVs would be expensive.
And with DNS requests and timing you should be able to figure whats in those packets.
That’s not how that works lol
If it were, it would be pretty common knowledge and there would be several news cycles about it. I don’t doubt that they could bury it in the terms of service, but we have wiretap laws in enough places that are two-party consent that it would have had to come out by now. Not to mention nerds like me running pi-hole and monitoring their traffic, repair people who could easily regonize a mic in the device, etc.
The privacy agreement in them covers it, just like Alexa.
Check yours, if you don’t agree to the privacy agreement, things like cable and broadcast channel recognition don’t work.
It also breaks Automatic Content Recognition, which enables the manufacturer to monitor what you’re watching.
Granted that’s not the same as listening, but it’s close enough. And we know Google employees have been caught listening/watching people. There was another article just the other day of another company caught doing the same.
Just because something’s illegal doesn’t stop people from doing it.
As for catching it with monitoring… We know Microsoft has hard coded domain names into certain DLL’s since XP, so you can’t block the domains with a hosts file. There’s some talk in the Pihole community about smart tv’s being able to bypass your DNS with hard-coded IP destinations - they only need one to be able to then deliver their own DNS.
Some smart TV’s will connect to others via wifi if they don’t have connectivity, yet another way to bypass our efforts to block their connections.
That manufacturers are so blatantly adversarial makes it pretty clear they’ll try to get away with anything they can. And anything I can think of, surely their dedicated teams of engineers thought of it long before me.
Edit: then there’s apps like Netflix, Prime, Peacock, Hulu, YouTube, etc, that make encrypted connections to home. It would be trivial to permit those apps to deliver alternative name resolution for the entire OS on TV’s since we don’t control the OS.