Why the Samsung TV spying hack is way overblown

The CIA would have to install a USB key, and then come back and grab the files from a data dump. It doesn't work over Wi-Fi.

cia
Credit: Michael Kan

Major media has some egg on their face over this one.

Drawn to the attention-grabbing idea of your Samsung TV being compromised by the CIA, and knowing a lot of people have a Samsung TV, the headlines went something like this.

WikiLeaks says CIA hacked Samsung smart TVs

Why your smart TV is the perfect way to spy on you

None of these reports bothered to explain any of the details.

As noted in Wired and in this Forbes report, the CIA cannot spy on you over wireless. To update a Samsung TV, they’d need to use a USB key to install a firmware update. Also, the televisions are older models from 2013. To record any conversations or video, the CIA would then have to copy files back onto the USB drive.

To do all of that, the CIA would have to break into your home -- twice. To me, that seems like a much bigger problems than tapping into your television, especially since they’d need a warrant and, if they did sneak in, they could install any number of listening and recording devices. Why even bother adding a USB drive or tricking the television to use “face off” mode? (This turns off the LED lights to make you think the television is completely off.)

This is a mixture of trying to grab attention and relaying inaccurate information. It creates a sense of hysteria -- that government agencies can see what you’re doing in your living room in real time. I’m picturing people who own a Samsung television disconnecting from their Wi-Fi router or putting a piece of tape over the webcam. It creates a doom and gloom mentality, when in fact the likelihood of you being a target of a CIA investigation is extremely low.

The response to the issue was interesting. Samsung said in a statement:

"Protecting consumers' privacy and the security of our devices is a top priority at Samsung. We are aware of the report in question and are urgently looking into the matter."

What’s the coded message there? To me, it suggests they know this is overblown. They are being careful not to comment right now, because they suspect the issue is probably related to a USB key loading firmware -- which, by the way, is something that has existed for a long time. There’s a lot you can do to televisions, laptops, and other devices by loading software from a USB key. I’m expecting Samsung to explain how USB firmware updates work at some point.

Here’s my problem. We are living in an age of fake news. It’s all about the headline. When President Trump says the Obama Administration was wiretapping him and provided no proof at all, it creates a sense of hysteria (what if he was? What if all of our devices -- our iPhones and Android phones and tablets, our cars, our smart homes -- can record us?). It takes away from the actual reality of government hacking, the real issues out there like capturing unencrypted email and watching our browser history. It deludes the real problems.

For anyone who really cares about security issues in the U.S., it’s much better to weed out the fluff. No, the Samsung in your living room is likely not being used by the CIA to find out that you are watching the show Jessica Jones on Netflix. No, they don’t care about your vacation plans. Could government officials have access to your Facebook account and watch your conversations there, or could they be spying on your email? That’s been all but proven.

Let’s worry about the stuff that matters. No tape on your Samsung webcam needed.

Related:
Computerworld's IT Salary Survey 2017 results
Shop Tech Products at Amazon