I strongly advise everyone against ever giving their smart tv the wifi password.
I have about a thousand times more confidence, that if I use my smart TV as a dumb screen connected to an Xbox one or PlayStation 4, that over a multi-year period of time, Microsoft and Sony will successfully keep their operating systems automatically patched, updated, and secure. As compared to any tv manufacturer.
I have seen people resort to things like installing pihole on their home LAN so that their smart tv will stop showing ads covering 1/3 of the screen whenever they use the menus. At least the advertisements that one will see on the home screen of an Xbox or Playstation are relatively small, unobtrusive, and can be ignored without bother.
In the future I think we will have problems with the fact that hdmi can also carry 100Mbps ethernet. Imagine if you plug your smart tv into some other device, intending just to send video to it, that gives it a dhcp lease and default route out to the internet. All in the name of consumer friendly "just plug it in and it works!" type functionality.
They could eventually use ethernet over HDMI or simply include a cellular modem of some sort. The profit is there.
But a simpler solution that we are already seeing a bit is to simply require a network connection to function at all; for now, it's just a periodic check, but a persistent connection requirement is all but inevitable in the medium term.
Devices having cellular modems isn't something new. Many cars already ship with them, for various purposes. WiFi will likely remain in use with smart TVs for a while as video content is data intensive so not really well suited for cellular, but likely stuff like your dishwasher or your stove might include cellular modems in the near future. The data they transmit is limited and you make setup easier as you don't have to type in a WiFi password any more.
Carriers run IoT-specific networks[1], which are optimized for use cases such as telematics (low power consumption, low bandwidth usage, but high penetration and coverage). So it's entirely likely that your washing machine would be able to happily send along telematic data via the same carrier your cell phone can't even establish a connection to.
I have a Samsung smart TV from mid-2017 and it does not appear to be broadcasting a visible SSID, nor a hidden one. Presumably that has changed in the past couple of years?
if it remains in that terribly insecure state by default until you give it a connection to a network, unfortunately the only thing to do might be to give it the password to a $20 mikrotik wifi router (in a 20MHz 2.4GHz channel) as an AP, so as to not pollute the empty radio channel spectrum in your house, that has no connection to the outside world. What an ugly hack.
Or give it the password to a secondary ssid set up on your main wifi, that goes to a dead end VLAN with no route to anywhere.
Aren't Samsung's QLED TV remotes Bluetooth only? Cutting the antenna would then also disable the remote and a modern TV without a remote is pretty useless.
Not really. 10 minutes of practice with some scrap wires would give enough soldering skills to remove it safely. The sibling comment about the Bluetooth remote worries me more
I have a dumb Toshiba TV, it's snappy, just plug in HDMI and it works. No loading times, no bloat, no ads, no Automated Content Recognition), not using my network when I don't want to...
I invite everyone to buy dumb stuff, because if we don't, there won't be any market signal, and there all be smart TV, Fridges and so on. I don't have to explain to HN audience why this poses risks, problems, and the probability of intrusive ad ecosystem causing problems with stuff that should just work.
It's important that tech communities like this one push for it.
I treat those devices and untrusted by putting them in a separate subnet that cannot talk to the subnet where I have my other devices (computer, printer, smartphones, etc).
I fear that when Amazon Sidewalk opens up to third parties, there will be no stopping devices, in fact I would imagine that Amazon could share the wifi passwords it collects with all Sidewalk devices.
Yeah but it's a potentially perpetual ongoing per-unit cost that the manufacturers will incur for something they sell for a one-time payment. At some point it has to become unprofitable.
There are connected cars but iirc you have to buy a subscription or supply your own sim card to use the online features.
> I have about a thousand times more confidence, that if I use my smart TV as a dumb screen connected to an Xbox one or PlayStation 4, that over a multi-year period of time, Microsoft and Sony will successfully keep their operating systems automatically patched, updated, and secure. As compared to any tv manufacturer.
If my smart TV gets hacked, what are they going to do?
Take my Netflix and YouTube credentials?
I've got an LG TV, there aren't huge adverts.
It's faster than switching on my PS5 to watch something.
It even has DLNA so I can listen to my music collection off my NAS.
If it starts hacking my network, what's it going to do?
Public key SSH is pretty strong.
And anything sensitive that could be snooped on would be HTTPS.
So this smart TV hack is going to require a second exploit to get into my windows PC? or Linux boxes?
If this screed is just about telegraphing your own wilful disregard for online safety and profound disinterest/absence of knowledge about what a locally connected hostile network device is capable of, then it’s hardly worth responding to.
However, if you’re trying to deliver an implied suggestion that “no-one should care”, then this actively harmful message deserves solid rejection. The consequences range from turning households into spam drones, to placing at-risk folks in physical peril through commoditised surveillance.
It remains an extraordinarily privileged and wonderful thing to live without fear of the capabilities of a corporate- or state-level actor. What’s not so wonderful is being reminded that many folks with this privilege lack the self-awareness to appreciate it.
You're putting words into my mouth. And changing the topic of conversation.
I was responding to someone saying that their smart TV was full of adverts and how it's a requirement to block it. Where the convenience of the utility provided is greater than seeing an advert for a film on the menu page.
You've flipped it around to vulnerable people being surveilled by corporate/state level actors.
Why are Smart TVs singled out here? There's a tons of old Android phones that people use every day with sensitive information that are vulnerable to multiple exploits that will never get a patch.
Or Routers that never get a patch from their Vendor especially if it's a whitebox from an ISP and they've replaced it with a newer model.
It seems like Smart TVs have urban legends associated with them, I asked previously about the supposed "TV connecting to unsecured WIFI" thing that always comes up and nobody had any evidence:
Once again, trying to make this topic about you personally doesn’t work, doesn’t validate lazily considered scorn, and won’t validate doubling down on either.
A separate subnet is basic hygiene where it comes to IoT, but only a small fraction of IoT buyers have the capability to do that (both in terms of knowledge and having their home network set up in a way that allows this level of end-user control).
Your desktop? Your laptop? Whatever you happen to have running in your LAN bound to 0.0.0.0? Quite many things still assume that your local network is more trusted than the wide Internet; breaching a smart TV gives an attacker a beachhead on your local network.
> Personally I think the the idea that the LAN is some walled garden where it's fine to relax security is a bad idea.
It is a bad idea, but it happens in practice. For instance, I can vouch for the security of my desktop (except for the times I run some random development stuff bound to 0.0.0.0, for convenient multi-machine access). I can't vouch for the security of my printer, or my IoT bridge. As long as it stays true, someone breaching a single device on your LAN is already creating extra security risk for your other devices.
> I've got an LG TV, there aren't huge adverts. It's faster than switching on my PS5 to watch something.
LG TVs from the past few years involve some level of voice control, so an attacker could be able to remotely turn on your microphone and listen in on conversations.
Does anyone actually prefer the experience of an integrated Smart TV compared to a separate device? If these users exist, they probably wouldn't be found around these parts.
I do find it interesting because conversely in a car I absolutely do prefer an OEM integrated infotainment system as opposed to after market. Granted my experience with after market head units is kinda old, but I recall them seeming fairly antiquated with an OEM unit from the same vintage. Their real appeal was to "modernize" a legacy vehicle.
> Does anyone actually prefer the experience of an integrated Smart TV compared to a separate device? If these users exist, they probably wouldn't be found around these parts.
Sure, I've got a Sony TV with built-in netflix/amazon prime/chromecast receiver in it. Works great. There's no tv-inserted ads while watching TV or streaming services or anything like that. There's a couple of rows of icons on the homescreen below the app icons that are 'recommended content' which i guess some people consider to be ads (they're not, as far as i can tell) but i pretty much never use the homescreen anyway.
I do always see a lot of negative sentiment around these TVs on this site but really, I'm not bothered by mine at all and in fact quite like not having another device to wrangle.
I turned off the personalised adverts, if that even does anything. Occasionally they have an ad on the home screen, but it's small and not obnoxious (right now there is one for The Hunt on Amazon Prime). They mainly have ads in the app store as they sell content, but I rarely use that. I've never seen ads inserted in content.
The built in Netflix, YouTube and Amazon apps are good enough for my needs. Compared to an external device it's actually better, as you can configure picture settings per app. I have Netflix with a more cinematic settings, where as YouTube is toned down a little and not so bright. I have been thinking of getting a Chromecast so it's easier to share content from my PC (the TV supports Miracast but it's not great), but that's it.
What do you mean? I have a 2020 LG OLED and I'm using all the apps built into it. It has everything - Netflix, Amazon, YouTube.....buying a separate device seems like a waste of money at this point. It's also very quick, I was setting up a Fire Stick Lite for someone couple months ago and I was surprised how slow it is compared to this TV.
Can it? Aside from a very few functions reverse-engineered from LG's smartphone remote control apps, I've not found any way to control core display functionality via either TCP/IP or documented WebOS APIs, including such simple things as backlight brightness and display power on/off, at least on my 2018 model.
There is, on the other hand, a documented RS-232 protocol supported across many of LG's smart and "dumb" TVs that supports these things and more, so I threw together a trivial HTTP wrapper
that I use to control various TV settings via keyboard commands and Apple remote.
As a significant bonus, the RS-232 API has a "disable/enable OSD" command, so I can adjust brightness and switch between inputs without an annoying, oversized OSD window covering up a significant portion of the screen for several seconds telling me what I either already know from the resulting display (switched input to, e.g., the GPU connected to my Linux desktop VM) or don't care about (the numerical value of backlight brightness resulting from the latest up/down button press).
That's really interesting, can't wait to take a look.
There's a good webos plugin for homebridge (https://github.com/merdok/homebridge-webos-tv) which is based on LGTV2 (https://github.com/hobbyquaker/lgtv2) which exposes a ton of features, including the ability to instantly switch between apps/inputs. I have my Harmony calling this via my fork of Harmony Span (https://github.com/garethflynn/harmony-span) which very cleverly impersonates a Roku device via SSDP to allow Harmony keypresses to be captured by a server (a Raspberry Pi in my case) and used to run a custom shell script.
It sounds super-fussy, but it actually delivers a really clean way of switching inputs, especially in combination with my Samsung soundbar which, amazingly, only offers direct input selection via http (you can only cycle through them with the remote).
To your first question, yes and no. At least in the short term, yes. My previous Smart TV experience was a Sony from 2014. The "smart" experience was barely usable let alone ideal. I just plugged in other things - PS3 and then various Roku devices.
But a year ago I got a TCL Roku TV, and it's a pretty good experience. The one downside now is that it seems just a tiny bit slower than, say, a Roku 3. And of course no way to upgrade that. Down the line, that could be annoying. But it was also a 65" 4K TV with a pretty good picture all for $500. shrug In five years, I'll get a nicer screen and maybe a separate device, depending on the state of things. As a side note, I got a sound bar with wireless subwoofer and surround that uses HDMI ARC. So I never need a second remote, or a universal remote, or anything like that. It all... just works.
Anyway, built a small TV room for my spouse this fall, and we picked up a 40" TCL Roku TV. Just perfect for the situation. Easier to install, fewer wires, one remote. No complaints really. Perhaps if Roku goes the way of the dodo, and I want that TV screen to last longer, it could be annoying, assuming the "screen" part and the UI that lets me pick the inputs stopped working, I'd be out of luck, but that could be true of any TV. Of course, if updates were malicious and blocked those features, that would be nasty!
I have an LG C9, and I much prefer the integration and smart apps over slower Chromecast/Fire sticks. I can also cast to my TV and still use the remote in the Youtube app when casting (for example). It's a pretty good UX and the C9 has enough compute resources for everything to be very snappy. I could drop more on something like the nVidia Shield, but I already have an HTPC hooked up to my TV, running a Plex server as well as letting me use MPC-HC if I need to.
I've made my peace with the telemetry ramifications though I have not accepted a number of privacy policy notices so things aren't all that bad.
The reason every TV is a smart TV is not because they think you actually want that, but because they make money by selling telemetry on what you watch and serving ads. The margins are TVs are very low and this is where the profit comes from in the industry.
Note that TVs have technology to ID what you watch even if it's just displayed on the screen. This is always on by default, though I think all the TV manufactures do at least claim to let you turn it off.
The general buying public is also prone to thinking “smart TVs” is a good thing, so it’s almost a requisite if you want to succeed selling to the broad population.
I actually have this very TV and I think the smart TV aspects are pretty good, or at least passable, and the smart remote is very nicely engineered. I am sort of a snob with this stuff and just decided to spring for the AppleTV to control everything and to not be at the beck and call of what Samsung thinks is appropriate today especially in terms of ads and interfaces. I love the posh feeling of the Apple UI and it just feels so much more premium to me and cutting edge. With Samsung I feel like I'm in "Android world" where anything goes and no one really cares about polish too much as much as shipping the app and checking off a list of requirements. QA, performance, etc always feel so much worse in Smart TV land. I figure I only buy a new TV or box every 5+ years, so its okay to spend more to be happy. Over 60 months its really not a lot of money if you view it as a monthly expense.
I want it to "just work" and to me Apple seems to do that well enough. I do feel like if money was tighter I would have just toughed it out with the Samsung interface and been mostly happy. Currently, I do find myself cursing at how overly sensitive the Apple remote is and how tiny and easy it is to lose. Buying a white gel cover and setting sensitivity to low helped with this a lot, but that's just more money down the sink compared to just not being a snob and using the built-in system.
It really depends on the quality of the interface. My lower-end Samsung TV is laggy and buggy, maybe there are better Samsung TVs though. I have seen far more expensive LG TVs with decent interfaces that are snappy and work well with a remote.
I generally prefer using a PS4 to the TV apps. But, for instance, in theory the TV could be on standby and I could still use Spotify to cast to the TV and it would perk up and start playing in a way that my PS4 wouldn't, because I'd still need to turn the TV and the PS4 on. However even that doesn't work with my TV -- I have to manually turn it on, then launch the Spotify app before I'm able to cast to it.
Additionally, the Spotify app on my TV works in such a way that the optical audio out to my stereo doesn't produce any LFE/sub-bass, but the Spotify windows app on my PC through HDMI to the same TV, outputting through the same optical does it just fine. And the Netflix app on my TV outputs LFE just fine. Even changing my stereo to output LFE+Main to the sub, the sub gets no signal for some reason if I'm using the TV Spotify app. AND, still with this crap Spotify app on my TV, I have to set the TV audio to TV+Optical Out (and turn the TV volume all the way down) otherwise it doesn't send the sound through the optical.
Clearly I'm dealing with a variety of poor integrations and actual bugs; on my friends' LG TVs most/all of these issues are not present, and everything 'just works'. All I'm trying to do, is open Spotify on my phone and play a song, which I can then cast to a device that will output to my stereo with full audio (including sub) without having to first turn on a bunch of devices and load specific apps.
I do find it interesting because conversely in a car I absolutely do prefer an OEM integrated infotainment system as opposed to after market.
Other things being equal, I would agree. But the auto industry has such a bad record of being irresponsible about security and safety issues, and those who supposedly regulate the industry have so often failed to deal with real and potentially dangerous problems, that I have become wary of anything to do with "connected" vehicles and anything that integrates the essential engineering around vehicle control with non-essential systems of any kind. Sadly, modern car electronics are not only designed but in some cases even legally required to blur that line, and given all the other improvements over older vehicles, it seems inevitable that I will soon have to ride in vehicles I literally don't want to trust with my life.
I have gone out of my way to avoid "smart" TVs and similar devices in my home and office, but I fear the options for alternatives there will also become limited unless and until some form of effective regulation makes the spy-on-your-customers business model toxic.
I hate it. My 3 months old "smart" TV went in a bootloop and Samsung doesn't put any hard reset button on the TV. Due Corona restrictions no technician could come to take a look, and we have to send it back and wait for a new one.
> It doesn’t take much imagination to see how dangerous a remotely-hacked smart TV can be, since they are usually equipped with microphones (and occasionally webcams)
Based on this security concern, I've compiled an exhaustive list of things people should look for when opening up a smart TV to assess its suitability as a spying device:
1. battery
In an age where people typically carry smart cell phones everywhere, there's only one question for people with privacy concerns about smart TVs: If I'm concerned about state actors hearing my conversation, is it sufficient to unplug the smart TV?
I searched for the word "battery" and didn't find it in the article. That's not useful. I guess if I ever need to have a conversation where I'm concerned about government spying, I'll just put all the other microphone-equipped devices in the room with the smart TV and go talk somewhere out of earshot of it.
I wonder why they couldn't just add a "malicious" (from the perspective of Samsung) binary into the partition on the flash chip to gain shell access that way which would allow them to interact with TrustZone and decrypt the main firmware image.
Cracking the TV's TrustZone would be a huge side project, akin to cracking the same secure enclave on all new Samsung phones and watches. Having said that, it actually has been done before:
This is why I will buy a commercial display instead of a TV. They are the same thing but without all the smart stuff. I can also avoid paying TV License (I live in the UK)
I have about a thousand times more confidence, that if I use my smart TV as a dumb screen connected to an Xbox one or PlayStation 4, that over a multi-year period of time, Microsoft and Sony will successfully keep their operating systems automatically patched, updated, and secure. As compared to any tv manufacturer.
I have seen people resort to things like installing pihole on their home LAN so that their smart tv will stop showing ads covering 1/3 of the screen whenever they use the menus. At least the advertisements that one will see on the home screen of an Xbox or Playstation are relatively small, unobtrusive, and can be ignored without bother.
In the future I think we will have problems with the fact that hdmi can also carry 100Mbps ethernet. Imagine if you plug your smart tv into some other device, intending just to send video to it, that gives it a dhcp lease and default route out to the internet. All in the name of consumer friendly "just plug it in and it works!" type functionality.