It seems that Samsung just can’t catch a break because according to researcher David Lodge of Pen Test Partners, it turns out that Samsung’s Smart TVs were not encrypting voice data being sent over the internet. The Smart TVs are able to accept voice commands like saying, “Hi TV” will make the TV start listening to additional commands.
These commands can range from adjusting the volume to performing searches on the internet. However according to Lodge, he discovered that that voice data used to perform more complex actions are processed by a third-party company called Nuance, and that the data being sent to Nuance for processing aren’t encrypted.
What this means is that potentially Samsung has left their Smart TVs open for interception and also for man-in-the-middle attacks. This could result in commands being intercepted and swapped out for something else (e.g. decreasing the volume instead of increasing it), or changing web search results, and so on.
Now for the most part users don’t tend to store private or sensitive information on their Smart TVs, but we can imagine that users would prefer to have their search results or requests kept private all the same. Samsung and Nuance have yet to officially comment on the issue.