Comment on Cox deletes ‘Active Listening’ ad pitch after boasting that it eavesdrops though our phones
neurogenesis@lemmy.dbzer0.com 6 months agoWell. Wireshark would confirm that if it were true.
Comment on Cox deletes ‘Active Listening’ ad pitch after boasting that it eavesdrops though our phones
neurogenesis@lemmy.dbzer0.com 6 months agoWell. Wireshark would confirm that if it were true.
RunningInRVA@lemmy.world 6 months ago
I’m sure it will show HTTPS traffic outbound from your TV.
gravitas_deficiency@sh.itjust.works 6 months ago
I’m sure it will show no traffic whatsoever if you don’t connect your TV to your network
piecat@lemmy.world 6 months ago
There’s a dozen ways they could jump the air gap.
Ultrasonic to a phone or Alexa/Siri/etc, connect to an unsecured network, send data to a neighbor’s smart TV which is connected to Internet, Bluetooth or other to a phone
Boy_of_Soy@lemmy.world 6 months ago
That would add a ludicrous amount of cost to the device in both material cost and R&D. It’s so incredibly unlikely that any company would make that investment just to spy on the conversations of ordinary citizens when there are far cheaper and easier ways for them to build and sell advertising profiles.
LazaroFilm@lemmy.world 5 months ago
At that point the customer acquisition cost is t worth it.
phx@lemmy.world 6 months ago
Low-bandwidth cellular chip…
LWD@lemm.ee 6 months ago
TV’s have been spotted connecting to open networks on their own. They could easily look for alternative routes.
lud@lemm.ee 6 months ago
Source?
Either way, open networks are very uncommon in residential areas (and honestly in general)
hasnt_seen_goonies@lemmy.world 6 months ago
It would show the encrypted out bound traffic right? You wouldn’t be able to identify it by reading the bits, but you could by the volume and not doing anything else.
KeepFlying@lemmy.world 6 months ago
Maybe. They might do some processing locally and just upload as text so it might be easy to batch the data, making the upload volume and pattern less obvious.
It also saves them network bandwidth so I’m sure that would motivate them too. Uploading raw mic data from all TVs would be expensive.
Quexotic@infosec.pub 6 months ago
You’re getting down voted, but this seems the most likely. TTS is trivial anymore.
neurogenesis@lemmy.dbzer0.com 6 months ago
And with DNS requests and timing you should be able to figure whats in those packets.
GenderNeutralBro@lemmy.sdf.org 6 months ago
Sorry if this is a noob question, but…how?
DNS will tell you the server name and address, which would just be some server owned by the company. Nothing weird there unless they have the chutzpah to name it something telling. They could even bypass DNS entirely with hardcoded IP addresses.
Timing wouldn’t be a great indicator either if they aggregate requests.
They could slide anything nefarious in with daily software update checks or whatever other phone-homing they normally do, and without deep packet inspection or reverse engineering the software, it would be very difficult to tell.
I don’t think Wireshark can do deep packet inspection, can it? Assuming the client is using SSL and verifying certs, maybe even using cert pinning?
Size would be a big indicator if they’re sending full voice recordings, but not if they’re doing voice recognition locally and only sending transcripts, metadata, or keywords.
I’ve never actually done this kind of work in earnest, and my experience with Wireshark is at least a decade out of date. I’m just approaching this from the perspective of “if I were a corporate shitbag, how would I implement my shitbaggery?”
EncryptKeeper@lemmy.world 6 months ago
The answer is: it wouldn’t. You’re right on the money, you couldn’t do anything other than speculation.
neurogenesis@lemmy.dbzer0.com 6 months ago
Try it out. Setup dnsmasq and connect your phone to the network. You’ll see a ton of requests initially, that gives you some idea of what apps/services/accounts are on the phone. Let the phone go to sleep, and watch what is sending requests in the background.
On the TV, it would be similar. You walk into the room and it starts sending packets? You say something unrelated to it’s trigger word yet Wireshark shows activity? Suspicious. If you can get a certificate onto the TV you can use mitmproxy to view the HTTPS traffic, but that’s probably kinda difficult.
I do not use smart TVs but I have been doing stuff like the above for a while. If they are recording and storing stuff some engineer eventually figures out, it’s not an NSA backdoor.
I’m not saying they are/aren’t, I do not know, it just seems very unlikely and improbable especially given smart phone ubiquity. What is known to be actually occuring is a complete violation of consumer privacy for marketing purposes, but OPs form of spying is so far unsubstantiated.
Now, can that TV be hacked and used by your neighbor to spy on you? Or can your government access your mic/camera? That’s an entirely different question and field of expertise.
More info
whofearsthenight@lemm.ee 6 months ago
In this case, it would be pretty hard. We have wiretap laws, which would mean you have to tell the user you’re doing this. Even though no one reads the ToS, someone does, and it would be news if someone was doing this.
Even then, it would be a hard enough problem that companies would think twice about it for a few reasons. Number one, processing 24/7 of all audio in your home is going to be rather difficult/expensive, so you’d have to go with something like keyword-triggers-processing the way that your phone listens for “hey google/siri” or Amazon listens for “Alexa.” It works kinda like game video sharing - they are always listening and recording for a short time frame* but they only send the data somewhere if they hear the trigger phrase. That’s not easy in itself, they’ve spent a ton of time getting the right algorithm so that it correctly hears the right trigger phrase and you don’t get a ton of false positives to varying degrees of success. And keeping in mind these are companies that are best suited to it, they still struggle sometimes with even that. The ad companies would have to listen for dozens/hundreds/thousands of triggers…
And then you get to the data retention policies. Google is an ad company, Apple is not. One of the reasons that Apple can tout privacy as a feature is simply that they don’t need the data, so they don’t collect nearly as much, and they save even less. They get the bonus of not dealing with law enforcement and all that.
So, assuming they solve that, solve some big issues with the laws of the land and physics, now we’re to the point where they have to think about network traffic. Which is going to be trivially easy for nerds to figure out and circumvent, so they would have to have their own ad-hoc network which comes with another 137 or so difficulties.
EncryptKeeper@lemmy.world 6 months ago
That’s not how that works lol