SoylentNews is people
SoylentNews
Submitted via IRC for Bytram
Samsung asks users to please virus-scan their TVs
Yesterday on Twitter, Samsung's US support team reminded everyone to regularly—and manually—virus-scan their televisions.
Samsung's team followed this up with a short video showing someone in a conference room going 16 button-presses deep into the system menu of a Samsung QLED TV to activate the television's built-in virus-scan, which is apparently "McAfee Security for TV."
Unsurprisingly, Samsung got immediate pushback on these tweets and almost as immediately deleted them.
This may raise some questions about Samsung's practices and what we as consumers should be expecting of modern devices. The fact that Samsung's malware scanner is McAfee (and that McAfee's only customer for the service is apparently Samsung) raises questions about the real value and intent of the service: is Samsung paying McAfee for what has to be a pretty trivial application, or is McAfee paying Samsung for brand promotion? But even if we skip the brand-related cynicism and take the concept at face value, we are left with a few questions.
Ars reached out to Samsung with the questions below, but the below statement the company provided didn't answer them. The following statement is attributed to Samsung:
Samsung takes security very seriously and our products and services are designed with security in mind. We recently shared information about one of the preventative security features on our Smart TVs, in order to show consumers proactive steps they can take on their device. We want to clarify that this was simply a way to educate consumers about one of the features included in our products and was only posted because we believed that consumers would find it informative.
[...] The best way to keep your big, expensive smart TV safe is never to allow it access to your network in the first place. The consumer electronics space is packed chock-full with inexpensive, high-quality streaming devices that typically have better interfaces and more options than most smart televisions anyway. Roku and Amazon 4K-streaming players both start at less than $50; in the unlikely event one of those becomes compromised, "recycle the bad one and buy a new one, probably from a competing brand" seems like a perfectly reasonable response.
(Score: 1, Insightful) by Anonymous Coward on Thursday June 20 2019, @01:15PM (2 children)
What garbage. I think I'll just purchase a television that doesn't need to be scanned for viruses and isn't trying to push a partner's software.
(Score: 2) by The Archon V2.0 on Thursday June 20 2019, @02:04PM (1 child)
> viruses
> partner's software.
Not seeing a difference.
(Score: 2, Insightful) by Anonymous Coward on Thursday June 20 2019, @04:19PM
Let me clear this up for you. "Viruses" do not pay Samsung a fee for the right to infect a TV, whereas "partner's software" does pay Samsung a fee for the right to infect a Samsung TV.
(Score: 5, Informative) by stormreaver on Thursday June 20 2019, @01:17PM
If your appliance can get a virus, then it's defective and needs to be returned.
(Score: 3, Informative) by Anonymous Coward on Thursday June 20 2019, @01:34PM (5 children)
buy a smart TV.
If your local store only stocks smart TV's, then tell the sales guy you will not be buying any smart tv and walk out.
If sales drop to zero for a few weeks the shops, and the makers, will get the message real quick.
Sadly, too many people see smart tv's as a benefit rather than the awfulness that they really are.
(Score: 2) by SomeGuy on Thursday June 20 2019, @03:39PM (3 children)
I use a good old CRT TV and an Over The Air digital converter box. (Works great, BTW and no $$$ monthly fees!)
At a few times, some of the broadcast stations have managed to embed SOMETHING in to the channel preview information that will cause the box to crash and shut down when I hit preview. I'd like to think that software can't alter the firmware, and anything in random memory would clear after a power cycle, that should be true with this kind of device, but it may not be.
Point is, a "smart TV" is a billion times more complicated. Anyone who thinks there are no vulnerabilities is an idiot consumertard.
(Score: 3, Insightful) by Freeman on Thursday June 20 2019, @04:34PM (2 children)
You would save $$$ yearly in electricity costs, if you switched to a modern LCD/LED TV. I would recommend finding and purchasing one, before you can only get a "Smart" TV.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 3, Insightful) by SomeGuy on Thursday June 20 2019, @09:27PM (1 child)
More like a few cents. It's a very small TV. It doesn't use as much power as your corporate overlords would have you believe.
But you do have a point that anyone who wants a non "smart" TV should get one now. At the moment, places like Goodwill still re-sell old TVs, but you might notice most of them don't re-sell old computers. As TVs become "smart" enough they will fall in to the catagory of computers and cell phones, which means no more re-selling due to "privacy" policies... and bribes from TV manufacturers to keep people buying only new stuff.
(Score: 2) by Freeman on Friday June 21 2019, @01:52PM
More than a few cents, but probably less than $100. Here's a random electricity calculator I found on the interwebs. https://energyusecalculator.com/electricity_lcdleddisplay.htm [energyusecalculator.com] Pretty interesting.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 2) by epitaxial on Thursday June 20 2019, @06:26PM
Go ahead and find me a TV with smart options. I'll check back.
(Score: 2) by Alfred on Thursday June 20 2019, @01:38PM
You want smart, you get smart and all that entails.
I got a dumb tv with composite video in to hook up ye olde consoles and I have no worries.
But if I had a fire stick (or the like) that went bad, the first thing I would do, instead of trash it, is take it apart, cross my fingers, and google alternative firmwares and hacks.
(Score: 4, Funny) by looorg on Thursday June 20 2019, @01:45PM (3 children)
There are just some sentences you don't ever expect to hear; virus scanning your TV is one of them.
(Score: 1, Funny) by Anonymous Coward on Thursday June 20 2019, @04:21PM
You mean like "Hello. My name is Inigo Montoya. You killed my father. I'm here to ask for your vote for Congress."?
(Score: 0) by Anonymous Coward on Thursday June 20 2019, @10:09PM
Don't forget this one: "My Left Shoe Won't Even Reboot": Faulty App "Bricks" Nike Smart Sneakers
https://soylentnews.org/article.pl?sid=19/02/22/0545213 [soylentnews.org]
LOL
(Score: 0) by Anonymous Coward on Friday June 21 2019, @04:34AM
Here is a three minute video about how to reset your GE lightbulbs if they don't respond to WiFi commands: https://www.youtube.com/watch?v=1BB6wj6RyKo [youtube.com] When I first saw it, I thought it was a parody.
(Score: 0) by Anonymous Coward on Thursday June 20 2019, @01:48PM (9 children)
I'm not sure that connecting another box is the answer because that box could very well end up connecting your TV to your network for you. Yes, if you really knew what you were doing, sure perhaps it would be avoided. But simply connecting another box - making that sound like an easy option to fix the issue I think is an over simplification.
For example the HDMI from the TV to the DVR connected the TV to the network by default.
https://www.hdmi.org/manufacturer/hdmi_1_4/hec.aspx [hdmi.org]
(Score: 5, Informative) by NotSanguine on Thursday June 20 2019, @02:59PM (8 children)
Some minimal research
https://duckduckgo.com/html?q=which%20devices%20support%20HEC [duckduckgo.com]
https://duckduckgo.com/html?q=HEC%20cables [duckduckgo.com]
https://duckduckgo.com/html?q=HDMI%20HEC%20security%20considerations [duckduckgo.com]
https://duckduckgo.com/html?q=hdmi%20hec%20ip%20forwarding [duckduckgo.com]
allows me to draw a couple of conclusions:
1. Unless each connected device supports HDMI HEC, there is no ethernet connectivity;
2. Unless every HDMI cable supports HEC, there is no ethernet connectivity
Since (AFAICT) very few devices support HEC, risk is limited there. What's more, risk can be *eliminated* by using HDMI cables which do not support HEC, regardless of device capabilities.
I'm absolutely not saying that there are no security issues WRT to HDMI HEC. Just the opposite, in fact. However, such risks can be mitigated and/or protected against with minimal effort.
Running all your HDMI through a receiver that doesn't support HEC (as I do) is a good start. Ensuring that the cables connected to a device with Internet access, (like a DVR or laptop) don't support HEC (as I also do) will eliminate that threat completely.
That's not to say there won't be additional risk as more manufacturers start supporting HEC, but given that they haven't done so in the more than a decade since HEC was standardized is telling.
AFAICT, most manufacturers rely on Wifi or direct wired ethernet connectivity, which is easily disabled. All the same, making sure that at least one link in the chain (HDMI cables or devices) don't support HEC will eliminate the threat.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 0) by Anonymous Coward on Thursday June 20 2019, @04:32PM
I think you did a good job of outlining those points. It seems like a good solution conceptually but if put in place without regard to the details you mentioned it might not have the desired prophylactic effect.
(Score: 3, Interesting) by krishnoid on Thursday June 20 2019, @07:20PM (6 children)
I just hope Samsung doesn't make a deal with Comcast to let them connect to any available Xfinity WiFi hotspot [xfinity.com], in which case you'll just hop over to your neighbor. I'm thinking I'd prefer a foil patch over the antenna or something involving a screwdriver. Helpful info, though.
(Score: 5, Insightful) by NotSanguine on Thursday June 20 2019, @07:39PM (5 children)
Is it just me, or is sad and scary that coming up with a scenario like that isn't all that far-fetched?
Sigh.
In ten years (or however long it may be) when I purchase another television, I guess I'll need to do the sort of risk assessment I'd normally do for enterprise-grade networking equipment.
Surveillance capitalism is a disgusting tumor on society.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 3, Informative) by MostCynical on Thursday June 20 2019, @11:22PM (4 children)
Running your own router, take care configuring firewall rules, use custom iptables etc..
Ensure your wifi is running "properly" secured..
The challenge then is to find all the aerials inside the tv or other set top box, to ensure they can't connect to any other wifi or 3G/4G/5G networks..
Only to get an error message and a device that refuses to boot when it can't phone home..
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 2) by NotSanguine on Friday June 21 2019, @02:24AM (3 children)
Fortunately, those spying scumbags at Vizio didn't put xG into the TV I have. So I just give it a static IP address via the wired LAN and do egress filtering on it. Fortunately, there's no open Wifi in range. And I blackhole all the DNS names it tries to resolve as well.
But as I said, it's sad and a little horrifying that I even need to worry about this stuff. It's not a big deal for me, as I'm a networking and InfoSec guy. But it's really bad news for most folks.
More's the pity.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 2) by MostCynical on Friday June 21 2019, @03:19AM (2 children)
"Most folks" just don't care.
Cf. articles on SN over the last year and more about inseure IoT devices, spyware on phones, etc, etc..
Worse, they see people who do care as loonies.
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 2) by NotSanguine on Friday June 21 2019, @04:20AM (1 child)
You don't have to tell me. I've tried to explain this stuff to my family members. My generation listens respectfully then look and say, "sure NotSanguine. I totally get it." and then look at me as if I'm an idiot. The younger generation does the same, except they say, "I know, Uncle NotSanguine. But that's how it is, so who cares?"
The strangest part about it is that they all call me NotSanguine, which isn't even my real name. Creepy.
And it's not like these folks are ignorant or uneducated either. They all have at least a bachelor's and at least half have advanced degrees. A bunch are software devs and engineers, too.
So I've stopped talking about it with them. It's no skin off my nose.
But more's the pity.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 2) by MostCynical on Friday June 21 2019, @04:36AM
The best response I have had is "so what?"
Humans are crap at risk assessment, if it isn't about immediate threat of being eaten.
Evolution hasn't caught up with the last 200 years of technology (yet?)
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 4, Informative) by The Archon V2.0 on Thursday June 20 2019, @02:08PM (1 child)
At this rate, the song "Every OS Sucks" is going to be obsolete by 2025. For those who haven't heard it, it includes:
> The fridge, stove and toaster never crash on me
> I should be able to get online without a PHD
> My phone doesn't take a week to boot it
> My TV doesn't crash when I mute it
(Score: 1, Informative) by Anonymous Coward on Thursday June 20 2019, @03:22PM
My smart tv randomly crashed on boot. The patch supplied by the vendor didn't fix it. Free replacement TV.
The new one doesn't crash as often. Their custom android build is unstable.
(Score: 1, Interesting) by Anonymous Coward on Thursday June 20 2019, @02:29PM (5 children)
I fully agree with you that Smart TVs are "dumb". I would not connect one to my wired or wireless networks at home. And I would prefer to have a TV without all the "smarts" built in. The problem is there aren't any good non-Smart TVs left in the market. If you disagree, name some. Anything over 50 inches in size. I honestly would like to know what's left in the market that's up to date and doesn't have the Smart stuff bundled in. I can't find any.
(Score: 1, Offtopic) by Runaway1956 on Thursday June 20 2019, @02:48PM (4 children)
Over 50 inches in size? You weren't looking for a TV, were you? You needed a status symbol.
Abortion is the number one killed of children in the United States.
(Score: -1, Flamebait) by Anonymous Coward on Thursday June 20 2019, @03:24PM
They used to buy expensive cars.
Now they can overcompensate with phones and TVs.
Look at this here tv on mah wall so flat and curved and huge! Guess how many inches I have here.
(Score: 3, Insightful) by DannyB on Thursday June 20 2019, @03:27PM (1 child)
I don't need a status symbol. I just don't want to have to wear glasses while watching TV.
Now if only there were anything worth watching.
Young people won't believe you if you say you used to get Netflix by US Postal Mail.
(Score: 2) by Runaway1956 on Thursday June 20 2019, @03:58PM
Alright, I can empathize with that. Both parts of that, actually. ;^)
Abortion is the number one killed of children in the United States.
(Score: 0) by Anonymous Coward on Thursday June 20 2019, @04:55PM
TVs of that size are only a few hundred dollars (MUCH cheaper than they were 10 years ago!). The smallest ones you see out on the shelves are 32-inches or more. Just like finding a dumb TV, it is hard to find a small one too (on the display shelves, at least), so not so much a status thing I would argue.
(Score: 3, Funny) by SemperOSS on Thursday June 20 2019, @02:34PM (1 child)
I wish I could, but my virus scanner just ran off with my self-driving car, the only networked thing that wasn't Samsung.
I don't need a signature to draw attention to myself.
Maybe I should add a sarcasm warning now and again?
(Score: 2, Funny) by fustakrakich on Thursday June 20 2019, @05:12PM
my virus scanner just ran off with my self-driving car
It only went out for a pack of cigarettes...
La politica e i criminali sono la stessa cosa..
(Score: 4, Funny) by DannyB on Thursday June 20 2019, @02:57PM (5 children)
GE has these new "smart" bulbs called C.
Here is a video [youtube.com] showing consumers how to reset their C bulbs made by GE.
Are these bulbs really so "smart"?
Do they need virus scanning?
Firmware updates?
I thought light bulbs were supposed to be simple?
Look at what they have become!
Edison would be spinning in his grave!
(but would the spinning generate an AC current?)
Young people won't believe you if you say you used to get Netflix by US Postal Mail.
(Score: 3, Insightful) by NotSanguine on Thursday June 20 2019, @03:08PM (1 child)
Edison's biggest and most successful invention was the electric company.
If you learn a bit more about Edison, you'll find that he'd likely trumpet these bulbs as a huge breakthrough and use whatever means he could to secure exclusive rights to the technology and fight to change light socket standards to *require* the use of such devices.
What's more, he'd likely lobby to force home/building owners to retrofit their existing light sockets, and make the bulbs and sockets not backwards compatible.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 2) by DannyB on Thursday June 20 2019, @03:15PM
Edison would require proprietary bulb sockets. And only Edison brand electricity in order to prevent an unsightly build up of C1 particles.
Q. How many software developers does it take to change a lightbulb?
A. None. That is a hardware problem.
Q. How many hardware engineers does it take to change a lightbulb?
A. None. We believe the device driver team can develop a clever patch to resolve the issue.
1"competition" particles which would lead to "innovation" and heaven forbid to lower prices.
Young people won't believe you if you say you used to get Netflix by US Postal Mail.
(Score: 2) by PinkyGigglebrain on Friday June 21 2019, @02:33AM (2 children)
I doubt it. Edison was a DC advocate. He also put a great deal of effort into trying to discredit and otherwise undermine the adoption of AC since he didn't own the patents on it.
Though the attempt might make Edison spin faster :)
The AC power system the world enjoys today was the result of Nicola Tesla's creative genius and vision. All of it, the generators, the transformers, the motors, etc.
"Beware those who would deny you Knowledge, For in their hearts they dream themselves your Master."
(Score: 0) by Anonymous Coward on Friday June 21 2019, @04:36AM
Execution by the electric chair was invented by Edison. It was the result of his attempts to show how much more dangerous AC was compared to DC. You can find the demonstrations he used to do on YouTube, most famously with elephants.
(Score: 2) by DannyB on Friday June 21 2019, @05:42PM
The rate at which Edison would spin in his grave would be directly related to how magnetic a personality he had.
Which from what I can tell, isn't much.
And also a patent troll before the term was even coined.
Young people won't believe you if you say you used to get Netflix by US Postal Mail.
(Score: 2) by inertnet on Thursday June 20 2019, @03:07PM (3 children)
My Samsung TV is a bit older so I don't think it has a virus scan option. I never installed any apps on it anyway.
But it does sometimes grind my home network almost to a halt. About every couple of months I have to unplug the TV from the network and everything is fine again.
I guess it tries to call home now and then, but keeps retrying if it can't connect.
(Score: 4, Informative) by Hyperturtle on Thursday June 20 2019, @04:10PM (2 children)
I'd uh try to figure out what it is doing. It sounds like you don't know, and it's likely that if it was listening to you all of the time, you'd never know. Unless you checked.
I would guess it does more than calling home now and then. Often, smart tvs connect to a few different places. When they try to upload personal data to 3rd party vendors, that is not home, and you would not receive an error message. They try not to draw attention to that sort of thing...
But, you might want to let it call home. For all we know there is an update that makes the TV more secure. Sony TVs were pretty cool recently in that they started to play advertisements from Google. Features everyone loves--unskippable ads! https://www.the-ambient.com/news/google-ads-android-tv-update-1511 [the-ambient.com]
Samsung TVs are not running Android, of course, but they are not exactly saints considering they are a) suggesting people run anti-virus software on their smart tvs and b) have a generic disclaimer stating that if you don't want personalized ads based on what you talk about while in the same room as the TV, then stop talking out loud because the TV is always listening and any secrets you speak of may be transmitted to third parties.
With that in mind, maybe look up your TV model to see if anyone on the internet has complained about what new updates have done to the TV, before you do anything rash with updating.
Anyway it can't be good if the TV has to be disconnected from the network to allow the rest of your home to keep talking on-line. Probably, the TV is up to no good. If you are able to check firewall logs or anything outside of the TV that might log traffic or errors going out your internet connection... or even better, packet capture/sniff the TV traffic... you should do so. You might learn why it takes your network down--probably it is trying to upload something at full port speed onto a much slower internet connection, but the mystery is what it is uploading of yours. If it was trying to download stuff, you'd be slow, but probably not truly stuck until you unplugged the TV.
(Score: 3, Interesting) by inertnet on Thursday June 20 2019, @10:03PM (1 child)
I have a few internet servers running on an extra set of 8 IP addresses ( /29 ) on my network. At first I thought my servers were under attack, this only happens sporadically. One time this happened when I was in the living room, watching TV. The TV kept freezing every couple of seconds. I was too lazy to go to my computer to figure out what was going on, so I just unplugged the TV from my network. It immediately became normal again and the network was fine again. Even after reconnecting it stayed fine.
tl;dr, I don't think it'll be easy for me to figure out what the TV was doing. Next time I'll just unplug the damned thing again.
(Score: 2) by Hyperturtle on Friday June 21 2019, @03:21PM
Good luck, then -- I'd go mad if I had servers go down because the TV had to be unplugged to get things working again, despite the network segmentation/isolation!
Makes me think of that bastard operator from hell story; he had unplugged the lotus notes server to run his coffee maker at work, or let the cleaning staff vacuum, etc, and every time the server went down, he'd act like he was fixing it by plugging it back in. Except your servers aren't getting unplugged and plugged back in again to get things working, it's the appliance that is!
(Score: 0) by Anonymous Coward on Thursday June 20 2019, @04:21PM
i virus scanned my tv and now it won't let me watch anything anymore saying there's a propaganda virus on each channel trying to sell ads!
i other news, there's alternative firmware for your smart-tv-phone-home! samygo or sumething?
(Score: 1) by fustakrakich on Thursday June 20 2019, @05:15PM
In other words, security through abstinence?
La politica e i criminali sono la stessa cosa..
(Score: 2) by Mykl on Friday June 21 2019, @12:25AM
but I did so with eyes open. The picture is fantastic, and the HDMI ARC connection to my sound system greatly simplifies the number of wires and devices I need in order to watch TV, Netflix etc. I'm back to one remote, and haven't yet bothered to reprogram my universal remote.
I'm well aware that there are risks, but:
(Score: 2) by darkfeline on Friday June 21 2019, @03:13AM
https://xkcd.com/463/ [xkcd.com]
Why does the TV need a virus scanner? Why does anything made in the last few decades, minus Windows, need a virus scanner?
Join the SDF Public Access UNIX System today!