Ask HN: Has anyone seen smart TVs connect to unsecured WiFi without permission?

89 points by Jonnax ↗ HN
In IT circles I've noticed that whenever there's any discussion around Smart TVs, someone will usually say they buy a Monitor or Digital Signage TV instead as they don't have smart features.

This would be to avoid adverts, viewing habit tracking via content ID tracking or just running software without security updates on your network.

And inevitably someone will say that they'd heard that Smart TVs will connect to unsecured WiFi networks in proximity and start uploading your data.

This seems like something worth reporting to regulatory authorities at least. And also would be quite interesting to understand how it works.

But I've never heard of any specifics. Like what brand does this? What data is it trying to send?

It's easy to spoof a public hotspot and then at least identify what domains it tries to connect to.

Failing that there might be information gleaned from wireshark.

69 comments

[ 1590 ms ] story [ 1658 ms ] thread
I’m curious about this one as well. However I quite fear that if they do then they will switch to 5G for newer models which will be more of a PITA to avoid.
Holy crap I didn't know manufacturers were looking at this. Quick search shows, of course, Huawei to release a 5G TV.

How expected...

Along these lines, has anyone ripped the WiFi module out of their television? I'd gladly take a soldering iron to mine to ensure it won't phone home.
It's not always that easy I think. My LG TV has a Bluetooth remote and I know for a fact that it has a single WiFi / Bluetooth connectivity module (because it crapped out on me recently). Removing the module would render the remote and the TV unusable.
There's probably still an external or PCB antenna. Wrapping it in aluminum foil should do the trick.
Connecting it to ground would be better.

If the aluminium foil is only around the antenna and/or connected to the antenna this might not be enough or might even improve the antenna.

If the wifi module is soldered on the main board then I think the best thing one can do is to break the lines near the antenna pins of the wifi chip and terminate it with a suitable resistor.
Related to this, where would this stand legally if your device automatically connected to your neighbour's network?

In the UK, you can be arrested for unauthorised use of a Wi-Fi network, under our Computer Misuse Act law. [0] I think this would be unlikely if the network was wide open, but I believe it could still happen in principle.

edit I missed this from the linked article. Looks like you can't be arrested for accidentally using an unsecured Wi-Fi network.

> If the network was hacked then a crime has been committed, but our friends over at Out-Law.com confirm that connecting to the wrong network by mistake is not a crime

[0] https://www.theregister.com/2008/10/30/wi_fi_arrest/

> Looks like you can't be arrested for accidentally using an unsecured Wi-Fi network.

You probably haven't committed a crime if you accidentially use an unsecured Wi-Fi network, but if you deliberately use one then the situation is less clear. Section 1 of the CMA (https://www.legislation.gov.uk/ukpga/1990/18/section/1) requires only that you "[cause] a computer to perform any function with intent to secure access to any program or data held in any computer, or to enable any such access to be secured," that "the access [you intend] to secure, or to enable to be secured, is unauthorised" and that you "[know] at the time [you cause] the computer to perform the function that that is the case."

How does a law so broadly worded translate to technical reality? Many of us in the industry don't really know, and as a result feel that the UK's computer misuse laws really are crying out for reform. See https://www.cyberupcampaign.com/ for more.

Yeah, the Computer Misuse Act requires mens rea of intending to access a computer you know you shouldn't.
I am pretty sceptical of this specific rumour and I suspect it's an urban legend.

But regardless of that… it's totally plausible that a manufacturer could end up doing this, and as such it presents a risk vector. I can even see how it might be done semi-accidentally by a bad engineering team.

An even bigger risk is corporate-owned mesh networks, like Amazon Sidewalk. It's quite possible that TVs with Alexa support will end up also having access to this network, and will use your neighbour's Echo to ship data back even without you knowing. Or even a built-in LTE/5G transceiver.

Without strong regulation of privacy and consent, this will be a persistent and dangerous issue.

> I can even see how it might be done semi-accidentally by a bad engineering team.

I can totally see this being done as a "usability" feature.

Automated telemetry, noticed by the marketing department, scooped up an analysed is how I usually picture it.
> Without strong regulation of privacy and consent, this will be a persistent and dangerous issue.

It won't be a dangerous issue because no one can force a TV inside your house/office.

Meanwhile leave the rest of us the option to make this trade-off

My ability to watch content produced by one company should not be impinged upon because I don’t consent to frankly gross privacy violations by another entirely unrelated company. This is exactly what regulation is for. Privacy should be protected. You and I can make this trade-off. My parents? They don’t. We protect those who aren’t well versed in a topic through regulation for this reason.
You are not obligated to buy anything you disapprove of
> We protect those who aren’t well versed in a topic through regulation for this reason.

You're still missing the crux of the matter. You can't disapprove of something you don't know about.

In addition (Slightly OT, but related), there are many people who do disapprove, but have to have access to a product/service in order to do their job. The only way to protect them is regulation.

I get it -- beyond a certain point this sort of thing becomes fraud, which is already illegal.

Regarding the job example -- the employer is also a human being, and if they want to get that TV they may. If you disapprove of that, you don't have to work there. Either way, best if you keep your private conversations out of the office.

> I get it -- beyond a certain point this sort of thing becomes fraud, which is already illegal.

True. I suppose that the people asking for more regulation (myself included in this instance) would mostly just like for those laws to actually have teeth in this sort of situation. Unfortunately, lawmakers/enforcers mostly fall in the "not knowing" category.

Also, my apologies if I came across as overly combative, that was not my intention.

> If you disapprove of that, you don't have to work there.

Unfortunately, many people do not have the option to drop a job and find a better work environment. I have some other views on this, but that would be OT for this thread.

> Either way, best if you keep your private conversations out of the office.

Definitely agree on that.

> You're still missing the crux of the matter. You can't disapprove of something you don't know about.

Well, it sounds like the regulation you might want is something that oDot could also live with: a requirement for full disclosure and clear labeling, but not a ban on anything.

I would be quite fine with that. Maybe something akin to the labels required on cigarettes (in the US at least).
Like poisoned water? Consumer protection exist for a good reason.
1) If it is dangerous in his situation is not up to you to decide. Saying he shouldn't get a TV is like saying to someone to not get internet. Please...

2) Being OPT-in would not stop you from using it.

I'm very curious why you feel so strongly that SmartTV's should be allowed to send data without anyone's knowledge?

Sometimes I'm worried my gf will get upset that I can't watch something on the projector and want to get a TV. I could absolutely see that happening if something weird happens with widevine.
No, it is dangerous because it subverts even quite well-informed expectations of a product.

If I purchase and install an appliance, and do not connect it to a network, I have a reasonable expectation that it will not not send my personal data to the manufacturer.

It is unlikely that consumers will anticipate hidden data-gathering being performed by products. We already enforce standards to validate that products will not do things like burst into flames, or emit toxic gases. It is equally reasonable to require that products being sold to customers meet acceptable levels of protection for private data.

Additionally, you are still welcome to make that trade-off for yourself. Regulation requires that you are informed and in some cases consent to data-gathering. It does not require it to not exist.

That sounds like borderline fraud, which does not require any additional regulation
> Additionally, you are still welcome to make that trade-off for yourself. Regulation requires that you are informed and in some cases consent to data-gathering. It does not require it to not exist.

Nobody mentioned yet what kind of regulation they are talking about.

I reckon oDot was objecting to an outright ban, but would accept a disclosure requirement.

> It won't be a dangerous issue because no one can force a TV inside your house/office.

No, but the government forces me to pay for the public TV stations and there is no way to opt out. So yes, I do want a TV in my home.

Inb4 sunk cost fallacy.

I believe the courts have ruled that it is still considered unauthorized access even if the target doesn't make any attempt to defend themselves (see the AT&T hack). However I wouldn't hold my breath that it would be prosecuted that way.
Any charges would be brought against the device's purchaser, wouldn't it? It would be up to the owner to choose to sue the manufacturer of the product. IANAL, ofc.
Not that my gut counts for anything, but most prosecutors unless they're just trying to make an example of someone in particular would not be wise making that assertion I think, because they'd have to pin it on the customer doing it intentionally. I'm not a lawyer, nor is this legal advice but I'd think the manufacturer that actually controls the implementation details would be a far juicier target. Otherwise, precedent would be set such that every user of that model Television would potentially be another offender waiting to caatch tge eye of law enforcement to jave a token charge thrown at them.

Just seems like a massive anti-pattern to me.

Any lawyer who looks at taking this to court will notice that the manufacture has much bigger pocketbooks and so will do everything he can to sue the manufacture if it all possible. Getting a minimal judgement against your average "living paycheck to paycheck" person on the street isn't worth your time in court. However it is "easy" to update that to a class action lawsuit against a manufacture where the average man on the street gets $5 and you take home big money.
Can recommend the digital signage route (there's not a lot of opionions on that written down. At least I found no reviews/forum posts at all...). Got mine (Samsung QM49N) from an Amazon-clearance sale (marked down 50% - apparently they couldn't successfully break existing supply chains this iteration).

Initially I was a little bit worried that it might have really bad black levels/image quality, given that it's rated for 24/7 and 500cm/m² of backlight brightness and the fact they offer a "plain" TV-like model for a little bit less. I was pleasantly suprised that these fears were unfounded and you can even adjust the actual backlight (most TVs will do this dynamically and so have fun in your sunny living room...) and it has really great viewing angles (for VA. I own a 32" VA-display as well ...). I'd say picture quality is on par, if not better than most of what I could have gotten at a similar price point (remember price was reduced from €800 to €400) and compares okish to the €900€ TV of relatives (the latter has less banding (and yes, every TV in the 3-digit range has groce banding))

So: if you see a digital-signage display marked down and are shopping for a TV (without nuisances and inbuilt-tuner). Try it. It might be a really nice experience!

Yep, I've had a much similar experience with digital signage displays. I bought a few NEC displays cheap for my old office and the picture quality is excellent. Even the no-name OEM displays I bought second hand were acceptable with solid viewing angles and colour reproduction.

When my 15 year old Sony Bravia finally kicks the bucket I have my eye on a 55" 4k Iiyama commercial display to replace it. I made the mistake of buying a 2015 Sony Bravia Android TV for upstairs and it is an utterly painful experience, I don't think I've used it in nearly 8 months now.

https://www.iiyama-monitors.co.uk/products/monitors/le5540uh...

> Samsung QM49N

Great to hear of a model with multiple inputs (2xHDMI 2.0, 1xDVI-D/Displayport 1.2), a quick look at signage screens earlier this year only brought up ones with a single HDMI.

Yes, it even has a infrared remote (same as the TV actually with different) labels and pretty good speakers. But alas, cost is high without a deal.
Seconding this. I'm a big fan of the NEC P462. The port selection is really diverse. DisplayPort, HDMI, VGA, S-Video, Component, Composite... the list goes on. (some adapters from BNC are needed) It also supports sync-on-green. It feels like I could hook up anything to it. I suspect if you go much newer than this model, you'll lose some legacy ports. The remote is also way cooler than a normal TV remote. Inputs have dedicated buttons. I can switch between DisplayPort and HDMI without using a menu. You can also mute the speakers and have headphones plugged into an aux jack for sound.

I found it at an auction by chance and have looked for them occasionally since. I recently got a second one for around $100.

I also remember reading something on r/pihole about Amazon Echo connecting to open networks. The mods took it down then as unrelated. Can't find it now.

Also

> And also would be quite interesting to understand how it works.

What do you mean how it works? If network=open, connect and start uploading.

> What do you mean how it works? If network=open, connect and start uploading.

Except an open network does not mean there's an actual internet connection. Specifically, most "open" networks, require going through a portal to gain access, and while that used to be easy to bypass, it's not so trivial anymore as network admins have gotten wind of the issues.

They probably let port 53 through.
I always read about the DSTVs and Monitors arguments, and every time I see it mentioned I go search for somewhere online where I could buy one (or at least look at some). But every time is a disappointment. All I can ever find is showcase pages from NEC or sellers in the US where you'd have to buy them in bulk.

Is there anywhere that ships to the EU (possibly IN the EU) where I could go take a look and buy one of those DSTVS?

I’ve had the same problem in Australia: luckily it turns out Kogan sells a 55” 4K “HDR10” (yeah not really in practice) dumb TV. $600 AUD, it’s been pretty good. Excellent for the price.
What model is that? I can only find Kogan Android TVs.
I rebooted my router yesterday while watching something. My Amazon Fire stick, upon losing connection with the default wlan, automatically connected to an available, unencrypted Vodafone hotspot from nearby and automatically showed a popup window offering me the different connection options in the middle of the movie. Shady and creepy as hell.
I think amazon offers a mechanism on your Amazon linked devices of sharing wifi credentials. If you had ever fired up an amazon fire tablet or something and connected to that hotspot, the fire STICK may have accessed the wireless history and assumed it was yours to connect to.
No, I never connected to this hotspot that I know of. In Germany Vodafone automatically enables their hotspots on the routers of people.
This only proves the plausibility of the vector, not that it's being used. It seems that it was done in the interests of usability, maybe, but if I worked for Amazon I would have pushed back on this feature: joining a wifi access point without permission is a bad practice, and this would have been very confusing for most users, as well as a security nightmare.
Not only bad practice, but potentially not legal. Whether or not you think it's morally ok to connect to unsecured wifi without consent, in some places the law may prohibit it.
i can confirm that it's illegal at least in singapore
(comment deleted)
I recently bought a Samsung Smart TV (they simply offer good value for such a little price). Best thing to do is to never even start connecting it to a WiFi network and use an external TV receiver. That way it most certainly will not connect to any network whatsoever. I also never agreed to any terms that are on the start display, which may also add to that. Just switch to your Input channel (external device etc..) and enjoy your "dumb" TV.
they simply offer good value for such a little price

That's the root of the problem isn't it. Unrelenting pressure on margins forces these companies to look elsewhere for revenue.

Though even the highest end TVs have these sorts of “features” built in, so it can’t be that simple
>Best thing to do is to never even start connecting it to a WiFi network

That won't stop the issue mentioned here about it connecting by itself (not that I personally believe it will).

I suspect My ISP router to have aircrack embedded...

My personal router got scanned by the ISP router...

dunno what to assume with this now... :Ð

It's like trapped at every turn :D

Friendly yours.

Seems like a great way of creating plausible deniability by those caught doing nefarious things (assuming the case was already weak enough).
I think a bigger risk is a partnership with something Amazon Sidewalk, where it won't be the increasingly rare unencrypted suburban WiFi AP you need to worry about but rather your neighbours digital assistant, speaker, lightbulbs, etc.
I call BS on anyone who claims a TV is using HDMI over Ethernet or some hidden LTE connection.

When I bought my Sony TV I had no idea it was an Android TV until afterwards. I’ve never connected it to my WiFi and it’s never connected up updated itself. I can easily monitor everyone connected to my network.

Consumer Reports has a great article if anyone is interested.

https://www.consumerreports.org/privacy/how-to-turn-off-smar...

Do you mean Ethernet over HDMI? Even though there was a standard and special HDMI cables that claimed compatibility, I don’t think any devices actually implemented it. Well perhaps one device according to this security paper[1] which basically means it’s useless.

I control access by connecting a Samsung TV to my Ethernet network but keep it configured to use WiFi most of the time. I’ve never entered a WiFi password so the network is effectively disconnected until I configure the TV to use the wired connection.

The TV prompts me to use the wired connection when I reboot my router and the link drops and comes back up but I can cancel switching to wired at that point.

[1]: What the HEC? Security implications of HDMI Ethernet Channel and other related protocols Andy Davis, Research Director NCC Group https://research.nccgroup.com/wp-content/uploads/2020/07/44c...

I only have N=1, but I know my LG TV doesn't do that, given how my child loves to grab the TV remote and press the Netflix or Hulu buttons, which opens the app and then complains the TV has no internet access.
The topic is analytics, not video streaming.