itwbennett writes
A week ago, the revelation that Samsung collects words spoken by consumers when they use the voice recognition feature in their smart TVs enraged privacy advocates, since according to Samsung's own privacy policy those words can in some cases include personal or sensitive information. Following the incident, David Lodge, a researcher with a U.K.-based security firm called Pen Test Partners, intercepted and analyzed the Internet traffic generated by a Samsung smart TV and found that Samsung does send captured voice data to a remote server using a connection on port 443, a port typically associated with encrypted HTTPS, but that the data was not encrypted. "It's not even HTTP data, it's a mix of XML and some custom binary data packet," said Lodge in a blog post.
... and this is surprising how?
By Selur
•
2015-Feb-19 03:12
• Score: 3
• Thread
Come on, it would have been surprised if they did encrypt the data in a decent way,...
No Trust
By thegarbz
•
2015-Feb-19 03:15
• Score: 4, Insightful
• Thread
Doesn't encryption imply some level of trust in the other party? I.e. you know who you are sending sensitive data to?
If you don't trust Samsung to receive your personal data (as I'm sure few people do) is it relevant that it's not encrypted?
New term
By SuperKendall
•
2015-Feb-19 03:16
• Score: 4, Funny
• Thread
I think we need a new term for something like this - security through stupidity.
Obscurity means that something is non-obvious enough that it takes work to uncover it.
Stupidity is where the way something is done is so stupid it makes you keep checking for something else going on.
To be fair though, if he just knows the speech captured is a blob of binary data sent but not the format how does he know THAT's not encrypted?