By installing an Android app security experts have turned an Android TV into a transcription engine that listens to all your conversations.
Android TV snooping
Security experts at PenTestPartners has been experimenting with Android TV to see what is possible and they have found out that it is possible to get an Android TV to snoop on conversations in the living room.
- ”You’ll no doubt have seen the snooping Samsung TV we investigated last year… and the snooping Android mobile app we wrote for the BBC a couple of months back. Since then we’ve been trying to combine the two attacks and get an Android-based TV to snoop on your audio. Today we succeeded in getting our rogue android app to work on a Sony Bravia telly,” said PenTestPartners.
The team installed a homemade app on a Sony X80C Android TV (running Lollipop 5.02). The app runs in the background and records all conversations, then transcribes them into text in real-time by tapping into Google’s transcription engine that enables general voice search. The transcribed conversations can then be sent to a PC somewhere else.
Since there is no microphone built into Sony X80C the team had to connect a USB microphone but notes that more expensive TV models come with integrated microphones in the remote control.
Code can be bundled in another app
To do this the user first needs to enable “install apps from unknown sources” and then “side-load” the app.
However, it is noted that the code could be packaged into an official Android TV app such as a simple game and be made available through the Google Play app store. This practice has been used on Android phones in the past.
The Android TV operating system is also used in Philips TVs, Nvidia Shield, Nexus Player, Razer Forge as well as some other products.
So, are you in risk? Probably not but it is a potential risk and highlights one of the many security issues in “Smart TVs”. The team concludes by saying: “I guess the most practical use of this is to snoop on people that you know. What an unpleasant thought!”
Google recently revealed Google Home, a voice-enabled product for you home. The microphone is always on and by speaking commands to it you can control your home and get answers to questions.
PenTestPartners also played a major role in another Smart TV related privacy case by revealing how Samsung’s Smart TVs transmitted audio recordings unencrypted to servers.
