Samsung Smart TV: Basically a Linux Box Running Vulnerable Web Apps

chicksdaddy writes "Two researchers at the Black Hat Briefings security conference Thursday said Smart TVs from electronics giant Samsung are rife with vulnerabilities in the underlying operating system and Java-based applications. Those vulnerabilities could be used to steal sensitive information on the device owner, or even spy on the television's surroundings using an integrated webcam. Speaking in Las Vegas, Aaron Grattafiori and Josh Yavor, both security engineers at the firm ISEC Partners, described Smart TVs as Linux boxes outfitted with a Webkit-based browser. They demonstrated how vulnerabilities in SmartHub, the Java-based application that is responsible for many of the Smart TV's interactive features, could be exploited by a local or remote attacker to surreptitiously activate and control an embedded webcam on the SmartTV, launch drive-by download attacks and steal local user credentials and those of connected devices, browser history, cache and cookies as well as credentials for the local wireless network. Samsung has issued patches for many of the affected devices and promises more changes in its next version of the Smart TV. This isn't the first time Smart TVs have been shown to be vulnerable. In December, researchers at the firm ReVuln also disclosed a vulnerability in the Smart TV's firmware that could be used to launch remote attacks."

Smart is as smart does

[djupedal]

Samsung isn't stupid....either worry about seminar hack-trolls or patent trolls. In the end, what counts is staying in the public's mind. Mission accomplished, I'd say. Wash, rinse, repeat.

Re:

[Hsien-Ko]

Yeah, not much different than a Windows 98-powered Media Center running WebTV.

Re:

[jedidiah]

Much like modern Windows, the problem isn't so much the kernel but the really retarded user land stuff. It doesn't matter if you are running VMS or Unix if you insist on engaging on Microsoft style stupidity with your apps.

Re:Smart is as smart does

[icebike]

Retarded is buying a camera in your TV and only THEN worrying about privacy.

Re:Smart is as smart does

[AmiMoJo]

I worry that it will become hard to buy one without a camera in a few years. Look at laptops, most have a built in webcam now. Years ago when I worked in a computer shop I saw a lot with tape over the camera, and sometimes offered to disconnect the camera and microphone internally while doing other work. Most are just USB cameras and two wire button mics that can be unplugged.

Re:

[exomondo]

Years ago when I worked in a computer shop I saw a lot with tape over the camera, and sometimes offered to disconnect the camera and microphone internally while doing other work.

Really? So the conspiracy theory here is that somebody has remote access to your system and could then conceivably access all your information but the only thing people are really worried about is the potential for somebody to take a photo of them staring at the screen?

Incredibly stupid is as stupid does

[dbIII]

Samsung isn't stupid

Since they have a range of voip phones that crash if you do a simple portscan and they still sell phone switchboard systems that by default can be accessed by telnet with no password I disagree.

There are enough people in that place that do not care about computer security that it comes as no surprise that another wide open box has come out of there. Don't get me wrong, they do have some good stuff, but there's a lack of oversight and if the guys at the bottom of the tree don't care about something there's nobody giving them orders to care.

Re:

[Anonymous Coward]

Freemarket is perfect! /sarc

We need some regulations about not following basic industry standards. Telnet access with no password? That's a fine and people can sue you if they get exploited from the issue.

Re:

[Shark]

People can sue you if you didn't put a 'careful, hot' warning label on a coffee cup. You don't need regulations for that, trust me.

Re:Incredibly stupid is as stupid does

[i.r.id10t]

they still sell phone switchboard systems that by default can be accessed by telnet with no password I disagree.

Not sure how I feel about this. Is no password better than "admin" or "password" or "1234" for the default password? Lets face it, each device that ships is going to have a default way of accessing it for configuration.... The problem really lies with the people that *leave* it at that configuration.

Re:

[serviscope_minor]

Lets face it, each device that ships is going to have a default way of accessing it for configuration.... The problem really lies with the people that *leave* it at that configuration.

No and no in that order.

In the UK all wireless routers built into ADSL modems shipped by the major ISPs come with a unique random default wifi password. The password is printed on a card or sticker on the modem. A hard reset resets it back to this unique random default. Most people never change it from the default and the defa

Re:

[Richard_at_work]

Actually, for Sky, Virgin, O2 and Plusnet routers you can derive the wifi password from the SSID...

Re:

[serviscope_minor]

Actually, for Sky, Virgin, O2 and Plusnet routers you can derive the wifi password from the SSID...

Oh that's sad :(

Given that each one has minor customization in the firmware, it would clearly be _possible_ to make it secure by default. The trouble is that if you get unqualified people to do security then it never will be.

Re:

[Cid Highwind]

The problem (as always) is with people. People are going to unpack their new router, pull out the card marked "STOP! IMPORTANT! DO NOT THROW AWAY THIS CARD!" with the secure random passwords on it, join all their devices to the network, then put the card in a pile with all the other very important cards marked "STOP! IMPORTANT! DO NOT THROW AWAY THIS CARD!" like the warranty registration form and the certificate of compliance from the Icelandic telecom ministry.

Six months later, they'll "clean up" the offi

Re:

[dbIII]

The problem really lies with the people that *leave* it at that configuration

The Samsung techs that install it.
Next?

Re:

[mcgrew]

I'd say that anyone buying a TV with a microphone is the stupid one. Lets hope people are smart enough to kill this stupid NSA wet dream.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[bmk67]

Your phone requires a microphone. Your TV does not.

Re:

[exomondo]

Your phone requires a microphone. Your TV does not.

So? Your phone doesn't require a camera or an internet connection but the vast majority have them.

Re:

[mcgrew]

It won't pick up much sound closed and in my pocket. And you need a microphone in a telephone, having one in a TV makes no sense.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[i.r.id10t]

The only things I've done wiht my (camera-less and microphone-less) Samsung Smart TV is watch the occasional youtube video with the kids and use the netflix built into it.

And since if the kids get into Netflix it eats my bandwidth so I can't play Xonotic, I usually just leave the TV's network cable unplugged. Fairly secure, no?

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[tlhIngan]

The problem (as always) is with people. People are going to unpack their new router, pull out the card marked "STOP! IMPORTANT! DO NOT THROW AWAY THIS CARD!" with the secure random passwords on it, join all their devices to the network, then put the card in a pile with all the other very important cards marked "STOP! IMPORTANT! DO NOT THROW AWAY THIS CARD!" like the warranty registration form and the certificate of compliance from the Icelandic telecom ministry.

Six months later, they'll "clean up" the offic

1984 has finally arrived ...

[cascadingstylesheet]

... the telescreen watches you.

Re:

[Anonymous Coward]

The people with the power watch the people with less information. This way in case one of the proles wakes up with information that counters the propoganda, he probably goofed on the Internet somewhere, even a misclick could be used against him. Once you watch what everyone is doing, you can pick and choose your political enemies you want to sit down. Hitler knew this. I guess they needed to wait until the people who fought Hitler were mostly old and dead before they tried this. Sure, it sounds good to

Re:

[Cro Magnon]

... the telescreen watches you.

I didn't realize Samsung was a Soviet company.

Re: 1984 has finally arrived ...

[marcello_dl]

you are perfectly right. the second part of the problem, though, is that the system with its banks and investments prefers clueless managers that roam unrelated industries in their careers than leaders with expertise in the field who obey to different sets of rules than the immediate carreer advances. who wields financial power wants people who bend to financial power.

Yep.

[Anonymous Coward]

I have two Sam'sDung SmartTVs. Yes, all these TVs are glorified Linux boxes running a badly collected series of apps. There is little to integration. Some won't accept keyboard input while other do. You either watch TV or run an App. Most apps are poor. The browser won't run most web pages and crashes. Yes, crashes. In this day in age it is hard to believe in your browser crashing nearly every time you try to use it.

As for security, I no longer use any of the apps as none are worth anything. Netflix is okay but not great but since I've gone back to DVDs from streaming I am blocking the ports (6000 mainly and I forget if another is in use) to stop the TV from phoning home every time it is turned on.

I blocked the ports because my firewall was showing connections to my LAN from very strange locations; Brazil, Japan, Russia. The problem is that Samsung's 'partners' are unknown to me and I'm sure it is these apps that doing the calling out. Who knows who wrote them, what is in them, and what they can really do.

The TV isn't bad when hooked up to my modified version of the PS3 media server project.

Re:

[spire3661]

Can these Samsung Smart TVs be made to ignore all the convergence stuff and just be a monitor?

Re:

[vux984]

Can these Samsung Smart TVs be made to ignore all the convergence stuff and just be a monitor?

Yep, mine doesn't have a network cable or wifi connections. In fact all it has is one HDMI cable running up from my receiver. That's it.

The Wii/WiiU/HTPC/BRAYDVD/DVR etc are plugged into the receiver. The receiver isn't internet connected either.

When I want to do something online, the HTPC has internet access, and the Wii's can go online if necessary, but its not usually necessary.

As you can imagine the salesmen's

Re:

[drinkypoo]

All I cared about was brightness, black levels, and other characteristics of the LCD panel

And you still bought a Samsung TV? Methinks price was a major factor.

Re:

[vux984]

And you still bought a Samsung TV?
Methinks price was a major factor.

Lol, I bought a Sharp actually; and it wasn't at the budget end of the lineup, but yes, price was a factor.

Re:

[drinkypoo]

Lol, I bought a Sharp actually; and it wasn't at the budget end of the lineup, but yes, price was a factor.

Well, price is always a factor. I have a Sharp TV too :)

Re:

[spire3661]

Yes i realize that of course. Here is some clarification. Does it nag you because you dont have internet hooked up? Can you NOT see the links to the web services if you jsut use the TV normally or is it in your face?

Re:

[vux984]

Does it nag you because you dont have internet hooked up?

Full disclosure... I've actually got a Sharp not a Samsung.

But no, not one bit. It doesn't nag or complain about internet until I go into the menu and actually select one of the apps, e.g. netflix etc. It otherwise behaves as a monitor, and all I ever do is turn it on or off. Because all the switching is done at the receiver, I don't even switch inputs.

Its entirely possible though that there are TVs that are more intrusive about how "smart" they are.

Re:

[tlhIngan]

Can these Samsung Smart TVs be made to ignore all the convergence stuff and just be a monitor?

Last I checked, you needed a network connection for this stuff. So all you need to do is... not plug in the network cable. Or configure the wifi.

So just use it as a TV and you're golden. No one says you have to plug in every cable the TV supports.

Of course, I suppose a smart Smart TV might try to use the ethernet-over-HDMI function ...

Re:

[emag]

And people tell me that after my horrific Hamstrung experience with one of their pump & dump phones, I'm stupid for refusing to consider any electronics from them ever again...

Re:

[symbolset]

Samsung is a global conglomerate that makes 750 models of Android smartphone - and each model can have several variants. I believe they have a few feature phones too. Each is targeted at a different consumer. Some are for the most price sensitive, some the most demanding of cutting edge features, some for those who crave only the most open phone. If you want to be helpful maybe you could mention the specific model that raised your ire? And then maybe the selection criteria and buying process that led t

Re:

[21mhz]

1. Yes, if you buy crap just b/c it's cheap, you're a "schmuck".

I buy products that do what I need, and I don't want to pay more just because the manufacturer thinks the customer buying cheap products don't deserve quality.

2. There's not that many brands that make hardware with no defects. Especially if it's something new.

The topic of this discussion is software. There are some brands that ship software which does not act like it's been coded by a bunch of nincompoops and barely made to pass a fairly superficial set of checks. I've learned from experience that Samsung is not one of these brands, so it is excluded from my purchase decisions.

Re:

[symbolset]

I love my two Samsung LED SmartTV HDTVs. I have a 50" and a 55". The picture is glorious. I love how slim they are. The smart TV feature though? That's an implement of torture. Certainly they never intended it be used - it's just one more logo that has to be on the box. It's a big monitor. The audio is okish, for audio that's integrated into a TV, but that's not saying much. I don't use the speakers either. Frankly I almost never use the tuner either.

I don't think anybody in their right mind lets

Re:

[tepples]

who in their right mind would buy a TV with a webcam in it in the first place?

What solution do you recommend instead for video chat with relatives without having to interrupt another household member's use of the family PC?

Family-to-family

[tepples]

A tablet is fine for single-person-to-single-person chat, but it's sort of hard to use a tablet for family-to-family chat because the built-in display is so small. Besides, if the only thing one would do on the tablet is video chat, a TV with a camera is probably cheaper than a dumb TV and an iPad.

Re:

[tepples]

Except the average family PC's display is also too small for the whole family to fit around. Or at least that's what the resident console fanboys continue to remind me of in console war articles.

Re:

[tepples]

you move your goalposts

How should I know in advance how much detail to state up front?

Re:

[BitZtream]

I know people are worrying about turning on the TV's webcam, to which I would ask who in their right mind would buy a TV with a webcam in it in the first place?

Anyone who likes the concept of video conferencing with loved ones around the globe by just using their TV.

I realize thats not what actually happens, but I'd love if I could do FaceTime on my TV with a built in camera and no laptop/phone.

Second try

[tepples]

Trying again, with the goalposts in the correct places in the direct reply:

What solution do you recommend instead for a living roomful of relatives to video chat with another living roomful of relatives? In my case, one end lives in Indiana and the other end in Arizona or Florida. People would choose a smart TV with a webcam for this because most people are unwilling to put a PC in the living room and use a TV as its monitor.

Re:

[symbolset]

A tablet or phone. We already have those, they already have connections for the TV either wired or wireless, they have every sort of video chat option imaginable and will continue to do so because they number in the billions. And we know when they are looking at us; they turn off.

Re:

[symbolset]

I have all of these things too and I only use Linux on my personal PC. It would be nice if Chromecast supported Linux on launch day, but I'm sure somebody will figure that out shortly. But everyone in the house from 4YO up has an Android tablet or phone or iOS device or more than one, and they all connect to the big screen with HDMI or Miricast or adapter or something. It's not like lack for ways to throw stuff onto the screen. None of those other ways have the terminally painful method of interacting w

Re:

[Snotnose]

My PS3 does the same. I farked up my laptop a couple months ago and tried to use my PS3 to get info on how to fix it. Pretty much everything past google crashed the PS3 web browser.

Re:

[MMC Monster]

Couldn't you just disconnect the TV from the internet? Or am I missing something?

Re:

[EmperorArthur]

The TV isn't bad when hooked up to my modified version of the PS3 media server project.

That's why. I'd love to hack one of these just for the hell of it. It might not have much internal storage, but other than that It would probably make a neat HTPC.

Remember kids, there is no difference between a jailbreak and a security vulnerability.

Re:

[Curupira]

I'd love to hack one of these just for the hell of it. It might not have much internal storage, but other than that It would probably make a neat HTPC.

Well, there IS a suitable project for this... SamyGO [samygo.tv] is a custom firmware for Samsung SmarTVs.

Re: Yep.

[fuzzyfuzzyfungus]

Why does connecting the PS3 to the network require the TV to be connected to the network too? Can't the PS3's TV output be connected to the TV's signal input?

"The PS3 media server project" is a UPnP/DLNA media server [ps3mediaserver.org] originally designed to stream media to PS3s (hence the name). In this case, somebody apparently has the TV directly connecting to the media server software running on their computer, skipping the need for some sort of streamer box.

Re: Yep.

[OverlordQ]

Real nerds wouldn't buy a smart tv since all those apps are outdated as soon as you buy it, rarely get updated, and have limited functionality. Real nerds would build a HTPC.

Re:

[dbIII]

Or just run a HDMI cable across the hall from their real PC.
There's also projects like open source firmware for things like set top boxes - there's a little western digital one a few years old, and I haven't been paying attention for a while so for all I know there could be the same sort of thing for the smart TVs.

Re:

[gman003]

Many "real nerds" would build an HTPC rather than run a cable from one of their current PCs, since that gives them an excuse to buy new hardware to play with.

Purse strings

[tepples]

In a lot of households, the geek/nerd doesn't control the entertainment purse strings. So the geek has to build what amounts to a business case as to how it would serve others in the household, even while the geek isn't present for training others in the use of the system (and inevitable retraining when the non-geek forgets how to operate a feature).

Ground loops

[tepples]

Or just run a HDMI cable across the hall from their real PC.

Which can be a pain when someone in the household wants to use PC while someone else wants to watch TV. Or when the PC and TV are separated by two or more doorways. Or when one fears ground loops, as in adolf's comment [slashdot.org]: "I'm not lugging my desktop between rooms or stringing destructive ground-loop-ridden HDMI cables around the house so I can [use] my PC on my BFT in my living room."

Re:

[antdude]

And smart TVs cost more. Why waste money on features that you don't use like 3D, apps, etc.?

Re:

[gl4ss]

they don't cost more.. that's pretty much the point why they're putting them in.

shit cheap arm cpu's and shit cheap software.

Re:

[antdude]

Interesting. I guess one is better to buy with those useless/crappy features then?

Re:

[AmiMoJo]

Depends what you want. I have a HTPC but still use my Panasonic smart TV's media player most of the time. It doesn't have to boot up, doesn't use extra electricity, can be controlled with a single remote and plays most stuff fine. I also use the YouTube app to watch my subscriptions, and of course iPlayer.

While not perfect in every way these functions are more than adequate most of the time and very convenient. The biggest let down is that they randomly decided to disable THX picture mode in the media playe

Re:

[vettemph]

Real nerd here. My 55" Sansung Smart TV is just a monitor for camcast's cable box (soon to be verizon?) and a Ubuntu Gnome type setup. Why would you mess with some other interface when you could have pure linux or even a pure Android experience via HDMI dongle like the mk809's etc..

Re:

[xeoron]

I don't believe that. I may have a smart tv, but I rarely use it for those features (which are often turned off), since I have a 3rd Gen Roku that I use for Netflix, Amazon Video, and my favorite channel Plex to play all my content (music, pictures, videos, custom plex web- content channels) that are hosted on my Mac Mini Plex Server (works on other Roku versions, but I was finding it sluggish to get content loaded on a my 1st Gen, while fast on the 3rd gen). I bought Panasonic 42inch 2013 smart tv on sale

Non-nerds prefer convenience

[tepples]

Real nerds would build a HTPC.

Unfortunately, real nerds are vastly outnumbered by non-nerds who prefer a conveniently curated experience to an open one with more selection (and thus more 90% crap [tvtropes.org]), and the resulting lack of economies of scale is why HTPC kits are hard to find in national chains.

Re:

[spire3661]

Antenna Win 7 DVR (w/nightly compression) has been up for 3 years. Win 7 off-site DVR w/CableCARD has been up for 2 years. NO administration required beyond initial, cheaper then a TiVo and MUCH more flexible. If you design something to function as an appliance, with a defined role, its easy to keep admin to a minimum.

Personal Media Center Samsung TV

[Chompjil]

All I have to say.....

Re:

[Chompjil]

I think it was supposed to output Personal Media Center > Samsung TV

To bad cable card failed and there has been little

[Joe_Dragon]

To bad cable card failed and there has been little to replace it.

tru2way and RVU are there in small numbers but you are still stuck with the cable or sat GUI that kills off most of real use of an smart tv.

Re:To bad cable card failed and there has been lit

[spire3661]

My Win7, 6 tuner CableCARD setup says LOL

Re:

[Joe_Dragon]

well maybe your cable system works goods others have to dealt with lot's of people at the cable co with know little about cable card or needed to call up and say I need to be in the Lsports pack and not the sports pack to get the HD channels in it.

Re:

[symbolset]

Pay cable TV? People still do that?

It's the leagues

[tepples]

As long as major professional and collegiate sporting leagues sell broadcast rights to an event exclusively to a cable channel, people will still pay for cable.

You all missed the point

[aaronb1138]

Thanks to bad headline choices you all missed the point. Samsung provided a ripe platform for hacking and development by making root easy (just like with their smart phones).

Shut up and get to work porting XBMC to it already.

Re:

[Smegoid]

For what it's worth, there's a very decent Plex client that is under active development (check the plex forum). This app is why I went with smart tv. All the perks of plex/xbmc without another bloody roku/htpc box to drive it.

Re:

[aaronb1138]

There are two bigger issues in the giant pile of FUD that the security community has been gravitating towards in favor of higher paychecks and less rather than more informed users. The first is defining the scope of damage. What can a hacker *do* with a compromised smart TV, versus how likely is the end user to just factory reset an oddly acting set. The second is ignoring multiple user failure steps as somehow being the software's fault. The latest HTTPS hack is a complete fabrication of an issue. Ass

Re:

[EmperorArthur]

This is how Terry Childs [wikipedia.org] caused so much damage. The city paid people a ridiculous amount of money to audit everything. That's mega corps and government for you. Spend millions of dollars on after the fact security and blame it all on one person.

On the other hand, I have no problems with someone who is being payed $400/hr. It's the people that are crazy enough to pay them that much I have a problem with.

Re:

[aaronb1138]

$400 / hr seems to be the sweet spot most "security only" firms charge. Sadly, most of them can only tell you the problems, nothing about solutions especially when it gets to platforms not Cisco or Microsoft. Most of the "security only" firms just run script kiddie checks and occasionally compile a pre-built list of CVE numbers based on software / firmware revisions installed on equipment. A more fair rate is $150-250 and your average consultant who can actually configure your hardware can do the audit a

Re:

[phantomfive]

Shut up and get to work porting XBMC to it already.

Well that motivated me to do it for you.

Re:

[aaronb1138]

Thank you for identifying yourself. I'd rather not work with people who can't appreciate the subtle humor of the stereotyped, "Shut up and get to work..." meme. Actually, seeing someone laugh at an over the top delivery is a great way to figure out who had to work through high school / college in the service industries. This is usually a good way to filter and find people who can pinch hit and knock stuff out of the park when everyone's back is to the wall.

Re:

[phantomfive]

We'll aren't you a riot.

Not specific to Samsung

[confused one]

This description is not specific to just Samsung. Other manufacturers follow the same pattern with their smart TVs

Samsung is still the king

[petermp]

I own both LG(2013) and Samsung(2012) Tvs. I bought it on purpose w/o camera ;-) However Samsung is still the king, apps are much more polished,DLNA works MUCH better. However you realize that after you buy something different from Samsung. If you use DLNA a lot, Samsung is the only way to go.

"Smart" is nice

[istartedi]

"Smart" is undergoing a semantic evolution similar to that of nice [hull.ac.uk]

Re:

[JustOK]

Nice.

Re:

[Shark]

Smart.

If you complain too much

[Tablizer]

...they'll put Windows 8 on it

Re:

[BitZtream]

I'd FUCKING LOVE for a TV to come with Windows 8 Media Center, 3 or 6 Cable Card Tuners and a network port so it could feed WMC extenders and use an NAS for storage. Its only competition in the DVR arena is TV.

But don't let ignorance get in the way of your fancying.

Samsung is a HW company

[drolli]

I own several samsung devices and i am extremly happy with the hw quality/price ratio.

But: Samsung, your software sucks. Deeply.

-Updates are late, incomplete and appear only until 1y after the products release (recently flashed my 1st gen galaxy tab to cyanogenmod and yeah - it runs better now)

-The crapware bundled on the device looks like it was specified by some management monkey and implemented by a intern. It suck the battery empty is most likely riddled with security holes

-Even talking to the devices

CyanogenMod for TVs

[DrYak]

-Updates are late, incomplete and appear only until 1y after the products release (recently flashed my 1st gen galaxy tab to cyanogenmod and yeah - it runs better now)

Yup, and actually Cyanogen is part of the answer.

What we definitely need is a very good quality 3rd party opensource firmware suite for "glorified linux set top box" WebTVs.

We have CyanogenMod for Linux/Android phone (and look how successfull and what good quality the results are. You're far from the only person with a "Got fed up with the delay/absence of firmware from my hw manufacturer, so I switched to CyanogenMod and my life is now full with rainbows"). Some hw manufacturer are even jumping aboard the

Re:

[drolli]

It makes me happy because i can root the android device and disable the unneeded parts.

It makes me happy because i have the choice to buy a perfectly fine monitor/tv (without smart shit) in it for 150 Euro. If i want smart shit on my tv i will add a 70 Euro Android stick.

It makes me happy because my note 2 has all the HW i could need in it.

Re:

[Zynder]

The point is, YOU AREN'T A REAL GEEK. There are no true Scotsmen either btw. If something is spectacular hardware-wise and you happen to be a software geek then you can see the potential. To use your car analogy, no it isn't good cause you immediately went to the "shop" to fix your problems. Geeks fix and mod our own shit. We don't ever take it to the "shop". If you don't know how to fix your car then yeah, you'll want to buy one that just works. But I happen to be a great mechanic and so I'll take y

webcamera's lid conspiracy theory

[Max_W]

Why there are no web-cameras with a lid? It is so obvious and inexpensive to install a small light lid on a web-camera and microphone to control them physically. Still it is never done.

When something is closed with a physical lid, it is closed 100%. No way to open it for eavesdropping from network.

Re:

[Shark]

I'd go with a mechanical toggle switch.

Get a Roku or ????

[Monoman]

This is what happens when companies do stuff outside of their core competencies. They tend to do things half-assed (knowingly or unknowingly). There are better devices out there that are specifically built to do what "smart" TVs are poorly attempting.

As usual, you get what you pay for.

Keep your smart TV dumb

[davidshewitt]

I just got a smart TV, but I've left it entirely disconnected from the network. I connected a Debian box running XBMC to it. I trust that machine far more than whatever is running on the smart TV. The rule for my trusted network is: if I don't have root, it's not trusted. And root is a necessary, but not sufficient condition for trust. For example, my Kindle is rooted, but I still don't entirely trust it since Amazon still has remote control over it.

Re:

[FaxeTheCat]

Don't forget about the microphone!

Until NSA characterize a roomfull of people telling really bad jokes as an act of terrorism, my family is safe.

Re:

[BitZtream]

Aren't you special, you can use someone else's code to annoy the piss out of someone who provides for you. Congratulations, you are one of the dictionary definitions of a douche bag.

You should go apply to work with Gawker media, Gizmodo loves guys like you. They'll give you a universal remote and call you a hacker for turning of conference TVs.

You'll be so leet.