Not only hackers threaten the privacy of TV viewers. A study by eBlocker reveals how intensively manufacturers, tracking services, and TV stations can use smart TV devices to retrieve usage data from their customers or viewers and condense them into precise personality profiles.
Permanent Data Flow Even in Standby Mode
Based on a 2016 Samsung Smart TV Series Survey (UE40K5579), eBlocker found that personal data, such as its IP address, is permanently dissipated to a variety of data collectors. This happens without interaction and without the use of smart TV functions such as streaming, HbbTV or voice control. Such data leaks also occur in standby mode, ie when the user actually assumes that this device is turned off. In the investigation, Samsung’s smart TV proved little security in terms of data protection.
It is frightening, moreover, that the data transmission through configuration settings was not readily available, which entails greater risks for the privacy of the user. Last but not least, clear identifiers, which do not change even after the device has been switched off and on again, allow the user to be recognized again and again throughout the life of the Smart TV and across all data collectors.
Manufacturer and TV Stations as a Data Collector
In particular, the study unmasked the device manufacturer – in this case, Samsung – as an eager data collector. For example, during the investigation, Samsung received a very accurate picture of the user’s overall TV behavior, the use of interactive HbbTV offers, installed and used apps.
Even TV stations can get accurate information about how often and which broadcasts someone sees or what interactive offers he uses. Most TV broadcasters also use so-called “third party” data collectors such as Google, Netflix, Amazon and Co. With the unique device ID of a Smart TV, these third-party data collectors can create an accurate user profile across virtually all TV viewing.
“I’m shocked how Samsung’s Smart TV neglected security and to what extent the collection of user data on the device we tested has taken place,” said Christian Bennefeld, tracking expert and CEO of eBlocker. “We had already suspected third-party vendors in the context, but that the device manufacturer monitors his audience so intensively, I almost lost my speech.” Bennefeld is particularly outraged by “The fact that the user can not object to this data outflow via the Internet connection”.
Exact Personality Profiles Possible
Full monitoring of viewers’ television consumption, as well as the use of apps and other Smart TV features, can be used to derive precise characteristics that provide information on the creditworthiness, place of residence or religion of Smart TV users, for example. Thus, by the IP address of the user, the place of residence and in metropolises even the district of the user can be identified. Also, the level of education of a spectator is easily comprehensible on the basis of his viewing habits.
On the basis of such information, it is possible for providers to adjust their prices for goods and services in Internet shops depending on education, creditworthiness and place of residence. This process often referred to as price discrimination or dynamic pricing means that users are shown different prices for the identical product at the same time and at the same provider. An example: If you live in a coveted and expensive district, you pay a higher price for the same piece of furniture at the online retailer.
Samsung Smart TV: Safety Thanks to eBlocker
In the September 2016 test, the eBlocker was used to log and analyze the http and https requests submitted by the Smart TV. In addition to the protection of HbbTV users, the eBlocker is able to actively prevent requests for data collectors and profile creation. Thus, for example, the viewer is also protected from data tapping by the manufacturer of the television.