Is Your Smart TV Spying on You?
Page 1 of 3 1 2 3 LastLast
Results 1 to 10 of 21
Like Tree65Likes

Thread: Is Your Smart TV Spying on You?

  1. Top | #1
    MDrew's Avatar
    Join Date
    May 2013
    Last Online
    Yesterday @ 12:10 PM
    Location
    S.E. WI
    Posts
    3,902
    Thanks
    276
    Thanked 632 Times in 408 Posts

    Is Your Smart TV Spying on You?

    Consumer Reports was looking at security of smart TVs and found not only do many of them have security problems, many require you to agree to them keeping track of what you watch. Basically if you don't agree your smart TV becomes a dumb TV. Everything you watch is reported to the manufacture to target ads to you. Either through the TV or your smartphone if you use that as a remote control.

    https://www.consumerreports.org/tele...reports-finds/
    Mike

    Sometimes I'm only funny to myself.

    300, 140, 318, 430, 314, 110. Brinly plows, disk, 80 cart, couple of 49 blowers, 3 54 blades, 33 tiller, tilt dump MCS, HPX Gator, CS Gator, Model A. Struck MD 750 w/bucket and hoe.
    Drew's Performance: We screwed the last guy so we can pass the savings on to you.

  2. Remove Advertisements
    GreenTractorTalk.com
    Advertisements
     

  3. Top | #2
    Bubber's Avatar
    Join Date
    May 2012
    Last Online
    Yesterday @ 09:14 PM
    Location
    Georgia
    Posts
    3,580
    Thanks
    445
    Thanked 601 Times in 385 Posts
    Yup and if you have a dumb tv and a cable box, guess what your cable company is doing when you are flipping channels, using their dvr, watching on demand, etc...

    You really have to put up an antenna to watch content without being tracked.
    Kennyd, pcabe5, Tomfive and 5 others like this.
    2014 2032r Classic...


    -Dan

  4. Top | #3
    BigJim55's Avatar
    Join Date
    Nov 2013
    Last Online
    Yesterday @ 01:30 PM
    Location
    Schellsburg, PA
    Posts
    11,138
    Thanks
    3,002
    Thanked 1,381 Times in 1,084 Posts
    Quote Originally Posted by MDrew View Post
    Consumer Reports was looking at security of smart TVs and found not only do many of them have security problems, many require you to agree to them keeping track of what you watch. Basically if you don't agree your smart TV becomes a dumb TV. Everything you watch is reported to the manufacture to target ads to you. Either through the TV or your smartphone if you use that as a remote control.

    https://www.consumerreports.org/tele...reports-finds/
    was just on the nightly news here. wife says see-someone is watching u--i said to her-well i hope i get a few pennies for my contributions of what i watch.

    jeeper's in the past 5 to 6 yrs since i've been off work, i highly doubt if a giant warehouse has room to store the info on what i have watched on tv, net flix, amazon, etc.
    pcabe5, MDrew, spferdil and 4 others like this.
    jim

    2006 2520 mcut, 2004 x475, 1953 model 50, 1985 318-was my Dad's,
    king kutter tiller-60", frontier-stone rake, jd-4ft brush hog, frontier-6ft back-blade, frontier-forks, 48 inch forks,
    2-54inch jd snow plows, jd-5ft-pull brush hog,

    2018 835R gas model gator-"aka" the Cadillac i say!! 6ft jd snow plow-which already has a dtac out on it. i got just about everything on it i could at the time

  5. Remove Advertisements
    GreenTractorTalk.com
    Advertisements
     

  6. Top | #4
    tomd999's Avatar
    Join Date
    Jun 2011
    Last Online
    06-30-2019 @ 10:15 AM
    Location
    Manchvegas, NH area
    Posts
    1,965
    Thanks
    0
    Thanked 422 Times in 285 Posts
    Hiya,

    I knew it, my buddy's dad was right, he used to tell everyone the big red eye on the front of the cable TV box that they installed back in the late 70's was filming what they did in their living room, we all laughed at him, who knew he was 40 years ahead of the times.....


    Other IoT reads

    175,000 IoT cameras can be remotely hacked thanks to flaw, says security researcher | ZDNet

    https://hackernoon.com/iot-hacks-and...s-347dbe2ef98c


    https://www.sans.org/reading-room/wh...ineering-37825
    pcabe5, MDrew, BigJim55 and 3 others like this.
    2010 3320 Cab
    Loaded R3's, 300CX w/3rd SCV
    61" HD-Tooth Bar, 72" HD-bolt-on edge, Frontier Forx
    "A" front hitch, Mid-PTO, Air ride seat, Horn, Back-up alarm, Rear work lights, External mirrors, Auto cruise
    60HD broom. 366 Blade, 59 blower, i-Match
    Looking for: Rear Wheel Weight Set

    Stuff for Sale:
    New 200CX/H130 Masts 25/2720-2032R
    New Jamison Bryce adapter, cart and chute

    “Suppose you were an idiot, and suppose you were a member of Congress; but I repeat myself” Mark Twain

  7. Top | #5

    Join Date
    Sep 2015
    Last Online
    Yesterday @ 08:15 PM
    Location
    Burton, Ohio
    Posts
    2,723
    Thanks
    532
    Thanked 433 Times in 342 Posts
    George Orwell was right on the money with 1984...
    MDrew, BigJim55, spferdil and 2 others like this.
    1025R FILB, vintage: 2015
    54D MM mowing deck
    Imatch hitch
    2 inch receiver for three point
    "18" cart
    Piranha Tooth Bar
    Ken's hooks and differential lock pedal
    Artillian 36" forks
    Stihl equipment: Saws; MS261C, MS462C, MS661RCM and Blower; BR600 and Trimmer; FS70R and Hedge Cutter; HL 56K and Pressure Washer; RB400
    Husky log splitter

  8. Top | #6
    BigJim55's Avatar
    Join Date
    Nov 2013
    Last Online
    Yesterday @ 01:30 PM
    Location
    Schellsburg, PA
    Posts
    11,138
    Thanks
    3,002
    Thanked 1,381 Times in 1,084 Posts
    Quote Originally Posted by Jeff B View Post
    George Orwell was right on the money with 1984...
    ok-who or what did george know back then.

    sorry i guess i could of googled him, but on the news tonight it showed how google is watching me too.
    jim

    2006 2520 mcut, 2004 x475, 1953 model 50, 1985 318-was my Dad's,
    king kutter tiller-60", frontier-stone rake, jd-4ft brush hog, frontier-6ft back-blade, frontier-forks, 48 inch forks,
    2-54inch jd snow plows, jd-5ft-pull brush hog,

    2018 835R gas model gator-"aka" the Cadillac i say!! 6ft jd snow plow-which already has a dtac out on it. i got just about everything on it i could at the time

  9. Top | #7
    sennister's Avatar
    Join Date
    Dec 2015
    Last Online
    Yesterday @ 09:48 PM
    Location
    Twin Cities, MN
    Posts
    2,092
    Thanks
    30
    Thanked 224 Times in 185 Posts
    I am just wrapping up a project to completely redesign my home network. I went with a Ubiquity Edge Router X and several managed switches. It started because we started adding more IoT devices on our network and I have been building homemade home automation equipment. Mainly starting with voice control for things in my shop to work out the bugs before implementing it in the house. I didn't like all these things on my network so I went with a more intelligent router and managed switches so that I can create Virtual Local Area Networks (VLANs). By doing this and using firewalls on the router I can completely isolate the IoT VLAN from the rest of my home network. Because I only have a single gigabit copper run to the shop meant I had to do VLANs. Once I had the hardware I expanded it further so the Kids have their computers on a separate VLAN so that the DHCP Scope hands out different DNS settings which also limit what they can go to yet my network has full access to anything. Currently I am up to 5 VLANs but I am still making tweaks. Next on the list is to replace my Wireless Access Points with ones that can do VLANs as well.
    MDrew, mark02tj, johnH123 and 1 others like this.


    JD Z950R 60" Deck with DFS Collection System

    JD X585, 54C deck,
    CTC Model X4750 F.E.L - Modified Imp Pressure Relief from 900 to 1175PSI, Power Flow and MC519 cart, 54-inch Quick-Hitch Front Blade, 47-inch Quick-Hitch Snow Blower, 3-pt hitch, HF Quick Hitch, Heavy Hitch, 48" box blade/rear blade, Dethacher, 3pt Sprayer

  10. Top | #8
    tomd999's Avatar
    Join Date
    Jun 2011
    Last Online
    06-30-2019 @ 10:15 AM
    Location
    Manchvegas, NH area
    Posts
    1,965
    Thanks
    0
    Thanked 422 Times in 285 Posts
    Quote Originally Posted by sennister View Post
    I am just wrapping up a project to completely redesign my home network. I went with a Ubiquity Edge Router X and several managed switches. It started because we started adding more IoT devices on our network and I have been building homemade home automation equipment. Mainly starting with voice control for things in my shop to work out the bugs before implementing it in the house. I didn't like all these things on my network so I went with a more intelligent router and managed switches so that I can create Virtual Local Area Networks (VLANs). By doing this and using firewalls on the router I can completely isolate the IoT VLAN from the rest of my home network. Because I only have a single gigabit copper run to the shop meant I had to do VLANs. Once I had the hardware I expanded it further so the Kids have their computers on a separate VLAN so that the DHCP Scope hands out different DNS settings which also limit what they can go to yet my network has full access to anything. Currently I am up to 5 VLANs but I am still making tweaks. Next on the list is to replace my Wireless Access Points with ones that can do VLANs as well.
    Hiya,

    The one weak point in the consumer grade network hardware is the security of the chipset to be accessed using a known root equivalent account, not the root/admin account. Consumer equipment has this type of access to make patching and upgrading easy for the end user. The accounts and PW's are well known on the darkweb so once someone figures out what brand of hardware they are dealing with, they are 1/2 way to getting in. Enterprise FW hardware, for example Cisco, Palo alto, Checkpoint etc. don't use this secondary root account system.

    Another caution is that any wireless AP's and IoT devices also have this type of attack vector, even if you have segmented them on a unique vLAN and changed the root/admin PW, they can still be accessed by someone that can capture traffic off the wi-fi. It is very easy to spoof a MAC address and wifi encryption can be decrypted in minutes using the encryption options in consumer grade AP's and routers. WPA-2 PSK can be decrypted with just 4 packets is what I'm reading. If you want to really secure your wifi you need to stand up a Radius server and issue your own certs and encryption. Also, turn off SSID broadcasting for your WiFi AP's

    One of the simplest ways to segment a network is to set up multiple FW's and create DMZ's for devices you don't want to have talking to the protected networks. For my home network, I went with a 3 FW tier using 3 separate non-routable address ranges and kept the highest value traffic on the inner most network. The FW's are all different brands of used enterprise equipment as are the layer 2 and 3 switches, this way the same attack vector that works for the first in the chain won't work for the 2ed or 3rd and since they would have to deal with non routable address', it makes hopping to the 2ed one a lot more difficult. The AP's are also enterprise grade using Radius and VPN. Not that I need this level of security as my property is rural and large enough they they would need to be on my property to be in range but when I lived next to a university, my wifi was probed daily, I eventually setup a live CD Linux honeypot on it's own AP that would keep them occupied and distracted from my real network.
    2010 3320 Cab
    Loaded R3's, 300CX w/3rd SCV
    61" HD-Tooth Bar, 72" HD-bolt-on edge, Frontier Forx
    "A" front hitch, Mid-PTO, Air ride seat, Horn, Back-up alarm, Rear work lights, External mirrors, Auto cruise
    60HD broom. 366 Blade, 59 blower, i-Match
    Looking for: Rear Wheel Weight Set

    Stuff for Sale:
    New 200CX/H130 Masts 25/2720-2032R
    New Jamison Bryce adapter, cart and chute

    “Suppose you were an idiot, and suppose you were a member of Congress; but I repeat myself” Mark Twain

  11. Top | #9

    Join Date
    Sep 2011
    Last Online
    @
    Location
    Central CT
    Posts
    2,334
    Thanks
    6
    Thanked 220 Times in 174 Posts
    Quote Originally Posted by sennister View Post
    I am just wrapping up a project to completely redesign my home network. I went with a Ubiquity Edge Router X and several managed switches. It started because we started adding more IoT devices on our network and I have been building homemade home automation equipment. Mainly starting with voice control for things in my shop to work out the bugs before implementing it in the house. I didn't like all these things on my network so I went with a more intelligent router and managed switches so that I can create Virtual Local Area Networks (VLANs). By doing this and using firewalls on the router I can completely isolate the IoT VLAN from the rest of my home network. Because I only have a single gigabit copper run to the shop meant I had to do VLANs. Once I had the hardware I expanded it further so the Kids have their computers on a separate VLAN so that the DHCP Scope hands out different DNS settings which also limit what they can go to yet my network has full access to anything. Currently I am up to 5 VLANs but I am still making tweaks. Next on the list is to replace my Wireless Access Points with ones that can do VLANs as well.
    TV manufacturers are interested in understanding your viewing habits so that they can be certain to design their TV's with the appropriate list of apps and such as well as potentially offer streaming services themselves. Sony, as an example, gets you to agree to sending them this information in exchange for things like allowing the TV to call home to see if there are firmware updates. If you don't agree, they don't track you. And it becomes YOUR responsibility to ensure that the firmware gets updated when needed by downloading it to a USB stick.

    Firewalls, ACL's, and VLAN's aren't going to help in this specific scenario, because you'll have to block ALL access for the TV to call home, and that means that it also won't be able to check for firmware updates. Additionally, the local TCP stack on the TV will get loaded with "SYN_SENT" open sockets that will start to slow the TV's operation down.

    You can lock everything down, but as soon as you actually access something that's allowed (like streaming a movie), your ISP "knows what you're doing". Everything is about demographics (and has been for a long time), and you only understand trends and such by collecting and analyzing data. Anyone that HAS data, sells it to those that want it - it's the way of the world.
    MDrew, BigJim55, PJR832 and 1 others like this.
    ---

    2011 JD 2520 with 200cx loader, 61" materials bucket, and Artillian JDQA Pallet Forks (42" forks). 62D MMM, ballast box, turfs, and loaded rears.

  12. Top | #10
    sennister's Avatar
    Join Date
    Dec 2015
    Last Online
    Yesterday @ 09:48 PM
    Location
    Twin Cities, MN
    Posts
    2,092
    Thanks
    30
    Thanked 224 Times in 185 Posts
    Quote Originally Posted by tomd999 View Post
    Hiya,

    The one weak point in the consumer grade network hardware is the security of the chipset to be accessed using a known root equivalent account, not the root/admin account. Consumer equipment has this type of access to make patching and upgrading easy for the end user. The accounts and PW's are well known on the darkweb so once someone figures out what brand of hardware they are dealing with, they are 1/2 way to getting in. Enterprise FW hardware, for example Cisco, Palo alto, Checkpoint etc. don't use this secondary root account system.

    Another caution is that any wireless AP's and IoT devices also have this type of attack vector, even if you have segmented them on a unique vLAN and changed the root/admin PW, they can still be accessed by someone that can capture traffic off the wi-fi. It is very easy to spoof a MAC address and wifi encryption can be decrypted in minutes using the encryption options in consumer grade AP's and routers. WPA-2 PSK can be decrypted with just 4 packets is what I'm reading. If you want to really secure your wifi you need to stand up a Radius server and issue your own certs and encryption. Also, turn off SSID broadcasting for your WiFi AP's

    One of the simplest ways to segment a network is to set up multiple FW's and create DMZ's for devices you don't want to have talking to the protected networks. For my home network, I went with a 3 FW tier using 3 separate non-routable address ranges and kept the highest value traffic on the inner most network. The FW's are all different brands of used enterprise equipment as are the layer 2 and 3 switches, this way the same attack vector that works for the first in the chain won't work for the 2ed or 3rd and since they would have to deal with non routable address', it makes hopping to the 2ed one a lot more difficult. The AP's are also enterprise grade using Radius and VPN. Not that I need this level of security as my property is rural and large enough they they would need to be on my property to be in range but when I lived next to a university, my wifi was probed daily, I eventually setup a live CD Linux honeypot on it's own AP that would keep them occupied and distracted from my real network.
    This is just the first step in what will be a long process. By no means is what I outlined the final overall network plan. While it is great to use enterprise grade hardware it isn't like Cisco and the other enterprise class systems are free from issues. Here is a good example from just over the last few days. We are scrambling to address this issue at work now.

    https://tools.cisco.com/security/cen...-20180129-asa1

    I do have some enterprise grade equipment laying around but one must walk a fine line when it comes to home equipment. What is my risk? I could do quantitative risk analysis figuring out my ALE but I am not a business. At what point is good enough all I need and at one point does maintaining my home network become a full time job? The last thing I want to do is spend all day at work doing this stuff and get home doing more of the same. It is fine to a point but really, how big of a target am I? What steps can I take to Reduce/Mitigate, Assign/Transfer, Accept or ignore said risk?

    As far as using that enterprise class equipment. I could buy it new but it isn't cheap and I would rather spend my free money on other things. I could pick up used equipment that has been retired for a decent price typically once it is end of life in a business application. However for most businesses it is end of life because updates are no longer available. So is it really better to run enterprise hardware without remediation for known exploits? I agree with the concerns with your lower end consumer grade equipment. Way too many back doors. But it isn't like you can fully escape them in the enterprise. Look at the Cisco reference above or the Intel mess that has been going on over the last few months between Spectre, Meltdown and Management Engine issues. These issues are not only at low end consumer grade equipment but also the hardware running our vShpere environment. The way I look at it is I would rather go with something more middle of the road in the "prosumer" market. Ubiquity isn't enterprise class equipment like Cisco and in a corporate environment I wouldn't deploy it, well not at least when talking their routers. I guess their long range wireless stuff is pretty good. It isn't something you are going to find walking into Walmart though either. They are not targeting home users. Maybe a SOHO if the person was more advanced that your average user but mainly your smaller offices up to 100 or so users is kind of their market. An organization without the funding for high end stuff but maybe an IT Staff of 1-2 people that are jack of all trade type people. While there is a GUI, it is pretty limited. You are better off diving into the CLI and that will scare off most average users. Most importantly there is a support system and updates come out for it without having to rely on a SMARTnet account with Cisco. Sure we may have access to that from work but technically I am talking home use. Same goes for other accounts like MSDN. Sure I have an account, but should I be spinning up servers with it at home when work pays for my subscription? Have I done it? Sure, I needed to test out something for work but didn't have time to wait for someone else to spin up a test environment for me so I built my own. It wasn't a perfect replication of the corporate environment but it got the job done and if something went boom the only thing at risk was my home environment so work was fine with me doing it. I could have probably used the evaluation version of server but it takes time to build Active Directory do I really want to go through all of that every 180 days? No, it is easier to have at least that up and running. After all that is what the dev licensing models are for. Also, Ubiquity is well known enough and used by plenty of security researchers out there in their personal networks. I am sure a lot of them have Cisco or Palo Alto equipment as well but I know the Edge Router and Edge RouterX is popular with people working in this industry so people tend to poke at it. It's feature set is also pretty darn hard to beat for $60. It is a router that is far more capable than anything in the consumer market.

    As I mentioned there are layers of security that are yet to come. I mentioned switching out my consumer grade WAPs for what will most likely be Ubiquity WAPs. Not completely settled on that but 80% sure. I am not in a rush for this and am waiting a bit to see how WPA-3 pans out. There is getting to be more chatter about this recently. Not sure how much I like about it being developed behind closed doors but we don't have much choice in the matter. For now I can get by for a few months with my mix of consumer grade stuff and see how things play out. Because I am probably waiting for now, the next phase will probably be moving some equipment around. I need to move where my cable modem and router is located so that I can set up an older computer that I have set aside to run pfSense. They are currently in my livingroom and I don't want a PC chugging away with pfSense 24x7 there. I can relocate this equipment to my basement pretty easily. That will probably be a spring/summer project because I need to do some rewiring. Once that is in place, that will be the primary firewall which is a different system and platform that the router. The router will be a secondary layer of firewall with its main job really being to filter traffic between my VLANs more so than protection from the outside but it will do that as well. The management network for all switches and the router is on a separate non-routable network. Currently the only way to access the router and switch management interfaces is from a really long CAT5 cable in the livingroom that reaches where I sit watching TV. Well, I guess there is nothing stopping me from assigning that VLAN to a VM on my HyperV machine because it is connected to one of the managed switchs on a trunk port. I would have to look and see if that VLAN is on the trunk port to that machine. I could take it out on the switch side and lock that down a bit more. Then short of some form of backdoor it would be tough to get to any of my management interfaces. Well unless someone had physical access and all bets are off then.

    One of the other phases will be setting up MFA for logging into the VPN connection. Currently using certificates but I want to add MFA to the mix to complicate things a bit. I am sure there will be additional phases as time goes on.

    I don't think I have ever broadcast my SSID but really that is a minor thing to get around. I have a laptop running Kali and I have lost count the number of times I have broken into my network broadcasting my SSID or not and with all the various levels of encryption and various brands of consumer grade WAPs. This is something I do against my home equipment. Not the local coffee shop or at work. I am sure you are familiar with this distro and therefore aware that MAC addresses don't mean much when using less common operating systems like this. Not that MAC address filtering does much but I can't use it because of systems like this that I use because every time I boot up that machine it gets a new MAC address. However even in more widespread platforms like Hyper V and VMWare, because everything is virtualized, it is very easy to assign whatever MAC I want to any platform even if it isn't easily configurable in the operating system.

    Like you I am in a more rural area. While someone could probably connect to my wifi from the road, I can see the road from my livingroom and they are not going to do it without special antennas but those can be made with something as simple as an old Pringles can. Part of this is because of distance and part because I live in a near faraday cage with the steel sliding that is on my house. The pole barn/shop also has wifi but that is steel siding and roof so it is the same way. Some signal gets out from the window openings but the range is pretty limited. Sure I am not always there looking out my window to see if someone is stopped at the end of my driveway aiming an antenna at my house but where I live it is a dead end road with enough houses where everyone knows everyone's vehicle to raise suspicion. Our houses are far enough away from each other that we have a certain amount of separation, well kind of. Our lots are narrow but deep and while I can see home networks from the homes to my left and right, across the street or the houses behind us are all much too far away for normal antennas built into a laptop. Those neighbors to my right and left could likely see my networks but I don't worry much about them as we are all on good terms. Their technical level is of such that they would come to me for issues that they have. That might change as their kids get older but they seem to be more into hockey than computers.

    Like I said this is going to evolve a lot more over the next year or so as I have time. Like in a corporate environment the firewall layers are always going to be evolving. Time is the battle there. I will likely make my IoT network a DMZ and that has been on my list of configuration changes. There are enough devices that live there to make it look like your average home so someone might not take the time to dig much more to discover other layers. I really don't have a lot for commercial IoT. My TVs are smart TVs but are not connected to Wifi or physical connections to the network. No need to. I do have some Google Home Minis, Nest, Nest Protects, Chromecasts. The light control stuff I am doing is all home built and uses MQTT with Home Assistant running on a VM in the house which is the reasoning for setting up the VLAN. I needed to get the isolated network from the Hyper V machine in the house to the pole barn where I am doing home automation stuff right now. At some point Home Assistant may get moved to a RaspberryPi and physically sit in the IoT network. I have other priorities right now though as I balance risk with paranoia with some nice to have features.


    JD Z950R 60" Deck with DFS Collection System

    JD X585, 54C deck,
    CTC Model X4750 F.E.L - Modified Imp Pressure Relief from 900 to 1175PSI, Power Flow and MC519 cart, 54-inch Quick-Hitch Front Blade, 47-inch Quick-Hitch Snow Blower, 3-pt hitch, HF Quick Hitch, Heavy Hitch, 48" box blade/rear blade, Dethacher, 3pt Sprayer

  13. Remove Advertisements
    GreenTractorTalk.com
    Advertisements
     

Page 1 of 3 1 2 3 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •