Seems pretty lenient
In the old South Africa it would have remotely triggered a flame-thrower
Samsung is remotely bricking smart TVs it said were looted from one of its South African warehouses amid violent unrest in the nation. On July 8, rioting kicked off in KwaZulu-Natal, the home province of former President Jacob Zuma, as he started a 15-month stretch behind bars for contempt of court. Shopping malls and other …
Yep, South Africa, the country that bought you the Blaster
"The Blaster (also called the "BMW Flamethrower") was a 1998 invention by South African inventor Charl Fourie designed to provide a defence against carjackings."
Wikipedia claims Fourie to have invented the Blaster. That is not correct. I saw a piece of news on exactly the same kind of device in the 80s. Don't believe everything on the Internet, kids ;)
"I am not so sure that South Africa is really any different for most poor people."
In Seattle, the poor people burn the cars. Including occupied police cars.
While I can appreciate their desire to prevent stolen goods being used, I'm rather more concerned that they are able to brick them remotely. Apart from themselves bricking the wrong ones in error (and don't say it can't happen) there is also the risk of some script-kiddie finding out how to do it and considering it great fun to wipe out a city's worth.
Surely, they are able to identify where they are (at least by IP) when they are working.
It is FAR more interesting that Samsung is "keeping with our values to leverage the power of technology to resolve societal challenges" by bricking TV's stolen from THEM, but not from everyone or anyone else, as the statistics linked shows that housebreaking is the #1 theft in SA.
So you steal from me [Samsung], we'll brick you.
You steal from our customers? Well, err, we'll get back to you on that "societal change" bit sometime soon...
Typical speaking out the side of your mouth, corporate mealy-mouthed double-standard-speak
I disagree - Samsung being the owner needs no further proof that it is stolen. There is no question as they have an authenticated and verifiable list of stolen TV serial numbers, no other party is involved.
For the wider world, it is a customer support nightmare. "I bought it, paid cash", "it was a gift", "the shop owner is lying" etc
See the poor feedback from their phone experiment- they tried.
maybe this is something for blockchain.
Many devices have "Please register your device for better warranty and customer support!" claims within their documentation.
It is simple: You legitimately registered your product right after purchase, verifying your immediate ownership. You now reported it as stolen, from the authorized registrar - we can brick it for you.
What is so hard with that??
Second hand sales? This is not a small percentage for a product like a TV. Then there are things like divorce, some mentioned financed purchases.
There is no verifiable way to know that the registration information is current (or accurate at all for that matter).
TVs aren't as personal as phones are. That's what is hard with that. They are low margin so adding customer support overheads is rarely justified.
The worst part here IMO is that registration is becoming *proof* of ownership. That is a minefield. If it was registration done as part of the device onboarding perhaps less troubling. It would need to deal with returns.
Samsung ID and Find My (Our?) TV sounds workable.
Now if you bought a second hand TV, what is the secure ID transfer process, after the fact?
It would have to err on the legitimate owners side - if transfer is easy, UI lockdown is risky to invoke and useless (as the ownership data is more likely to be incorrect), if transfers are hard, UI lockdowns can be done safely.
It could deter second hand sales, so there are $$$$ there to be made though..
But if all that is true...why have remote bricking in the first place?? Having it at all incurs, from the customer viewpoint, all the negatives you mention.
Therefore, exactly, what was the point of creating the technology if Samsung was never looking to implement the tech towards customer support in the first place?? If Samsung is unwilling to allow customers to use the technology for their personal benefit, say after a robbery, what functionally does it therefore provide?
Except for a function that only SAMSUNG itself has a use for...??
For service/dealer use only. Cases where it is legally required, or where there is no ambiguity regarding ownership.
For the latter it is just Samsung right now. Could also be for in store use (triggers on another WiFi network name for eg). Might be part of the demo mode app for all we know.
They likely can turn it off remotely for customer support reasons.
It just isn't a consumer feature, which is what you started this thread with, and I gave reasons why it isn't simple to just open it up like that.
It is simple: You legitimately registered your product right after purchase, verifying your immediate ownership. You now reported it as stolen, from the authorized registrar - we can brick it for you.
When you say "register", you mean subscribe to spam and additional tracking and exploitation?
How many people really register their TV, create a vendor account etc? I certainly never have, as the manufacturers have repeatedly proven not to be trusted, so why give them even more data to abuse.
If you have ANYTHING that gets updates via the internet, it can be bricked remotely. It comes down to whether you believe they would act on it in a way that hurts you.
Remotely bricking known to be stolen devices does not hurt you, unless you make a habit of buying "brand new, unopened!" stuff on eBay from a new seller for a price suspiciously lower than you can find anywhere else.
Barclays bank bricked my account for several days until I realised something was wrong. They couldn't be bothered to ring my account registered landline number to check if my large transfer was intended. Their excuse was that their "potential fraud" system could only send texts to mobile numbers.
"It is good the bank never uses it, and sticks to letters or texts"
A phone call from my bank would have been perfectly safe. All they had to do was tell me the amount and recipient for my verification - which apparently is what their mobile text messages say. At this rate every time I pay a bill of a few thousand pounds they are going to block my account.
Bank apps means having a smart phone and a SIM contract - a not insignificant addition to my monthly budget.
"calls from the bank are a key phishing method"
If the banks would simply tell you that a large transaction is pending and if you didn't initiate it, you should visit your local branch or log in to your account online, that would be fine. If people would understand that if the bank calls, they aren't going to do anything other than notify you, that could be fine. The same goes for emails with links. Paypal does this all of the time. They even keep trying to "authorize" a device I've logged in with which I do not want to happen. What if that device is stolen? What they should do is notify and leave it up to the customer to enter the URL of the bank themselves from their own records and review the account. I don't "do" text so that's a non-starter. Plenty of my friends get all sorts of phishing attempts through text. So many sometimes that it's a worthless service to have.
"If the banks would simply tell you that a large transaction is pending and if you didn't initiate it, you should visit your local branch or log in to your account online, that would be fine."
Until the ONLY means of contact for the bank is an app that can be Trojaned (because the last local branch of ANY bank within driving distance closed years back).
"Paypal does this all of the time. They even keep trying to "authorize" a device I've logged in with which I do not want to happen. What if that device is stolen? What they should do is notify and leave it up to the customer to enter the URL of the bank themselves from their own records and review the account."
If people have memories SO terrible they can't remember a simple password, what does that say about a whole blankin' website address, meaning they'll probably have to search for it and get hit by a fake site...
I thought that most (not-so-)smart TVs tended to effectively brick themselves after a couple of years anyway? This app doesn't get updated, that app doesn't get updated, a TV channel switches to a different app or technology and leaves owners of existing TVs in the lurch, etc.
Before you know it, your 'smart' TV is thoroughly lobotomised and you wonder why you didn't just buy a normal, cheaper, TV, and stick a TV stick of some flavour into a spare HDMI port?
Whatever the original intention of Samsung - and security threats like hacks aside - a remote kill switch hands over a lot of power over the user/owner of the device to the maufacturer.
For the lifetime of the product.
Once implementing such kill-switches is regarded as accepted behavior, this power can also be used in for example commercial disputes such as conflichts during a lease or rent of the TV.
Or establish restrictions on re-selling used devices.
In everything more complex than a toaster ...
The number of ways this kind of power can be abused is staggering ...
You're assuming the code has to already exist in the device. They could put up a new version of firmware that's identical to the old one which contained no remote bricking support but this one upon bootup checks for a range of serial numbers and if it is not in that range completes a normal boot.
The support for that "remote bricking" was built in by virtue of the fact that out of the box hardware is typically configured to check for firmware updates first thing. There doesn't need to be explicit bricking code.
ANY company, no matter how much you may trust them, has the ability to remote brick any hardware that can be updated over the internet. So you can worry about that "staggering power" not just from Samsung, but also Google, Apple, Microsoft, Cisco, Dell, HP, Linksys, Tesla, and on and on to every vendor of devices ranging from $10 strings of Christmas lights to $1 million pieces of farm equipment. If it can be updated, it can be bricked. Occasionally not even deliberately.
The one "vendor" that needs this capability that maybe doesn't have it is the DoD. The gear that was given to the Afghan army that's now in the hands of the Taliban would be a lot less useful if it were possible to send a kill signal via GPS satellites. Who knows, maybe it is and they don't want to expose that ability except in the most dire of circumstances.
You're missing the key difference.... the unique ID is per device instead, instead of per-class of device.
Most devices upgrade from version X to version Y, not CUSTOMER Z Version X to Y.
Upgrading a device does not require targetted specific per customer tracking, that they're doing here. I bet they also link the registration for the guarantee to the usage data they get from those devices too.
Samsung here have not only stuck a serial number on the device, they're transmitting it as a tracking id to their servers during the upgrade and providing per-user targetted software. In this case it bricks the device, but it could do many things to their targetted customers and their targetted LANs.
Since they don't get informed when the item is sold, it will also be a GDPR violation. That tracking is done per user.
I assume this was done so they can use that for profit. e.g. sell the bricking to a rental company, the person is behind renting a TV, brick it to force them to pay.
Dealer behind in an invoice? Pay now or we'll brick all the stock in your shop.
Business TV lease for commercial TV signage.... late on the invoice... brick.
But the possibilities once you've rolled it out secretly to every customer are endless.... so if a country decides to stop you watching some channels, or wants to know who watches those specific channels, this tracking stuff lends itself perfectly to that.
I don't think that's "technically" what they're doing, it is almost certain that's what they're doing. So long as your product tracking works well enough that you know the serial numbers of stolen equipment, you can brick it.
And I am fine with that. It only affects crooks, and those dumb enough to buy from crooks. Anything that makes stolen devices worthless is a win for society, as who is going to steal things they can't profit from?
This is also why you see serial numbers of components linked to a specific device. Otherwise they could take apart of the bricked device and sell it as parts. Not sure if there's really a market for that for TVs, because no one tries to replace the display panel of their TV if the cat knocks it over. You just buy a new TV, and put it on the wall this time so the cat can't knock it over! But theft and breaking down into parts is definitely a thing for phones and laptops.
Electronic serial numbers (basically a pre-programmed device with usually a 64 bit ID) have been a thing for decades and have a lot of decent use cases; this is actually one of them (in a way) but it does open up a very large can of worms.
Great for tracking whether your goods arrived somewhere but as with all technology, it is agnostic and can be used for nefarious purposes.
I have designed these things into products for very good reasons in the past as there are clear benefits - automatic scanning of device ID to eliminate human error at manufacture or repair return comes to mind, a use case I have had.
"I have designed these things into products for very good reasons in the past as there are clear benefits - automatic scanning of device ID to eliminate human error at manufacture or repair return comes to mind, a use case I have had."
At the warehousing and sales level a serialized RFID that has the serial number of the product can be used for inventory and routing. It would be very expensive to ship a container full of products to a region where that product won't work. Or even just a pallet that gets mis-directed.
"so if a country decides to stop you watching some channels,"
In some countries the government may want the populace to watch their TV's at a particular time to get instructions from their beloved leader. Firmware can be updated so TV's all turn on, set the volume sufficiently high and to a particular channel and can't be switched off. Unplugging would lead to a message being sent to the local office so the people in that household can be rounded up and brought to a facility where they can be specially shown that broadcast while under supervision and given a test afterwards (along with some re-education).
How is the black hat hacker going to get the GPS satellites to broadcast a kill code using the military encrypted channel with a special key (perhaps even a key linked to the serial number of the device you want to brick?)
I imagine they could protect the encryption key needed for that kill code VERY well, in some safe deep in the bowels of the Pentagon. It wouldn't be something a hacker could get even if he got into the DoD's classified network.
I think it’s difficult these days to get a truly daft telly. We got a number of LGs for our rental houses as they had satellite receivers built in. In principle they were smart but I never told them the WiFi password and they worked just fine.
Would that not be the same with the Samsungs?
"The one "vendor" that needs this capability that maybe doesn't have it is the DoD."
Governments are really bad at keeping secrets so the bricking code could backfire in the worst possible way and at the worst possible time. The bigger problem was pulling out of Afghanistan with no plan to remove anything useful to the enemy. They got uniforms, weapons, ammo, high tech, vehicles and helicopters. That's a serious load of incompetence on the US's part.
You know that the moment this hit the internet, bunches of unscrupulous hackers just basically said to themselves "challenge accepted". The only question they're probably asking themselves is whether they sell the information to Samsung's rivals or Samsung themselves. Either way, the revelation that it can even be done seems like a bad idea to me.
The attack surface is not greater because of this and it is pretty easy to detect such activity without any manufacturer announcements - it's just wifi or ethernet.
If you can compromise a secure, authenticated channel (let's say they use TLS1.3), then a basic FW upgrade is all it takes to do a whole lot of damage. Just FF out the flash.
This is true regardless of a existence of a serial nr based functionality block - they are not bricking it as the term is normally used. It will probably flash a customer service number to support incorrect blocks.
I'm rather more concerned that they are able to brick them remotely
For me this justifies two things:
* do not connect TVs to the internet (use a box of your own choosing with HDMI or component output)
* do not purchase TVs from companies that CAN actually do this
Last thing _I_ want is for my legit purchased hardware to "accidentally" be BRICKED like this. So you companies who TREAT YOUR CUSTOMERS LIKE POTENTIAL THIEVES, TAKE NOTICE.
At least ONE potential customer WILL NOT BUY YOUR SCHTUFF UNTIL YOU STOP IT!!!
"there is also the risk of some script-kiddie finding out how to do it and considering it great fun to wipe out a city's worth."
This is the worry I have with EV's that can be pwned remotely. Forget the script kiddie, a more "organized" group could hold a big city hostage by threatening to brick a bunch of cars during a Friday rush hour or at a major road nexus/bridge/tunnel.
I'm not installing one of those IoT thermostats at my house. Another insecure device that could wind up costing me a whole pile of bank notes.
"This is the worry I have with EV's that can be pwned remotely."
Exactly right. Tesla can unlock my car remotely (and a service technician did once use this functionality to get into my parked car when I was not there).
What if Tesla got hacked? thousands - nay millions - of them could be stolen or held for ransom.
even simpler : don't configure any WIFI.
You need to at least tell the TV which WIFI network to connect to ( and if you're not dumb provide the password needed for that specific network ) before that TV can connect to Internet.
If you don't provide those there's no way it can connect, so there's no way it can be bricked.
Unfortunately the TV is barely useable as you have to accept an EULA before being allowed to watch your content.. and the EULA requires internet connectivity to clear. Went through this a few weeks ago with my dad's new Samsung. Very disappointed in them for forcing the EULA for a TV my dad will never ever connect to the internet with or use any of the built-in apps.
Worse still, in order to activate the FreeView application in some TVs, you have to have a strong enough TV signal via an aerial that it can detect the region data in the MUX broadcast. And it needs to check that every time you start the application. Kind of buggers the idea of having a smart TV for those bits of the house where you can't get a good signal from the terrestrial digital TV masts but the WiFi / Internet signal is OK.
Consumer devices don't have detachable antennas inside. They're soldered on. You can undo that, but that's a lot of work to remove the back of the TV and who knows what else to access the wifi module.
It is going to be harder to sell a smart TV as "brand new" if it doesn't have working wifi, since almost all consumers will activate that the minute they turn it on. When that fails, they'll call Samsung, find out they acquired stolen property, and go back to whoever sold it for a refund. Unless it was sold out of the back of a truck, they'll get that refund either via their credit card company or Paypal.
I was about to say that the looters aren't smart people. But then there was a report of looting at a warehouse where some of the looters arrived in expensive cars and a 3 km long queue formed in the road.
That reminds me of an accident on the N1 at the John Vorster bridge one morning where a small truck carrying boxes of mango's overturned. Traffic was an absolute nightmare because people parked their X5's and LandRovers in the middle of the highway to go and help themselves at some free fruit. One would think that someone who can afford an X5 can afford to buy a box of fruit as well.
"it is staying rich that needs continuous effort."
Pretty much the starting plot of "The Other Sinbad". Sinbad the sailor goes to foreign shores, has adventures, makes a fortune, and returns home. Lives an insanely lavish lifestyle, including parties where rare and expensive foods are tossed around like cheap snacks. One day realizes he's almost broke, sells his last few possessions, and buys a ship. GOTO 10...
Look at what happened when that cargo ship went down of the South Coast. Hoards of people descended on the beach to take anything they could.
BMW did something with the motorbikes that were stolen, blacklisting them for warranty and support. Whilst this may not be a wholly customer friendly approach the instances of looting and theft of brand new goods ultimately cost everyone money:
Increased insurance.
Increased product prices.
The only winners are the people who steal and then sell them. Those who buy these sorts of "too good to be true" items are equally part of the problem.
So much is connected to the Internet now anyway that it really is no surprise that this sort of action is being taken. Whether you agree is a different thing but if it starts making stolen items less desirable maybe it is a good thing. I think a lot depends on whether the action sticks with the theft of unsold goods or becomes more widely available as facility to be used as part of crime fighting. The first is easy, the second much more challenging and open to abuse.
Having said that there are plenty of devices that can be remote wiped or bricked as part of theft loss security by the owner.
If it's in the UK, any ship wreck is still owned by the original owner. So any removal of cargo, including flotsam, jetsam that fell overboard etc, has to be reported to the HMG within 28 days.
The salvager could then be entitled to a reward (but must return the items to the owner if requested), or potentially be allowed to keep it if the owner of the wreck doesn't claim it.
If no one claims the wreck itself after 12 months, it becomes the property of HMG. But same rules above apply. i.e. The HMG would then own all the salvage from the wreck, so could ask for it back at that point, assuming it was declared by the salvager of course.
If the salvager simply keeps it, without declaring it to HMG, then under UK law, that is theft.
That's a carefully crafted statement there, but methinks its crafted to mislead, since UK law must be the same as international including salvage.
Salvage is not theft, the salvage fee is 10-25% of the value of the goods. 30% for environmental damage. An arbiter decides this, its not a nice gift for your time that's some sort of nice gesture.
Salvage of flotsam is legal.
You explained a penalty for failing to report the goods to the receiver of the wreck (a government body) within a reasonable time as if it was theft, but its not. That will be the same in the UK.
[Added]
Yes it is the same, not theft. It's a violation of 237 (2) of the 1995 Merchant Shipping Act. A £2500 fine max and forfeit the salvage right.
"237 Provisions as respects cargo, etc.
(1)Where a vessel is wrecked, stranded, or in distress at any place on or near the coasts of the United Kingdom or any tidal water within United Kingdom waters, any cargo or other articles belonging to or separated from the vessel which are washed on shore or otherwise lost or taken from the vessel shall be delivered to the receiver.
(2)If any person (whether the owner or not)—
(a)conceals or keeps possession of any such cargo or article, or
(b)refuses to deliver any such cargo or article to the receiver or to any person authorised by the receiver to require delivery, he shall be liable, on summary conviction, to a fine not exceeding level 4 on the standard scale."
The act of salvage is legal, but does not grant ownership to the finder. It's legal to grab that bottle of whisky from the water. (I didn't know this). If you then turn it over to law enforcement or the original receiver, great. If you dig a hole in your garden and bury it, that's illegal.
Flotsam is material from a wreck, and jetsam is material that is intentionally cast overboard. I guessed that these would be handled very differently, but it seems, at least in UK law, all salvage regardless of circumstance is treated similarly. Maybe that just avoids argument.
I just learned a lot! Thank you! https://www.gov.uk/guidance/wreck-and-salvage-law
well, mine too, but perhaps things have changed for 'better' in the last few years? I bought mine about 4 years ago, perhaps now you do HAVE TO connect it to the internets to make it work? If so, sooner rather than later, this will be applicable for 100% of new tv sets, all brands.
"just don't connect it to the Internet at all."
Until you find it has it's own wireless connection, possibly simply by looking for open WiFi services or a built-in "mobile" connection. Remember Amazons WhisperNet in Kindles? Cheap (essentially free to the user), slow, but gets the job done.
has been done right, Samsung have put a machine cert on the device, so that any TV to Samsung HQ traffic is signed and encrypted.
However, Samsung do not have a great track record with security.... Their Face ID stuff on their mobes used to be conned with a printed photo of someone from facebook (My role used to involve testing this stuff), so MITM attacks, especially if it's looking for open networks, are inevitable.
It wasn't very long ago that Samsung inadvertently bricked huge numbers of Blu-Ray players due to the most basic of bugs in an XML parser:
https://www.theregister.com/2020/07/18/samsung_bluray_mass_dieoff_explained/
Samsung's ineptitude is why I tell people who buy Samsung TVs to simply use them as displays. Get a Roku or Apple TV, and don't connect the Samsung at all. Problem solved!
All of my TV's even though they are smart, I use an external streaming device. The external units just do a better job. The menus are faster, they boot faster after updates, etc. The entire architecture is just better. I even use a Logitech Harmony hub with remote, so it makes switching between the inputs and devices a breeze. Push the action I want on the screen and the hub takes care of it. Now the TV is connected to the network but for the sole purpose of the hub communicating via Ethernet to the TV and that the TV's are blocked outbound at the firewall. The Harmony hub is also wired and powered via PoE.
This post has been deleted by its author
Not just connected devices. This crap has a knockon effect.
I held Samsung in high regard, then their tablets started getting funny with Microsoft and Bixby was forced onto me, and the Samsung TV I bought would phone home on every change of channel (and always starts up on the Samsung TV IPTV channel too now), and I decided I had enough of Samsung.
It was like a switch in my head said 'enough'.
So, I need to upgrade a fridge, the old one was Samsung and cheap, I decided I'd try a Chinese one for a change. Hisense, 66% the price, all glass shelves no Korean plastic, and shock horror, works perfectly and reliably.
The next vacuum cleaner that breaks, I won't replace it with a Samsung.
These are not connected devices, I just don't feel like Samsung is a quality brand to me anymore, and so why pay a premium for it?
A quick search of Amazon says Samsung UK fridges have 2 years warranty, which is the EU minimum (and I assume still the UK minimum):
https://www.amazon.co.uk/Samsung-RR39M7140WW-Freestanding-Fridge-Dispenser/dp/B072F41WFG/ref=sr_1_2?dchild=1&keywords=samsung+fridge&
"
Question:
Does the fridge come with a warranty
Answer:
Yes. It comes with a two year manufacturer’s warranty."
But also, HOLY FOOK you are paying way over the odds for stuff there in the UK. I mean like double the Thai price. That Hisense fridge freezer I bought was the equivalent of about £177, the cheapest I can find in Amazon UK is more like £350!
In a sense, that's pretty much every smart device. Every Windows or Apple-based computer... if it connects to the internet, it will likely have auto-updates and some form of "dial home" function.
Sure you can jail-break your smartphone and remove all the manufacturer's/reseller's apps that are otherwise untouchable while voiding the warranty in doing so - but really, you could do that with any device if you had the knowhow.
Smart Tech has long since taken control out of our hands - this is nothing new.
Block the IP address on the router so the TV can't contact Samsung servers (hope it's not a BT hub etc. as the ISP can totally communicate remotely with those too).
I gather that you don't own any mobile phone or an iPad then? They can be bricked remotely with a telephone call to Network Provider or someone that has an iCloud login on the device. I believe Google also implementing a "Find My" like function in upcoming versions of Android which may have a user enabled automatic remote locking function in case of lost or stolen.
Err, in the article it is only affecting stolen items that have come from their warehouse. Pretty much any modern device is now connected to the Internet to provide functionality the many in society appear to see as critical to life so Samsung will not be unique.
Hell, Apple can probably brick every piece of iStuff out there if it is connected. They have just not publicly said so. If someone stole a load of new iPhones will they actually work?
I like my samsung TV although every software version seems to make it less responsive and you feel you have lost something quality wise in the performance.
I dream of finding some mythical way to put the original software version on that worked so well.
If like a friends Samsung mine stops working after the 5y warranty period I will assume its something they do and dig the dumb old plasma out and watch less tv to balance the green credentials.
They seem to be trying to be too clever and it will bite them on the ass.
I can remotely disable my iPhone - I can remotely do stuff to my car - and I can remotely shut down a whole bunch of electronics in my house. I like being able to do this - but I'm not so naive to assume that the manufacturer also can't do these things to my equipment if it so chooses. So I can't see how this is any different.
The difference is that you can't disable your samsung tv if it's stolen. If samsung's property is stolen, they'll press a button so it's got no resale value... but they won't let you press the button when your property is stolen, even though clearly that could be an option.
Making lemonade there I see:
https://www.youtube.com/watch?v=GUl9_5kK9ts
Wireshark a Samsung TV, and you'll never connect it to the internet ever again. It doesn't surprise me they've adding 'bricking' to it. They have confused their users with their inventory.
Now it comes down to which lobby wants to buy those users viewing history and bricking rights.
Data analysis companies that have their SDK added to streaming applications and television factory build operating systems for years.
During regular use, telemetry from the player is sent to a data warehouse, it's analysed, sold to other vendors and merchants, where it can be used to justify advert placement, commissioning etc.
They'll tell you it's to ascertain the quality of playback, but this is only the sideshow of what it's really all about.
How much data is gathered? Depends on the player, but even skipping playback or adjusting the volume can be captured.
Fun exercise: See what happens if you block address ranges you notice your device is sending to.
Can they come and brick my Samsung Smart TV as well please? At least it'll stop the fucking useless, intensely annoying and utterly illegal (in the EU) ads popping up on the Smart Hub bar which I didn't ask for*, didn't sign up for* and didn't agree to*. Samsung have become scummy bastards who'll sell their grandmas for a nickel; I used to like them and their stuff, but their approach to customers recently has been one of total contempt.
* There's always at least one commentard who says "well that's what you get when you tick the license agreement you didn't read" - well I did read it. In fact I still have it from when I bought the TV. And there is nothing in it about ads. And the electronic EULA for the Smart features doesn't count, because it's embedded in the TV and thus you need to buy, open, install and register it before you can read it. Which is illegal in the EU. And if you reject the EULA you can't use ANY of the smart features at all, which is also illegal in the EU because the ads aren't necessary for the functionality, and they also don't form a component of the financial transaction with a benefit to the end user, because I paid full price for the TV with no subsidy for ad functionality.
@Julz presumably they've updated the T&Cs so TVs bought now aren't technically illegal. The difference is that mine was purchased in 2018, before they got it into their heads that there was an unpillaged revenue stream there - and crucially before they included reference to it in their T&Cs.
Whether it's in the T&Cs or not determines whether it's illegal, or just immoral and vile.
Ah, but remember, they're not stuffing adverts onto your TV. That would be sleazy and disreputable. No, no, no. They're "leveraging their rich ecosystem of consumer-focused technology to bring you an unrivaled and carefully-curated selection of exciting offers from valued partners and major brands, at no extra cost to you, their valued customer, to keep your experience with their products fresh and dynamic".
I could go on in that vein, but honestly, I've thrown up twice over my keyboard already.
At least you have the good grace to write facetiously. Samsung's initial email back to me was flippant, disrespectful, and - from a legal perspective - risky.
"Hi! (smiley face emoji) It is not possible to completely disable these ads. The personalized ads should actually benefit the total user experience. I am sorry that you feel differently. All the best! ^Theresa"
By the way from a 'let's have some fun with this' perspective, I'm working with a notary public at the moment on an unrelated matter; I looked up the names of Samsung's in-house counsel here (on LinkedIn, natch) and managed to convince my notary to write a legal letter to Samsung on my behalf. She's not allowed to actually progress anything legally and will only write a "My client has instructed me" letter stating my case, but my sincere hope is that it puts enough of the shits up them to wipe the 'smiley' bit off their response and actually consider I might just be pissed off enough to do something about it.
> that it puts enough of the shits up them to wipe the 'smiley' bit off their response
And what then? It's not like those customer-facing Muppets have the power to do more then to blather meaningless phrases. As for the corporate bigwigs in S. Korea who determine the worldwide commercial strategy of Samsung, you can understand they won't be much impressed by some letter in a far-away country, even if by chance they heard about it (which obviously they won't). In any case, definitely not enough to order the software team to make an ad-free version just for you. I'm sorry but, besides the illusory "I showed them!" part, this seems totally pointless...
Don't get me wrong, I totally agree with you on the principle, but it's an unequal contest. Users have already paid and just aren't of any importance to them except as milk cows, so they won't mind them mooing every now and then.
"Customer satisfaction is extremely important to us, so customers who aren't satisfied should go ... themselves"
Now, if worldwide sales started to drop, that would be a totally different kettle of fish... Remember, they decided to reduce the ad load on their eye-wateringly expensive flagship phones. They can be taught...
This post has been deleted by its author
"It's not like those customer-facing Muppets have the power to do more then to blather meaningless phrases"
The letter wasn't addressed to the customer-facing muppets, it was addressed to the Head of Legal & Compliance and to the General Legal Counsel at Samsung Electronics, in the country where I live. I'm not interested in pursuing a corporate strategy shift, but I do want the ads either removed, or my money back. One of these two things will happen; most likely the second in order to make this go away.
Of course anybody wishing to follow my lead is welcome, and if enough people do it then ultimately Samsung will stop giving money back and start taking the issue a little more seriously.
MARKETING GIRL:When you have been in marketing as long as I have, you’ll know that before any new product can be developed, it has to be properly researched. I mean yes, yes we’ve got to find out what people want from fire, I mean how do they relate to it, the image -
FORD: Oh, stick it up your nose.
MARKETING GIRL: Yes which is precisely the sort of thing we need to know, I mean do people want fire that can be fitted nasally.
CHAIRMAN: Yes, and, and, and the wheel. What about this wheel thingy? Sounds a terribly interesting project to me.
MARKETING GIRL: Er, yeah, well we’re having a little, er, difficulty here…
FORD: Difficulty?! It’s the single simplest machine in the entire universe!
MARKETING GIRL: Well alright mister wise guy, if you’re so clever you tell us what colour it should be!
Got PiHole. It's good e.g. essential for websites of the "Reach plc" group of former newspapers.
Got a Samsung UK 2019 TV too. Using PiHole results in fairly basic stuff not working any more. Clearly this isn't PiHoles fault, but...
What kind of stuff? Pretty much anything, even the EPG????
I run Pi-Hole on my network, and tbh the only problem I've found with it - and it's a big one - is that the online "what's currently on tap" page of my local pub's website doesn't work when Pi-Hole is active, and I have to drop off my wifi onto cellular to see if it's worth my wandering down to pick up a growler(*) of anything.
*Note to Rightpondians - this is a glass/metal/thermos-type 64oz beer container. For some reason my brother in the UK sniggers uncontrollably when I mention the term. I remain innocently puzzled as to why.
Samsung is not alone. In today's world, we don't own as much as we think. If you "buy" an ebook or song it can be removed from your device remotely. "Smart" devices (phones, TVs, IoT, etc.) can be bricked remotely. Some are even designed to brick themselves often through non-replaceable batteries. The internet is both a blessing and a curse.
NOTE: Not trying to defend the action by any organization.
No idea why everyone is focusing their attention on Samsung.
Nobody seems to complain when Apple does the same thing to, say, iPhones stolen from their stores.
And, if I remembered correctly, some vehicles in America can get remotely disabled if, for example, it was stolen.
The problem with helping the customers in the same manner is, how do you prove that a serial number matches that customer's TV?
Serial numbers are not logged at the point of sale (at least not in the UK), and customers are not likely going to check their serial number unless they're asked to (such as calling Samsung for support). If the TV is wall-mounted, chances are it's going to be difficult for them to even reach the serial number.
What if a customer sells their tv to someone else - could they then report the serial number and get it locked? (and for added effect, remove the label and/or swap it with a fake one)
We already have scam phone calls where people ask for sensitive information - what if they ask for tv serial numbers then threaten to block them if they don't pay up?
Implementing such a system leads to a whole host of problems.
Even if a customer has their serial number, Samsung has no way of knowing that serial actually belongs to them. Even if the TV is registered with Samsung after the purchase, with that serial number, who thinks to contact Samsung and de-register it again?
Apple have their "Find my..." system that locks their Macs, iPhones, iPads, and iWatches - no repairs can be carried out and the device can be remotely locked by whoever has it registered to their cloud account - does Samsung really want to go down that route for TVs - an item that's not typically known to be portable?
How often are TVs stolen? Is it that serious of a problem to warrant the manufacturer's implementation of a system to lock them down? Is that going to be a selling point? "If you buy a Samsung, when it invariably gets stolen, we can remotely brick it... it won't help you get the tv back, but you'll be happy knowing that the crims will be upset with you and come back for revenge... Hope you improved your security?"
What courtesy is it to customers when they don't benefit, whether the tv is remotely locked or not. Apple locks deter thieves from stealing apple products when people are walking around on the streets with them. A Samsung remote brick isn't going to deter a burglar from breaking into your house - if they're of a mind to pinch a tv and have the means to do it, they're not likely going to be put off by the outside chance the owner can have it remotely bricked if they connect it to the internet.
Most stolen TVs vanish from the back of vans - they have a box!
A modern TV is very large, very thin and very fragile. When installed in your home the box gets thrown away or hidden in the loft/cellar/cupboard of hiding.
A burglar isn't going to bother - it's not worth much without a box, and they'll probably obviously break it.
Serial numbers are usually embedded in the "About My TV" section in the menu.
Granted not much help if the screen is dead\non-responsive\damaged or simply a bare patch of space were the TV used to be, when dealing with warranty\insurance\police reports*.
*My temp storage unit (& 5 others - Padlocks cut off contents ransacked & replacement single keyed padlocks** put on the doors to mask the theft until someone noticed (Me as it happened) their key didn't fit), that I had dropped a load of stuff into recently got robbed. Lost some items of sentimental that probably needed junking so I might be a little up on the event except for the personal items of a sentimental value.
**These replacement padlocks made it easy to spot which units had been hit, thanks to the serial number by the keyhole.
Is it not more likely that this is part of the one-time setup of the device, where it checks for a firmware update when first connected to the Internet?
Perhaps there's a bug in the original firmware, where a malformed response to the "Here's my serial number, give me firmware" would brick it.
A TV that's already done one-time setup might never do it again, and they fixed the bug?
Sure, they most likely could add this "feature" to a future release - but like you and many others said, can't trust that, as it involves a rather large back-end and is so trivially exploited.
This is one of the reasons - the main one being the eventual future day stuffing of your personal videos and songs with ads - that I prefer a dumb TV. But, since those are hard to find now, I just purchase the one I want, hook it up to an HDMI Roku or Apple TV, and never, ever turn on the internal Internet settings. In fact, you should first turn on the TV, or other similar box, in a place where it can't get a wifi signal just in case the Internet access comes defaulted on. Your WPA password should prevent that, but you can't be too careful.
So, Sony can either resign themselves to the fact that I do indeed own this TV, or tough noogies.
And, by the way, my ebooks and songs that I bought also never see the outside world again. The only way they are going to get permanently deleted by someone else is if they walk out to my offsite storage and take a hammer to the backup drives and DVDs. I guess that gives me absolute title to that media also.
Some battles are worth fighting, even if you are up against a formidable enemy.
My internet radio - Denon CEO Piccolo - I bought myself as a retirement pressie worked just fine . . . .
UNTIL the day I did a firmware update. This failed and the device would not function.
Denon Philippines fixed the update but the process lost all my presets including BBC, Classic FM and the others.
The scrolling message told me to open a Denon website.
That told me that Denon no longer support the web directory of radio stations and that I would have to pay a subscription yearly to some other company.
The amount is small, but I am not going to pay out every year for something I believed would work for ever. There is no technical reason why it can't be used.
I now have a brick in the stereo cabinet.
Similarly my Apple TV mark I won't connect to youtube. There may be a technical reason for that, but has put me off from buying a replacement.
"Similarly my Apple TV mark I won't connect to youtube. There may be a technical reason for that, but has put me off from buying a replacement."
The ATV mk1 will still open Youtube; it hasn't been blocked or banned, and it doesn't need any updates or subscriptions to function. There will be another reason why yours doesn't work.
Logging in to your iCloud account on an ATV1 is a pain in the arse though - it doesn't natively support 2-factor authentication, so you need to log in with password only first (which will fail), then log in with your userID and password+2FA code together. it's a bodge and very un-Apple, but it works.
So if you're logging in as lord@elpuss.com with password L0rD_31pu55, you would first use:
Username: lord@elpuss.com
Password: L0rD_31pu55
<fails, sends 2FA code 999999 to mobile>
Username: lord@elpuss.com
Password: L0rD_31pu55999999
... and demands calendar and contact access to change the background image on the home screen. The litany of such offences grows with each passing month. It's so sad; I used to be a staunch proponent of their gear. Lately? It would have to be free... and even then I'd install a 3rd-party ROM before I used the damn' thing.
Yeh, its the trusted module in the sensor. More 'brave' they copied from Apple.
https://www.youtube.com/watch?v=O2UVpBrvrk4
The camera module has crypto keys and the phone registers WHICH camera it has first time, and the camera registers WHICH phone it is connected to, first time, after which its locked. When you switch OS, it counts as a new phone and the camera module then refuses to talk to this 'new phone'.
Reinstalling the old OS doesn't help, the keys are still locked to the now gone phone image.
Of course they cannot release the crypto code for it, or keep the keys because then people would see under the hood of their shitty lockin.
It's done so that Apple/Samsung can force you to buy only the official parts from them at a huge markup and not from the supplier directly at cost.
I was once a Samsung fanbois too, as late as a couple of years ago I would always buy Samsung. Now I've stopped using them. It's all like this, right across their range now. I think its like when HP stopped making better printers to get more profits and started making more 'gotchas' in their printers to milk more profits from their user base. In their head they would keep their existing userbase and simply milk ever more and more money from them, in reality their customer base declined faster than their price increases:
https://www.statista.com/statistics/274447
The same happened to Apple, and now will also happen to Samsung.
They all end up milking brand loyalty in their ever-decreasing user base.
There are legitimate reasons for coding parts; in Apple's case, it's part of the overall security model; ensuring device integrity to make sure that (for example) a compromised camera module (or malware device masquerading as a camera module) can't get in on the ground floor with the OS.
The problem isn't coded parts per se, it's the extortionately priced and restrictive supply chain which forces you to buy replacement parts from them. If components were fairly priced, then coding would be A Good Thing.
Its not trusting the *class* of device, its trusting the *instance* of device. You can swap two identical camera in two identical iPhone models and they refuse to work with each others camera.
The problem they have is the broken iPhones are parts to repair other iPhones which is a whole loss of revenue stream.
All Smartphones have the same feature.
And with them it is a very good security feature.
And while with Smartphones usually a user starts
the process, that killswitch can of course also used
from the company side. It is only software.
What is missing imho is a legal framework for such
actions, including sanctions, damages etc.
It is a slippery slope, because with smart devices it is
only a small step from retaliatory bricking to an up front
registration. Again: with Smartphones that is an
accepted procedure, but maybe there should be a limit
to a small class of devices.
Is this the same Samsung that pushed out a faulty .xml file and bricked a ton of Blu ray players worldwide? I had to take my one in to our local Samsung repair shop and they had to replace the one pc board, thats how bricked it was.
What could POSSIBLY go wrong?....
Always remember folks: its like the old army saying. If the enemy is in range, so are you... In this case. If you can see their servers, their servers can see you.
The HbbTV bit of the service does work - the bit that links to iPlayer and gives you extra channels during Wimbledon.
It's the MHEG-5 news & information service that Samsung no longer support - largely because the BBC said they were going to discontinue it and planned their recent model range to leave out the functionality. Having reluctantly reprieved a cut-down version of the service, the BBC doesn't have the money to make it work with HbbTV too.
I don't know if MHEG-5 is a mandatory part of the D-Book, largely because I can't afford the £50k pa subscription to read it. However, if it is, I suppose you would have a case that the use of the "Freeview" branding was misleading.
But as the remaining bits of information are mechanically harvested from other BBC feeds and are often truncated, out of date or weirdly misplaced you might find it hard to demonstrate you've suffered a loss.
These have been a thing for a long time (at least 30 years).
They can be used in situations both reasonable and nefarious. I have used them for a lot of reasons and one was to be able to scan an incoming part for repair / update to eliminate human error.
Another was to record the cards fitted in a box when shipped so that if the box came back it should have the same cards; we had one customer who liked to accumulate dead cards and then fit them all in one box (the repair contract had a fixed price repair per box so we did this in self defence).
They can certainly be used for other purposes both good and bad.
The market for vendor lock-in has never been more active, although in the defence of some of them, unauthorised (and therefore untested) replacement parts can, and have, caused significant damage.
The technology has existed to do this for a long time; it is a matter of how it is used.
first they came.... for that book on kindle, I think. But I didn't buy into the amazon walled garden, so I did nothing, only muttered about those sheeple.
fforward, Samsung, etc, etc, but I didn't loot, or buy, ultra-20K 8D, 300 inch Samsung telly ultra-cheap, so, as usual, I did nothing, plus my own 'smart' Samsung stays as dumb as it was on day one when I bought it
Likewise, no action from me when Tesla, or other 'smart' car maker decided to brick cars that owners (license holders) hacked to get free access to those 'premium' locked-in features, cause like, fuck, I could never afford any of them cars anyway.
But I did get slightly uncomfortable, because, despite all my inaction(s), I have come to see something shaping up, somewhat vague, but getting clearer, and it's not looking customer friendly, nosir...
'In keeping with our values to leverage the power of technology to resolve societal challenges, we will continuously develop and expand strategic products in our consumer electronics division with defence-grade security, purpose-built, with innovative and intuitive business tools designed for a new world'
somone laboured hard to throw these words out.... and it shows.
I possess an excellent Sony 4K TV. Unfortunately, this like other devices from Samsung, Amazon, and elsewhere, comes with a pre-installed operating system (in Sony's case a variant of proprietary Android). As with mobile devices, taking full control by rooting is littered by obstacles. Indeed, I must not root my mobile phone because a daily use banking 'app' would refuse to operate; this being a not unreasonable security protection implemented by the bank. Other readers will be only too well aware of the unwanted crap sent to smart TVs and mobile devices. Although there are various 'apps' available to mitigate the worst, one is unable to configure a device as one would wish. For instance, my TV insists on displaying the latest vulgar rubbish available from Disney despite my not having a subscription.
Superficially, bricking stolen devices has attractions. Samsung's use of this is small beer protection against theft from warehouses. Perhaps enhanced physical security during storage and transit would achieve better? Individuals who purchase devices should have choice over whether these when stolen can be bricked. In any case, phone operators can deny its use for telephony with its current SIM card.
I suspect Microsoft, and similar, would love to disable PCs and servers when copies of their software are unlicensed. I don't doubt they possess the means. Holding them back is reputational damage and huge compensation awards to entities accused in error. Just imagine the comeback should corporate servers wrongly be disabled. That applies to any device/software distributor with legal presence in the USA or other litigious nations. Samsung ought beware.
This thin edge of wedge leads to application of bricking for infringing 'rights' to any kind of software and digital 'content'. Elsewhere, I have speculated that Microsoft and other proprietary operating system manufacturers have a potential market in selling access to anti-infringement tools to copyright holders. So long as only the infringing 'content' is disabled, perhaps with a 'call home' identifying the miscreant, it seems unlikely the software vendor would end up in hot water.
So scuttling off to weaponize this.
I can think of a dozen uses TODAY to pwn specific pre-looked-up-model-number smart TVs such as those used in shops creatively. Holtzmann voice.
Of course strictly for amusement purposes, ie for proof of concept so the right button combination restores all functions.
"BREAKING NEWS: ALIEN FLEET ARRIVES" anyone?
Incidentally my Sony Bravia from the Early Myspace Era (tm) is still going but ran into the MHEG5 issue.
Its only really a problem if I use free-to-air but having one HDMI limits my options somewhat.
Now if there were a way to make say a Bluray player output VGA natively but still report that its
connected to HDCP enabled device in another room that isn't even turned on.. hehehe.
A RPi can output composite video so the function on older players enabling compatibility with non-HDTVs
might still be present though not used.
I get why Samsung etc. want to sell us all smart TV's as that gives them lots of stuff to market. As a consumer however it doesn't give me very much. New versions of TV's come out every year and "app" support for many models is patchy. Sometimes apps for a particular service never arrive and often after a couple of years apps are dropped. Plugging in an Amazon firestick gives much better functionality. It's also dirt cheap so should you need to upgrade to a better one after a few years it's not a problem.
As I watch all my actual TV through a PVR (a YouView box in my case) I don't have any need for the TV tuner part of the TV either. In fact all I want is a nice flat high resolution 65 inch monitor, with or without speakers, that can be fixed to the wall with a couple of HDMI connections hidden behind it. Of course that's not an appealing product to Samsung as their marketing machine needs "features".
> Why bother with smart TV's?
Because there are no dumb TVs left? And that's because making a TV "smart" costs only peanuts, and it allows to collect juicy profitable user data to resell.
As a result you are supposed to only buy "smart" TVs. After all they are more shiny and hip than the tired old dumb TVs, aren't they, progress and everything (cue picture of pretty happy family having clearly a great time in front of their spiffy new smart TV)...
I was as naïve as you, once, and then I saw the light: Smart TVs are bringing the price of TVs way down, due to the data they can collect and sell on you.
It's crazy how cheap an enormous, fragile and complex object is - and it came from around the world to get to you. Smart TV functions have a hand in that.
Simply never cable the thing up to the network or enable the wifi, and now have a not-so-smart TV, for less than a monitor of that size would cost you. It's definitely NOT the hill to die on.
You might even find yourself thinking a couple of the functions are OK - for example mirroring from a smartphone (quite nice to show a photo quickly up on the telly), and want to re-enable the networking on the device. If you do that, then, like me, you can just block every last bit of traffic at your firewall, so it can only chat internally.
Et voilà, a device that's working for you, and isn't even able to spy on you.
"you can just block every last bit of traffic at your firewall, so it can only chat internally.
Et voilà, a device that's working for you, and isn't even able to spy on you."
It wasn't that simple with the Samsung I (mistakenly) bought recently. Won't be making the same mistake again.
For the TV to finish its power-up sequence and be meaningfully usable, it effectively has to have the EULA(s) accepted. If it can't find the EULA on the web and can't see its evidence that you've accepted the EULA, the box doesn't finish powerup properly.
So not only is the box designed to ignore the general discussion on the legitimacy of click-thru licencing that you don't get to see till it's too late, it's designed to render itself useless if the click-thru licence isn't accepted. Nice. Or not.
I don't know if other TVs are as bad. But I bet that they will be soon, even if they aren't already.