What makes me think this will never happen is that
- Open Wi-Fi networks are a thing of the past. There hasn't been any around me in a residential area for a long time now. Businesses and workplace lobbies, more likely, though.
- No one is going to just give Samsung free Internet except the hapless consumer by supplying Wi-Fi credentials.
- Samsung might make a deal with providers, but it would have to have unique credentials embedded in its OS and firmware, and I doubt Samsung has the ability to keep that totally secure.
Think about it. If you could get free, anonymous Internet with credentials in a Samsung TV, crackers would be all over that - they'd be searching every crook and nanny for exploits, desoldering NAND and sniffing busses for encryption keys, connecting with Chinese friends to get original datasheets, etc.
Even if Samsung embedded an LTE/5G SIM, eSIM, whatever, it would be hacked to bits. "Get model X of samsung TV, get free Internet with this Linux application". It's not realistic for there to be a network connection that you don't know about, pay for, and have your name attached to.
Of course the p2p network interface that shows up on the Netflix diagnostic screen is concerning, though.
Now if cellular providers start selling TVs, such as AT&T, Verizon, etc. bundling Internet with them, then it can happen.
> No one is going to just give Samsung free Internet except the hapless consumer by supplying Wi-Fi credentials.
I think it's implied that Samsung would pay Amazon for Sidewalk access.
> Samsung might make a deal with providers, but it would have to have unique credentials embedded in its OS and firmware, and I doubt Samsung has the ability to keep that totally secure.
I don't think this is as hard a problem as you're making it sound. Each TV ships with a serial number, let's suppose; it tries to handshake with the Sidewalk network. Sidewalk phones home to Amazon, Amazon talks to Samsung, Samsung says "yes, we sold that S/N recently and it has never connected before, here's its public key".
So if I can spoof communication with that serial number on another device, I get free Internet. Same concept as MAC filtering not being really secure because I can just change MAC addresses in my packets.
Find a remote vulnerability, or find the device on the circuit board where it's stored, connect a reader to it, and dump it. Not trivial, but not impossible. The TV software just has to have one mistake, and TV companies aren't security experts.
All of the popular embedded platforms have had scores of vulnerabilites - Qualcomm, Android, WebOS, etc. - patched over time, new ones found etc.
Heck, it even took Microsoft more than one try to start to get it right. An interesting story is Microsoft attempting to protect its first game platform--the original Xbox from the early 2000's. There were numerous security protections and all were bypassed - from encrypted boot code to a device-unique hard drive key stored in EEPROM.
Microsoft got better and smarter with the 360--this time with unique keys and eFuses in the CPU but it was still eventually bypassed--not after the effective lifetime of the platform though.
Honestly I do not think Samsung would be concerned about the single-digit number of people who manage to get free internet this way.
If you really wanted it to be secure, you could use a TPM instead of a private key in memory, but that's overkill IMO. Who wants to take their TV apart in exchange for free crappy internet?
Every TV ships with a non-unique secret key and an agreement with some major internet service provider which specifies that accounts using that key will gain network access but only to a specific list of IP addresses that host or proxy firmware updates and advertising content.
[edit - to be clear, I'm not saying that this is what Samsung is doing, I'm just describing a plausible way how this might get done]
Everyone has said stuff like this but there has been zero proof of TVs connecting to wifi like this on their own. If you have that proof please share it.
>> Wanna bet [Broad Company Wifi Networks] are or will be used by your smart TV
> What makes me think this will never happen...
The comment suggests that the behavior of auto-connecting to wifi is infeasible for technical reasons. My comment and the one below it show that this is technically feasible.
I've been to two medical facilities and a large regional hospital in the last week where there were open wifi networks with no portals. My apartment building operates an open wifi network for guests so we don't have to bother giving out passwords to visitors. An airport I visited last month has wide open wifi. A see ads on transit buses all the time stating that the bus has wifi. I suspect that is wide open because the transit agency didn't want to deal with tech support.
It's pretty common for public networks to still have a captive portal to get the user to view an ad or click "I agree" before actually granting full connectivity.
Fully open wifi that didn't require posting to an http or https endpoint was never common in the first place.
Consumer routers are now shipped pre-configured with a password on the network so random joe who bought his router at best buy or got it from his ISP doesn't accidentally provide free wifi to his 20 closest neighbors.
Meanwhile out of the box every single xfinity provided modem/router combo provides by default an open network with no password that allows any other xfinity subscriber to access the internet via your device. They have 18 million such hotspots throughout the US. Give the expected usage of a few MB per year this would seem to be an easy ask and easily sold the end user as a feature not a cost.
Likewise nearly every major business that serves customers food refreshments or produces to buy on site provides wifi that requires only that you push a simple response to open it up. This can be and in fact is already automated on your phone for example.
Instead of referring to open wifi I would redirect the discussion to negotiable connections and they are everywhere.
And by "residential areas," I assume you mean "the very specific residential area where I live in my neighborhood, in my city, in my county, in my state, in my nation" since there is simply no way for you to have made a detailed assessment of the availability of open wifi for the entirety of the rest of the planet, or even for the small subset of its people who are on HN.
But thanks for informing me, and the 300 other people who reside in my building that we don't live in a residential area.
I'm sure there's something in the water that's driving my neighbours towards protected-by-default wifi, and not the defaults with which their ISP-provided routers are shipped with.
Yes! There's less focus on crypto part of it, and more emphasis on connecting people and communities as a WISP, but underneath it all, Althea is doing just that.
> Even if Samsung embedded an LTE/5G SIM, eSIM, whatever, it would be hacked to bits. "Get model X of samsung TV, get free Internet with this Linux application". It's not realistic for there to be a network connection that you don't know about, pay for, and have your name attached to.
Kindles and cars have had those for years and people haven't torn those apart to come up with free internet.
Your connection could be limited to receiving ads and firmware updates, incredibly slow,and be limited to a key stored in hardware both near impossible to retrieve and nearly worthless if you retrieved it. This connection would only be used if a primary connection was unavailable.
You could basically use 10MB per 10 customers per year and the only question is do you make more ensuring everyone gets ads to justify the peanuts paid to people like comcast or at worst the cost of a chip that has a cellular modem vs just wifi.
- Open Wi-Fi networks are a thing of the past. There hasn't been any around me in a residential area for a long time now. Businesses and workplace lobbies, more likely, though.
- No one is going to just give Samsung free Internet except the hapless consumer by supplying Wi-Fi credentials.
- Samsung might make a deal with providers, but it would have to have unique credentials embedded in its OS and firmware, and I doubt Samsung has the ability to keep that totally secure.
Think about it. If you could get free, anonymous Internet with credentials in a Samsung TV, crackers would be all over that - they'd be searching every crook and nanny for exploits, desoldering NAND and sniffing busses for encryption keys, connecting with Chinese friends to get original datasheets, etc.
Even if Samsung embedded an LTE/5G SIM, eSIM, whatever, it would be hacked to bits. "Get model X of samsung TV, get free Internet with this Linux application". It's not realistic for there to be a network connection that you don't know about, pay for, and have your name attached to.
Of course the p2p network interface that shows up on the Netflix diagnostic screen is concerning, though.
Now if cellular providers start selling TVs, such as AT&T, Verizon, etc. bundling Internet with them, then it can happen.