Your TV is spying on you, water is wet
2020-01-26
A “little while ago” I bough a Samsung “smart” TV from Costco. It was neither the cheapest nor the most expensive model. I was juuuust right. At that point Samsung’s smart TV shenanigans were well known so I made sure to disable automatic updates and I declined the user agreement during the initial setup.
One of the very first annoyances I noticed was this “TV Plus” that would start blaring anytime I turned on the TV. What is TV Plus? From Samsung’s website:
Samsung TV Plus is an integrated feature of your TV and it can’t be fully removed.
This was very irritating. As I was navigating the various menus and what not I had some talking head from wherever shouting at me. It felt invasive and abusive. Of course TV Plus was not removable because in Samsung’s wisdom it provided me the consumer with a benefit that I would be a food to turn away. Because Samsung did not want me to be a fool it removed that choice from me. Thank you, daddy Samsung!
One of the ways I found to make it stop yelling at me was tuning the TV to a non-existent channel. The TV would go the ‘no signal’ screen and that’s it.
Life was good until the TV updated itself against my explicit wishes. Thank you again for looking out for me, daddy Samsung. Now this TV Plus drek starts blaring at me about every third time I turn the TV on. Fuck you, Samsung.
So what can be done to disable this offensive horse shit known as TV Plus? I want to keep the TV standalone and I do not want to hassle with rooting it so my next best option is to block it at the network level.
Happily I am a user of pfSense. I already had the TV on a separate WAP on an isolated VLAN so it was just a matter of sniffing DNS traffic to see who this TV is trying to reach out to.
Fun fact, between 18:21:38 and 19:37:29 the TV made 3386 DNS requests. That’s 2708.8 requests per hour. Insanity. Here’s a list of unique (duplicates removed) host names that the TV queried the DNS for:
Next, lets isolate the second level domains and we get:
Now have something to work with. Some things, like Netflix and HBO I want to keep because I do utilize them, but everything Samsung has got to go. Screenshot of the domain overrides on my firewall’s DNS resolver.
After a quick trial I am happy to report that TV Plus is no longer functional. As an added bonus, none of the other Samsung software seems to work either. HBO still works.
Fun side note #1: When the TV senses that the DHCP provided DNS (mine) is misbehaving, such as in the case of the above DNS resolver abuse (it returns ‘ServFail’ statuses for all of the above domains), it tries to do the runaround by reaching out to dns.google. Good thing DNS requests are blocked to all but DHCP provided servers. If only companies put this much effort into providing customer service as they do in abusing them.
Fun side note #2: One of the domains that the TV is supper chatty with is ‘sectigo.com’. That’s a new name for our friends at Comodo CA. Yes the same ones that were issuing certificates to malware and MITM attack vendors. See Wikipedia.
Fun side note #3: After the above changes the HBO app was very sluggish. Obviously it’s tied into the Samsung spying somehow. What really helped was modifying the ‘block everything not permitted’ rule in the firewall to actively reject the prohibited packets rather than silently sink them.