Privacy Analysis of Smart TV Communication
Total Page:16
File Type:pdf, Size:1020Kb
Privacy Analysis of Smart TV Communication A case study of privacy threats in Smart TVs Abdulaziz Abdugani Thesis submitted for the degree of Master in Informatics: Programming and System Architecture 60 credits Department of Informatics Faculty of mathematics and natural sciences UNIVERSITY OF OSLO Autumn 2020 Privacy Analysis of Smart TV Communication A case study of privacy threats in Smart TVs Abdulaziz Abdugani © 2020 Abdulaziz Abdugani Privacy Analysis of Smart TV Communication http://www.duo.uio.no/ Printed: Reprosentralen, University of Oslo Abstract The increasing popularity of Internet–connected TVs promises new conveniences, possibly introducing new privacy concerns. Smart TV vendors have the power to gather many types of information from consumers that use a Smart TV. Unlike traditional old TVs, many modern Smart TVs have sensors such as cameras, microphones and other types of sensors that constantly monitor details of consumer usage. There is a need to study how Smart TV vendors gather data about their consumers and how this information is transmitted through the Internet. In this paper, five Smart TVs were put to the test to see if vendors follow their own policies. A single case study was conducted, where each Smart TV was monitored to see how each TV communicates with its vendors and other third parties while the vendor policies are accepted or declined. This was tested in two states, in one state the privacy policy was accepted while in the other state, the privacy policy was declined. The collection of data was done by intercepting and capturing the traffic from the TVs on a local network. The collected network traffic was further filtered, sorted and fed into an analysis process. The analysis process consists of an PII (Personally Identifiable Informa- tion) evaluation of the network endpoints which can have a direct relation to the privacy of the user. This is done by using the available data sources such as VirusTotal, McAffe and OpenDNS in addition to using sources from relevant research publications. The results for each TV are presented in tables with the relevant network endpoints and a PII classification. This study also gives an insight to privacy and GDPR, by introducing privacy concepts and the relation to the data protection rules. Privacy policies for each Smart TV vendor were examined and each data type is presented with a PII classification. The findings of this thesis show that Smart TVs communicate with PII related domains under a declined privacy policy. This is seen in the analysis chapter where an evaluation of each network endpoint is conducted. Another finding, which also confirms the current research about the use of personal data and advertisement, shows many advertisement related domains on each Smart TV. This thesis ends with a discussion about the findings and a short section on working countermeasures. i ii Acknowledgments The following thesis marks the end of my master’s degree in Programming and System Architecture at the University of Oslo. First, I would like to thank my supervisor Nils Gruschka, he has provided great feedback and guidance throughout this thesis. I would also like to thank my family and friends for supporting me, especially my close friend Hamza Muftic for helping me and keeping me motivated throughout the project. Finding Smart TVs to test has been challenging because of the Covid restrictions, I would like to thank my friends and neighbours for letting me test their Smart TVs. iii iv Contents List of Figures vii List of Tables ix 1 Introduction 1 1.1 Motivation . .1 1.2 Problem statement & Objective . .1 1.3 Structure . .2 2 Background 3 2.1 Privacy . .3 2.1.1 Definition of Privacy . .3 2.2 GDPR . .5 2.2.1 Processing of sensitive data . .6 2.2.2 Privacy policy . .6 2.2.3 Privacy shield . .7 2.3 Personally Identifiable Information (PII) . .7 2.4 Privacy classification for IoT . 10 2.5 Network communication of Smart TVs . 11 2.5.1 HTTP . 11 2.5.2 DNS . 11 2.5.3 TLS . 11 2.6 Privacy in network traffic . 14 2.7 Smart TV . 15 2.7.1 Smart TV OS . 16 2.7.2 Android TV . 17 2.7.3 Tizen OS . 17 2.7.4 WebOS . 17 2.8 Smart TV security threats . 18 2.9 Smart TVs privacy issues . 20 2.9.1 Microphone and gesture sensor . 21 2.9.2 Web browser and cookies . 22 2.9.3 Automatic content recognition . 22 3 Data collection 25 3.1 Research methodology . 25 3.2 The data collection method . 26 3.3 Sniffing TLS communication . 26 v 3.4 Data gathering method . 29 3.5 Building data gathering method . 29 3.6 Data collection method setup . 31 3.7 Executing the data collection . 33 4 Analysis and results 37 4.1 Analysis method . 37 4.2 Comparison of vendor’s privacy policies . 39 4.2.1 Data types collected by vendors . 39 4.2.2 User’s privacy policy . 40 4.3 PII classification . 42 4.4 Captured traffic and analysis . 45 4.5 Sony TV Bravia 4K . 45 4.5.1 Idle mode . 46 4.5.2 Interacting with the TV . 47 4.5.3 PA and PD domain relation . 48 4.6 Samsung Q60 . 49 4.6.1 Idle mode . 49 4.6.2 Interacting with the TV . 51 4.6.3 PA and PD domain relation . 52 4.7 Samsung Q65 . 52 4.7.1 Idle mode . 52 4.7.2 Interacting with the TV . 55 4.7.3 PA and PD domain relation . 56 4.8 LG webOS TV SK7900PLA . 57 4.8.1 Idle mode . 57 4.8.2 Interacting with the TV . 59 4.8.3 PA and PD domain relation . 60 4.9 Philips 55PUT6101/12 . 60 4.9.1 Idle mode . 60 4.9.2 Interacting with the TV . 68 4.9.3 PA and PD domain relation . 69 4.10 Vendor vs ATS traffic . 70 4.11 Additional testing . 71 4.11.1 Third–party ad–domains . 72 5 Discussion 75 5.1 Analysis results . 75 5.2 Limitations . 77 5.3 Countermeasure . 78 6 Conclusion 79 6.1 Summary . 79 6.2 Future work . 80 Bibliography 81 vi A All of the captured domains 83 A.1 Sony Smart TV . 83 A.2 Samsung A Smart TV . 88 A.3 Samsung B Smart TV . 95 A.4 LG Smart TV . 105 A.5 Philips Smart TV . 110 vii viii List of Figures 2.1 TLS 1.2 handshake . 13 2.2 Smart TV OS 2018 marketshare (Source: Statista [30] . 16 3.1 Rooting attempt . 27 3.2 Simple overview of mitmproxy in the network . 28 3.3 ADB tool . 28 3.4 Permission denied . 29 3.5 Overview of the network setup . 32 3.6 Network flow after ARP–spoof . 33 3.7 Wireshark with filters . 34 3.8 Flow of the data gathering . 35 4.1 Analysis flow . 38 4.2 LG Privacy policies . 42 4.3 HTTP response from events.samsungads.com . 52 4.4 Advertisement on the main menu . 58 4.5 Cookies sent to cache.zeasn.tv under PD idle state . 63 4.6 GET requests to cache.zeasn.tv under PD idle state . 65 4.7 Total relation of packet size between vendor and ATS domains 70 ix x List of Tables 2.1 Smart TV OS list . 17 3.1 Smart TV model list . 25 4.1 Data types provided by Smart TVs to vendors . 40 4.2 Data types provided by a user to vendors . 41 4.3 Privacy principles and concepts . 43 4.4 Smart TV PII classification concept . 44 4.5 Sony TV – Domains in idle mode PA state . 46 4.6 Sony TV – Domains in idle mode PD state . 46 4.7 Sony TV – Domains while using applications in PA state . 47 4.8 Sony TV – Domains while using applications in PD state . 48 4.9 Sony Smart TV PII related domains seen in both PA and PD states . 48 4.10 Sony Smart TV PII related domains only seen in PA state for both modes . 49 4.11 Samsung A – Domains in idle mode PA state . 49 4.12 Samsung A – Domains in idle mode PD state . 50 4.13 Samsung A – Domains while using applications in PA state . 51 4.14 Samsung A – Domains while using applications in PD state 51 4.15 Samsung Smart TV Q60 PII related domains occur in both PA and PD states . 52 4.16 Vendor PII related domains only seen in PD state . 52 4.17 Samsung B – Domains in idle mode PA state . 53 4.18 Samsung B – idle domains in PD state . 54 4.19 Samsung B – Domains while using applications in PA state . 55 4.20 Samsung B – Domains while using applications in PD state . 56 4.21 Samsung Smart TV B PII related domains occur in both PA and PD states . 56 4.22 Vendor PII related domains only seen in PD state . 57 4.23 LG TV - Domains in idle mode PA state . 57 4.24 LG TV – Domains in idle mode PD state . 59 4.25 LG TV – Domains while using applications in PA state . 59 4.26 LG Smart TV PII related domains occur in both PA and PD states . 60 4.27 Philips A – idle domains in PA.