Selectively blocking Samsung TVs’ network access

Old television

This TV probably wasn’t spying on you.

You may have read in the recent Wikileaks exposé that the CIA developed the capability of making Samsung TVs spy on their unsuspecting users. While this hack requires physical access (a specially crafted USB stick must be plugged into the telly), it got me thinking about the network traffic generated by smart TVs. I’ve already blocked a few domains that my unit connects to, and this seems like a good time to share my work.

I run a local resolver in my house and I’ve previously written about using it, together with a response policy zone, to block Windows 10 computers’ attempts to connect to Microsoft’s telemetry servers. I’ve added these lines to the zone in an effort to stop my telly connecting to the more suspicious-sounding domains:

log-ingestion-eu.samsungacr.com          CNAME .
devicelog.samsungcloudsolution.net       CNAME .
prderrordumpssm.samsungcloudsolution.net CNAME .

I’m being selective because I still want to use the ‘smart’ features of the set—I still want to watch Netflix and YouTube on it, for example. There’s more work to be done as can be seen from this list of domain lookup attempts by my TV in a period of five days. The Samsumg ones are the most interesting; some are obviously needed for the normal function of the TV’s smart features, but others might be blockable without disturbing them. If you find any that I haven’t listed, or know anything more about them, please leave a comment!

  17688 log-ingestion-eu.samsungacr.com
   2291 pool.ntp.org
   2285 www.worldtime.com
   2283 wwp.greenwichmeantime.com
   1271 time.samsungcloudsolution.com
    794 ns11.whois.co.kr
    726 api-global.netflix.com
    293 Coordinator-TA30-PROD-1091987395.eu-west-1.elb.amazonaws.com
    247 secure.netflix.com
    226 acr0.samsungcloudsolution.com
    220 upu.samsungelectronics.com
    203 appboot.netflix.com
    185 nrdp.nccp.netflix.com
    180 dpu.samsungelectronics.com
    177 d1oxlq5h9kq8q5.cloudfront.net
    161 lcprd2.samsungcloudsolution.net
    139 osb-apps.samsungqbe.com
    139 kpu.samsungelectronics.com
    121 ichnaea.netflix.com
    112 art-1.nflximg.net
     97 art-0.nflximg.net
     86 art-2.nflximg.net
     67 cdn.samsungcloudsolution.com
     63 www.samsungotn.net
     59 noticecdn.samsungcloudsolution.com
     57 googleads.g.doubleclick.net
     53 www.samsungrm.net
     46 ads.samsungads.com
     43 notice.samsungcloudsolution.com
     42 lcprd1.samsungcloudsolution.net
     30 osb.samsungqbe.com
     29 d38cmiae9b0e22.cloudfront.net
     28 www.google.com
     24 go.microsoft.com
     22 multiscreen.samsung.com
     22 config.samsungads.com
     21 otn.samsungcloudcdn.com
     21 cdn-0.nflximg.com
     16 secureclock.playready.microsoft.com
     14 oempprd.samsungcloudsolution.com
     14 ipv6.connman.net
     12 configprd.samsungcloudsolution.net
     11 log-config.samsungacr.com
     11 d3mjsomixevyw7.cloudfront.net
      8 youtubei.youtube.com
      8 www.youtube-nocookie.com
      8 www.youtube.com
      8 www.yahoo.com
      8 www.google-analytics.com
      8 tv.scdn.co
      8 i.ytimg.com
      8 ipv4.connman.net
      8 gpm.samsungqbe.com
      7 otnprd8.samsungcloudsolution.net
      7 otnprd11.samsungcloudsolution.net
      6 sas.samsungcloudsolution.com

Leave a Comment

Filed under networking, security

Leave a Reply