Rainbow Chard

An assortment of indigestible things

Selectively blocking Samsung TVs’ network access

Old television

This TV probably wasn’t spying on you.

You may have read in the recent Wikileaks exposé that the CIA developed the capability of making Samsung TVs spy on their unsuspecting users. While this hack requires physical access (a specially crafted USB stick must be plugged into the telly), it got me thinking about the network traffic generated by smart TVs. I’ve already blocked a few domains that my unit connects to, and this seems like a good time to share my work.

I run a local resolver in my house and I’ve previously written about using it, together with a response policy zone, to block Windows 10 computers’ attempts to connect to Microsoft’s telemetry servers. I’ve added these lines to the zone in an effort to stop my telly connecting to the more suspicious-sounding domains:

log-ingestion-eu.samsungacr.com          CNAME .
devicelog.samsungcloudsolution.net       CNAME .
prderrordumpssm.samsungcloudsolution.net CNAME .

I’m being selective because I still want to use the ‘smart’ features of the set—I still want to watch Netflix and YouTube on it, for example. There’s more work to be done as can be seen from this list of domain lookup attempts by my TV in a period of five days. The Samsumg ones are the most interesting; some are obviously needed for the normal function of the TV’s smart features, but others might be blockable without disturbing them. If you find any that I haven’t listed, or know anything more about them, please leave a comment!

  17688 log-ingestion-eu.samsungacr.com
   2291 pool.ntp.org
   2285 www.worldtime.com
   2283 wwp.greenwichmeantime.com
   1271 time.samsungcloudsolution.com
    794 ns11.whois.co.kr
    726 api-global.netflix.com
    293 Coordinator-TA30-PROD-1091987395.eu-west-1.elb.amazonaws.com
    247 secure.netflix.com
    226 acr0.samsungcloudsolution.com
    220 upu.samsungelectronics.com
    203 appboot.netflix.com
    185 nrdp.nccp.netflix.com
    180 dpu.samsungelectronics.com
    177 d1oxlq5h9kq8q5.cloudfront.net
    161 lcprd2.samsungcloudsolution.net
    139 osb-apps.samsungqbe.com
    139 kpu.samsungelectronics.com
    121 ichnaea.netflix.com
    112 art-1.nflximg.net
     97 art-0.nflximg.net
     86 art-2.nflximg.net
     67 cdn.samsungcloudsolution.com
     63 www.samsungotn.net
     59 noticecdn.samsungcloudsolution.com
     57 googleads.g.doubleclick.net
     53 www.samsungrm.net
     46 ads.samsungads.com
     43 notice.samsungcloudsolution.com
     42 lcprd1.samsungcloudsolution.net
     30 osb.samsungqbe.com
     29 d38cmiae9b0e22.cloudfront.net
     28 www.google.com
     24 go.microsoft.com
     22 multiscreen.samsung.com
     22 config.samsungads.com
     21 otn.samsungcloudcdn.com
     21 cdn-0.nflximg.com
     16 secureclock.playready.microsoft.com
     14 oempprd.samsungcloudsolution.com
     14 ipv6.connman.net
     12 configprd.samsungcloudsolution.net
     11 log-config.samsungacr.com
     11 d3mjsomixevyw7.cloudfront.net
      8 youtubei.youtube.com
      8 www.youtube-nocookie.com
      8 www.youtube.com
      8 www.yahoo.com
      8 www.google-analytics.com
      8 tv.scdn.co
      8 i.ytimg.com
      8 ipv4.connman.net
      8 gpm.samsungqbe.com
      7 otnprd8.samsungcloudsolution.net
      7 otnprd11.samsungcloudsolution.net
      6 sas.samsungcloudsolution.com

Previous

Unattended WSPR in the UK: is it legal?

Next

ksh deliberately segfaults if the last command in a script crashes

1 Comment

  1. Undertheradar

    Ran across this because I got to looking at my chatty Samsung TV. WOW! Talk about spying on us!!! The TV keeps sending stuff to “log-ingestion”. Also I noticed that apps NOT BEING USED are checking in frequently (such as to Amazon…really??? I can only think profiling what I watch to figure out what I might want to buy)

    These marketing folks are becoming more invasive every day. What I do and what I watch is MY BUSINESS!

    I’m setting up selective blocking as well.

    Thanks for your list. Here is partial of mine when I’m watching Pluto (DNS lookups removed to reduce noise):

    2 6 21:49:49 Samsung TV (172.2.1.105) 34.225.153.50 (log-ingestion.samsungacr.com) HTTPS 3.23 KB / 6.13 KB close
    4 6 21:49:41 Samsung TV (172.2.1.105) 34.204.239.34 (log-ingestion.samsungacr.com) HTTPS 2.14 KB / 5.97 KB close
    5 6 21:48:49 Samsung TV (172.2.1.105) 52.44.210.24 (log-ingestion.samsungacr.com) HTTPS 3.23 KB / 6.13 KB close
    8 6 21:48:31 Samsung TV (172.2.1.105) 34.205.103.15 (t.pluto.tv) HTTPS 645 B / 496 B close
    9 6 21:48:16 Samsung TV (172.2.1.105) 34.205.103.15 (t.pluto.tv) HTTPS 928 B / 5.55 KB close
    12 6 21:47:49 Samsung TV (172.2.1.105) 34.197.38.22 (log-ingestion.samsungacr.com) HTTPS 3.27 KB / 6.18 KB close
    15 6 21:47:28 Samsung TV (172.2.1.105) 13.33.252.62 (silo.pluto.tv) HTTPS 645.98 KB / 29.10 MB close
    16 6 21:47:06 Samsung TV (172.2.1.105) 35.169.131.5 (stitcher.pluto.tv) HTTPS 652 B / 496 B close
    17 6 21:47:06 Samsung TV (172.2.1.105) 35.169.131.5 (stitcher.pluto.tv) HTTPS 935 B / 5.55 KB close
    20 6 21:46:49 Samsung TV (172.2.1.105) 52.45.232.13 (log-ingestion.samsungacr.com) HTTPS 3.85 KB / 7.49 KB close
    22 6 21:45:52 Samsung TV (172.2.1.105) 54.85.74.14 (log-ingestion.samsungacr.com) HTTPS 3.27 KB / 6.18 KB close
    24 6 21:45:31 Samsung TV (172.2.1.105) 34.197.56.101 (t.pluto.tv) HTTPS 928 B / 5.55 KB close
    29 6 21:44:48 Samsung TV (172.2.1.105) 52.22.134.185 (log-ingestion.samsungacr.com) HTTPS 3.32 KB / 6.25 KB close
    31 6 21:44:40 Samsung TV (172.2.1.105) 52.22.220.25 (log-ingestion.samsungacr.com) HTTPS 2.10 KB / 5.97 KB close
    35 6 21:44:09 Samsung TV (172.2.1.105) 52.50.124.229 (lcprd1.samsungcloudsolution.net) HTTPS 2.70 KB / 2.57 KB close
    40 3 21:43:51 Samsung TV (172.2.1.105) 172.217.12.14 (smartlock.google.com) HTTPS 2.08 KB / 1.57 KB close
    41 6 21:43:48 Samsung TV (172.2.1.105) 34.194.142.54 (log-ingestion.samsungacr.com) HTTPS 3.92 KB / 7.42 KB close
    43 6 21:43:20 Samsung TV (172.2.1.105) 34.205.103.15 (t.pluto.tv) HTTPS 1.97 KB / 5.97 KB close
    44 6 21:43:17 Samsung TV (172.2.1.105) 52.3.161.174 (k.pluto.tv) HTTPS 1.91 KB / 5.97 KB close
    48 6 21:42:48 Samsung TV (172.2.1.105) 34.230.166.162 (log-ingestion.samsungacr.com) HTTPS 3.92 KB / 6.43 KB close

Leave a Reply

Powered by WordPress & Theme by Anders Norén