Selectively blocking Samsung TVs’ network access

On 8th March 2017

This TV probably wasn’t spying on you.

You may have read in the recent Wikileaks exposé that the CIA developed the capability of making Samsung TVs spy on their unsuspecting users. While this hack requires physical access (a specially crafted USB stick must be plugged into the telly), it got me thinking about the network traffic generated by smart TVs. I’ve already blocked a few domains that my unit connects to, and this seems like a good time to share my work.

I run a local resolver in my house and I’ve previously written about using it, together with a response policy zone, to block Windows 10 computers’ attempts to connect to Microsoft’s telemetry servers. I’ve added these lines to the zone in an effort to stop my telly connecting to the more suspicious-sounding domains:

log-ingestion-eu.samsungacr.com          CNAME .
devicelog.samsungcloudsolution.net       CNAME .
prderrordumpssm.samsungcloudsolution.net CNAME .

I’m being selective because I still want to use the ‘smart’ features of the set—I still want to watch Netflix and YouTube on it, for example. There’s more work to be done as can be seen from this list of domain lookup attempts by my TV in a period of five days. The Samsumg ones are the most interesting; some are obviously needed for the normal function of the TV’s smart features, but others might be blockable without disturbing them. If you find any that I haven’t listed, or know anything more about them, please leave a comment!

  17688 log-ingestion-eu.samsungacr.com
   2291 pool.ntp.org
   2285 www.worldtime.com
   2283 wwp.greenwichmeantime.com
   1271 time.samsungcloudsolution.com
    794 ns11.whois.co.kr
    726 api-global.netflix.com
    293 Coordinator-TA30-PROD-1091987395.eu-west-1.elb.amazonaws.com
    247 secure.netflix.com
    226 acr0.samsungcloudsolution.com
    220 upu.samsungelectronics.com
    203 appboot.netflix.com
    185 nrdp.nccp.netflix.com
    180 dpu.samsungelectronics.com
    177 d1oxlq5h9kq8q5.cloudfront.net
    161 lcprd2.samsungcloudsolution.net
    139 osb-apps.samsungqbe.com
    139 kpu.samsungelectronics.com
    121 ichnaea.netflix.com
    112 art-1.nflximg.net
     97 art-0.nflximg.net
     86 art-2.nflximg.net
     67 cdn.samsungcloudsolution.com
     63 www.samsungotn.net
     59 noticecdn.samsungcloudsolution.com
     57 googleads.g.doubleclick.net
     53 www.samsungrm.net
     46 ads.samsungads.com
     43 notice.samsungcloudsolution.com
     42 lcprd1.samsungcloudsolution.net
     30 osb.samsungqbe.com
     29 d38cmiae9b0e22.cloudfront.net
     28 www.google.com
     24 go.microsoft.com
     22 multiscreen.samsung.com
     22 config.samsungads.com
     21 otn.samsungcloudcdn.com
     21 cdn-0.nflximg.com
     16 secureclock.playready.microsoft.com
     14 oempprd.samsungcloudsolution.com
     14 ipv6.connman.net
     12 configprd.samsungcloudsolution.net
     11 log-config.samsungacr.com
     11 d3mjsomixevyw7.cloudfront.net
      8 youtubei.youtube.com
      8 www.youtube-nocookie.com
      8 www.youtube.com
      8 www.yahoo.com
      8 www.google-analytics.com
      8 tv.scdn.co
      8 i.ytimg.com
      8 ipv4.connman.net
      8 gpm.samsungqbe.com
      7 otnprd8.samsungcloudsolution.net
      7 otnprd11.samsungcloudsolution.net
      6 sas.samsungcloudsolution.com

4 Comments

Add Comment →

Undertheradar

Ran across this because I got to looking at my chatty Samsung TV. WOW! Talk about spying on us!!! The TV keeps sending stuff to “log-ingestion”. Also I noticed that apps NOT BEING USED are checking in frequently (such as to Amazon…really??? I can only think profiling what I watch to figure out what I might want to buy)

These marketing folks are becoming more invasive every day. What I do and what I watch is MY BUSINESS!

I’m setting up selective blocking as well.

Thanks for your list. Here is partial of mine when I’m watching Pluto (DNS lookups removed to reduce noise):

2 6 21:49:49 Samsung TV (172.2.1.105) 34.225.153.50 (log-ingestion.samsungacr.com) HTTPS 3.23 KB / 6.13 KB close
4 6 21:49:41 Samsung TV (172.2.1.105) 34.204.239.34 (log-ingestion.samsungacr.com) HTTPS 2.14 KB / 5.97 KB close
5 6 21:48:49 Samsung TV (172.2.1.105) 52.44.210.24 (log-ingestion.samsungacr.com) HTTPS 3.23 KB / 6.13 KB close
8 6 21:48:31 Samsung TV (172.2.1.105) 34.205.103.15 (t.pluto.tv) HTTPS 645 B / 496 B close
9 6 21:48:16 Samsung TV (172.2.1.105) 34.205.103.15 (t.pluto.tv) HTTPS 928 B / 5.55 KB close
12 6 21:47:49 Samsung TV (172.2.1.105) 34.197.38.22 (log-ingestion.samsungacr.com) HTTPS 3.27 KB / 6.18 KB close
15 6 21:47:28 Samsung TV (172.2.1.105) 13.33.252.62 (silo.pluto.tv) HTTPS 645.98 KB / 29.10 MB close
16 6 21:47:06 Samsung TV (172.2.1.105) 35.169.131.5 (stitcher.pluto.tv) HTTPS 652 B / 496 B close
17 6 21:47:06 Samsung TV (172.2.1.105) 35.169.131.5 (stitcher.pluto.tv) HTTPS 935 B / 5.55 KB close
20 6 21:46:49 Samsung TV (172.2.1.105) 52.45.232.13 (log-ingestion.samsungacr.com) HTTPS 3.85 KB / 7.49 KB close
22 6 21:45:52 Samsung TV (172.2.1.105) 54.85.74.14 (log-ingestion.samsungacr.com) HTTPS 3.27 KB / 6.18 KB close
24 6 21:45:31 Samsung TV (172.2.1.105) 34.197.56.101 (t.pluto.tv) HTTPS 928 B / 5.55 KB close
29 6 21:44:48 Samsung TV (172.2.1.105) 52.22.134.185 (log-ingestion.samsungacr.com) HTTPS 3.32 KB / 6.25 KB close
31 6 21:44:40 Samsung TV (172.2.1.105) 52.22.220.25 (log-ingestion.samsungacr.com) HTTPS 2.10 KB / 5.97 KB close
35 6 21:44:09 Samsung TV (172.2.1.105) 52.50.124.229 (lcprd1.samsungcloudsolution.net) HTTPS 2.70 KB / 2.57 KB close
40 3 21:43:51 Samsung TV (172.2.1.105) 172.217.12.14 (smartlock.google.com) HTTPS 2.08 KB / 1.57 KB close
41 6 21:43:48 Samsung TV (172.2.1.105) 34.194.142.54 (log-ingestion.samsungacr.com) HTTPS 3.92 KB / 7.42 KB close
43 6 21:43:20 Samsung TV (172.2.1.105) 34.205.103.15 (t.pluto.tv) HTTPS 1.97 KB / 5.97 KB close
44 6 21:43:17 Samsung TV (172.2.1.105) 52.3.161.174 (k.pluto.tv) HTTPS 1.91 KB / 5.97 KB close
48 6 21:42:48 Samsung TV (172.2.1.105) 34.230.166.162 (log-ingestion.samsungacr.com) HTTPS 3.92 KB / 6.43 KB close

21st May 2018

Reply
bs870

Since Samsung’s Smart TV’s started to show ads and automatically install the even more hated McAfee, I decided to accept the fight. The standard router I use at home is not very useful, however it allows me to add dns-entries and guide those requests to a non existing address.

The firewall at my work however is very good at showing which traffic the Samsung tv generates, and indeed: That’s a lot. The set of DNS-rules do help, but it also seems to connect to a bunch of IP-addresses directly using TCP port 5223. So I blocked that too.

The best way is probably to disconnect the tv from the internet and use another solution for the apps. Another workaround may be to block all traffic, and start allowing specific traffic.

7th October 2019

Reply
0949er

5/14/2020

Found this website while searching what ‘samsungcloudsolution.net’ was. I was having issues on my smart TV playing Hulu and this was one of the DNS lookups that was blocking HULU from video playback . I also notice all the items mentioned above (as far as chatty smart TV). Its interesting how much data these devices are sending while on (and what data); (Time on, time off, what was watched, for how long, at what volume, etc.)

Good luck guys, stay safe

14th May 2020

Reply
Pedro

Thankfully I have a machine always running, serving network shares, now running my DHCP server and an DNS Server (PiHole) this rules will help shut up my chatty tv thx.

18th May 2020

Reply