Rise of the machines: Samsung TVs are spying on you, hacked vehicles put 'our lives at risk'

Experts react to claims that Internet of Things devices are beginning to run amok

Samsung has admitted that its voice-activated Smart televisions may be able to record sensitive information from users, while fresh fears have arisen that security weaknesses in Internet of Things-equipped vehicles may leave them wide open to software hacks.

The small print in the privacy policy in models of Samsung's Smart TVs that feature voice activation reveals that the devices may record background conversations between commands and that this data is sent to a third party. A user's television could therefore potentially record details of passwords or bank accounts and send them to a third party.

Samsung's privacy policy states: "Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party."

In an emailed comment, Kevin Epstein, vice president of advanced security and governance at IT security specialist Proofpoint, said that this "specific example of data collection is not outside the norm".

"[But] the publicity it seems to be generating certainly serves as a good reminder of the need for security layers around all networked computing devices, including IoT devices, not just laptops and obvious 'computers'," he added.

"Innocuous background data collection by systems vendors has been happening for years - from error-reporting in operating systems, to statistics on viewing in DVRs, to keystrokes on remotes (and yes, even audio snippets in speech-to-text systems).

"The concern, of course, is whether attackers could access these functions - either as data in the vendor's central collection-point (less likely), or directly on the device (proven; there have been many, well-documented cases of hacked baby-monitors, laptop webcams, and the like). Regardless, there's clearly a need for additional layers of security and both enterprise and consumer protection."

Sadly, the legality of your words being sent down the pipe to Samsung (and perhaps Samsung's friends) doesn't seem in dispute once you start using the technology, so until Epstein's "additional layers of security" are in place, it may be best to start treating your television like a vaguely disliked relative.

Meanwhile, CBS News' 60 Minutes recently featured a segment on the Pentagon's ongoing research into the security of connected devices, flagging up the apparent vulnerability of connected vehicles. The report claimed to have found "a clear lack of appropriate security measures to protect drivers against hackers who may be able to take control of a vehicle, or against those who may wish to collect and use personal driver information".

Eric Chiu, president and co-founder of HyTrust, called this a "scary revelation", and even went so far as to say "our lives are at stake from computerised cars".

Steve Hultquist, chief evangelist at RedSeal, said that the pace of technological innovation is now "beyond our ability to comprehend the implications", and is moving too fast for there to be adequate safeguards against unintended risks.

"Designing systems for security takes more work, and has been seen as slowing the pace of releasing new products," he said.

"Yet it's critical and the organisations building the technology into their products need to do more to protect them and their customers from potential threats. The only defence is to use automated analysis of all potential attack vectors on the real, implemented system in order to determine the possible paths and then to protect against them.

"When providers like Samsung hide the use of data behind their products and don't provide independent validation of it, the danger of misuse and potential damage increases significantly," warned Hultquist.