I recently collected a bug bounty from Samsung on a crypto implementation flaw I found in some of their software. The fix is still being rolled out and given the impact I'm not going to disclose right now, rather I'll let Samsung handle that when the time is right. Anyway, the team at Samsung was responsive and they seemed like they genuinely cared about security. However, based on what I've seen in their products and those from their competitors the first thing I would do is pen-test the voice recognition feature, then turn it off no matter the outcome. The fact is, if it must communicate with a back-end server to work, then it becomes incredibly hard to lock the solution down. Even if the TV is properly validating the public cert of the server when doing the TLS handshake, there's got to be a mechanism on the TV for updating the trusted root store because at the end of the day, certs need to expire and thus must be updated. On a few non Samsung smart TV's I've looked at over the years, updating the trusted root store on the TV is as "easy" as man in the middling (MitM) the network the TV is on so that web traffic goes to a site I own which has a link to the my.cer root CA that I generated and am using in my TLS MitM solution. From there I just bring up the web browser on the TV, click on the my.cer link and go through the prompts to install the root CA. After that point all traffic from the TV can be decrypted on the wire.<p>Now it is fair to say that the attack I just described requires the ability to MitM the network and have physical access to the device, however, remember that these TV's use an IR remote & all an attacker needs is visual access to the TV. If it can be seen through a window it can be controlled through a window and these things typically don't require a password to modify the WiFi settings. Some smart TVs also have proxy settings which again, typically don't require a password to modify.<p>Given what I just covered, think hotel. From a risk perspective that's what I'd be most worried about. I wonder how many are installing smart TVs with voice recognition? For all other scenarios basically the situation in many cases on the ground is that you are secure because no one is targeting you. In the case of a hotel, someone could be targeting everyone. Such an attack could prove valuable, especially if done in executive suites near financial centers.