Bidfoil Articles
defence-ai

First Deepfake Generals. Now Spy TVs. India Is Wide Open

· 5 min read · 👁 58 views
A smart TV in a dimly lit Indian living room with a single eye-like reflection on its screen

In an earlier piece, we talked about deepfake Generals. About how three serving and retired Indian Army Chiefs were turned into AI generated videos in the space of three months. About what to do before forwarding the next viral clip.

Today, the device that is helping make those deepfakes possible. The one sitting in your drawing room.

Every 500 milliseconds, twice every second, the average smart TV in an Indian home captures a frame of whatever is on its screen. It builds a tiny digital fingerprint of that frame. And it sends that fingerprint to a server you have never heard of. This happens whether you are watching a Hindi news channel, a cricket match, a Netflix show, or a movie playing from a pen drive. It happens even when the TV is being used as a monitor for the laptop plugged into the HDMI port.

The technology is called Automatic Content Recognition, or ACR. There are three problems with it. The first is the one that has reached the news. The other two are far more serious.

Revelation One. The Advertising Surveillance

In December 2025, the Attorney General of Texas in the United States sued five of the world's biggest TV makers at once. Samsung, LG, Sony, Hisense, and TCL. The lawsuit accused them of running a mass surveillance programme through their televisions. In February 2026, Samsung settled. The other four are still in court.

The case papers showed the TVs were not just tracking streaming apps. They were capturing content from everything plugged into the HDMI port. A laptop used for office work. A gaming console. A pen drive with family videos.

Why? Because your TV is not really a TV anymore. It is an advertising platform that happens to have a screen. LG's advertising business alone made nearly 700 million dollars in 2024. The cheaper your TV looks at the price tag, the more your viewing data has to make up the difference.

Source: Malwarebytes on the Samsung settlement

Revelation Two. The State Espionage

In 2017, WikiLeaks released a tranche of documents called Vault 7.One file was the user manual for an exploit codenamed Weeping Angel, developed jointly by the CIA and Britain's MI5.

Weeping Angel put a Samsung F-Series smart TV into what the manual itself called Fake-Off mode. The screen went dark. The remote stopped responding. The TV looked switched off. It was not. The microphone stayed live. Every conversation in the room was being recorded and sent through the home WiFi to a covert server. The CIA had even worked out how to suppress the front LED indicator, so the user had no visual cue that the TV was still on.

The exploit was used on specific people. Diplomats. Foreign intelligence targets. Persons of interest.

Source: BleepingComputer on the Weeping Angel leak

The point is not that the CIA was listening to you. The point is that the tradecraft exists. It was developed by two of the most capable intelligence services in the world. To imagine no other service has built an equivalent in the years since would be naive.

The TV in your drawing room is a network connected Linux computer with a microphone. It is also, in many cases, a Chinese manufactured product running firmware that is updated remotely by the manufacturer. That is an attack surface.

Revelation Three. The Criminal Botnets

The third problem is happening right now, at scale, and most Indian readers have never heard of it.

In June 2025, the FBI warned that more than one million smart TVs and streaming boxes had been hijacked by a malware operation called BadBox 2.0. The malware came pre-installed at the factory on cheap Android based TVs and streaming boxes. The kind sold on Amazon under generic brand names. The kind a family buys for the spare room TV because it is half the price of the known brands.

The moment the device connects to home WiFi, it phones home to a command and control server. From that point on, your home is a node in someone else's attack infrastructure. Hackers route their cyber attacks through your home internet address. Credential stuffing attacks against banks and government portals appear to come from your house. Advertising fraud runs in the background. Your TV is quietly helping someone break into other people's accounts.

Source: FBI warning, June 2025

The Fix. Two Minutes

One. Disable ACR on your TV. Each brand calls it something different.

Samsung. Settings, General and Privacy, Terms and Privacy, Viewing Information Services, Off.

LG. Settings, All Settings, General, System, Additional Settings, Live Plus, Off.

Sony. Settings, Device Preferences, Samba Interactive TV, Off.

TCL or Hisense. Settings, Privacy, Smart TV Experience, Off.

Fire TV. Settings, Preferences, Privacy Settings, Device Usage Data, Off.

Two. Throw away cheap unbranded streaming boxes. If the brand name is one you have never heard of, if it was unusually cheap, if it promised free access to paid streaming services, assume it is compromised.

Three. Keep your TV off WiFi entirely. A smart TV with no internet connection cannot perform ACR. It cannot phone home. Use a separate device, an Apple TV or a Fire Stick from a known brand, for streaming. Or just leave the TV offline. It will work exactly as well for DTH and cable.

Four. Check if your TV has a physical microphone mute switch. Some models have one on the remote or on the back. If yours does, use it.

The Bigger Picture

The smart TV is one device.Your home has dozens. The smart speaker, the doorbell camera, the phone in your pocket. Each one is a sensor.

In the deepfake Generals piece, we wrote about AI generated videos of Army Chiefs being made with models trained on captured voice and video data. This is where some of that training data comes from. The same surveillance economy that sells your viewing habits to advertisers also feeds the data pools that get scraped, traded, and sometimes weaponised by hostile information operations.

You cannot opt out of everything. But you can opt out of the easy ones. The TV is one of the easy ones.

Two minutes. Four settings. One conversation with the family about not buying mystery brand streaming boxes.

The next deepfake is being trained somewhere. Do not feed it from your drawing room.

Affiliate disclosure: Some links above are Amazon affiliate links. We earn a small commission if you make a purchase, at no extra cost to you.

#smart tv #surveillance #ACR #samsung #lg #tcl #hisense #badbox #weeping angel #opsec #defence #cyber #china #privacy