Samsung TV voice encryption UPDATE: Fixed, but not quite…

Previously Samsung TVs sent an unencrypted audio file containing your search term to the Samsung servers which then did the voice-to-text processing.

There’s a post about it here.
The search term data was then sent back to the TV unencrypted.

Here we see the words Samsung, Sampson and Samson being sent back to the TV as a response to the audio file being sent from the TV:

After the update, the audio data and the resulting response were seen to be suitably encrypted.
Problem solved!
…Not quite.

The search term is then sent to the following URLs:
gdata.youtube.com
opml.radiotime.com

For example (saying the word chicken):

These are sent over HTTP and are therefore unencrypted and can be intercepted.

We can’t hear you, but we know what you said.

Both of these websites offer an HTTPS interface which should be utilised in future firmware releases as shown below: