Cyber security researchers in the United Kingdom have discovered some disturbing details about Samsung’s smart TVs, according to a BBC News report. Not only may the TVs be recording what you say, but they also may be sending that info to third parties over the Internet in an unencrypted form.

David Lodge of London-based Pen Test Partners, a cyber security firm, told the BBC that while testing one of Samsung’s older internet-connected TVs, he discovered that it was uploading audio files of their voice commands in an unencrypted form along with data about the TV, including its MAC address.

Lodge found that the TVs only send out data when asked to perform complex tasks like a web search. Simple tasks like adjusting the volume control do not cause any info to be sent. In the case Lodge monitored, though, even a simple search for the word “Samsung” caused data to be sent to a third party.

“The sneaky swines,” said Lodge on his blog. “What we can see is [Samsung] sending a load of information over the wire about the TV, I can see its MAC address and the version of the OS in use.”

Fortunately for now at least, the TVs only start listening to users when asked. A user must state “Hi, TV,” or another similar term, to trigger the functionality. Of course, this could change in the next firmware update.

Samsung, for its part, tells BBC News that it will soon release new code to ensure that all  user voice commands are encrypted. Additionally, the beleaguered South Korean tech giant insists that it only shares voice data in “limited circumstances.”