Are LG Smart TVs spying on you?
By Lee Munson December 5, 2013
- UK blogger says his LG Smart TV sends data about his family’s viewing habits back to manufacturer
- Claims LG was ‘somewhat dismissive’ of his concerns when he brought them up in a letter
LAST year we wrote about a security hole in Samsung TVs which could have allowed hackers to get in to your television, watch you, change channels and plant malware.
Now, a UK blogger, known only as 'DoctorBeet', has apparently discovered that his LG Smart TV has actually been sending data about his family’s viewing habits back to the South Korean manufacturer.
After some investigation he found that his Smart TV would send data back to LG, even after he disabled an option in the system settings menu called ‘Collection of watching info.’
He said that his LG set, model number LG 42LN575V, connects to a non-functional URL with details of the times and channels being watched.
Worse still, he also discovered that the filenames of some media on a USB device connected to the TV were also transmitted, saying that:
This discovery prompted DoctorBeet to create a mock video file which he transferred to a USB stick. He deliberately chose a filename – Midget_Porn_2013.avi – that couldn't possibly be confused with the TV set's firmware. After connecting the USB drive to his TV, he later found that the filename had been transmitted in an unencrypted format to GB.smartshare,lgtvsdp.com.
Strangely, not all filenames belonging to media on USB devices were transmitted:
He did stress, however, that the URL to which the data is being sent returned HTTP 404 errors which could mean that LG's servers may not have logged any personal information. Although that isn't necessarily the case, as one commentator on DoctorBeet's blog posting pointed out:
DoctorBeet himself said that the current 404 status of the URL could mean very little:
It would easily be possible to infer the presence of adult content or files that had been downloaded from file sharing sites.
According to DoctorBeet, LG was somewhat dismissive of his concerns when he brought them up in a letter.
In an emailed reply the company simply said that, as he had accepted the Terms and Conditions on his TV, it wasn’t really its problem. LG suggested that he take up the issue with the retailer who sold him the set.
LG spoke to the BBC, saying that the company is looking into the complaint:
We are looking into reports that certain viewing information on LG Smart TVs was shared without consent.
LG offers many unique Smart TV models which differ in features and functions from one market to another, so we ask for your patience and understanding as we look into this matter.
As for why this particular LG Smart TV is collecting data in the first place, DoctorBeet cites a corporate video aimed at potential advertising partners. The lengthy clip includes claims such as:
The kind of data collection and serving of targeted ads is reminiscent of Tesco's recent decision to use facial recognition for a similar purpose in its petrol forecourts.
Short of boycotting the United Kingdom’s most successful supermarket or wearing a balaclava, there isn't much consumers can do about that scheme.
Fortunately, owners of LG smart TVs can do something to protect their privacy though: At the end of his post DoctorBeet identifies seven domains that he blocked via his router in order to prevent the collection of data and presentation of ads by his too-smart-by-far TV set.
Lee Munson is the founder of Security FAQs, a social media manager with BH Consulting and a blogger with a huge passion for information security. This article first appeared here on the Sophos Naked Security blog and is reprinted with its kind permission.
Related stories:
With the world safe, here are predictions for 2013
Samsung in Smart TV partnership with Spotify, unveils video hub
For more technology news and the latest updates, follow @dnewsasia on Twitter or Like us on Facebook.