Options

LG smart TV snooping extends to home networks, second blogger says

tpatt100tpatt100 Member Posts: 2,991 ■■■■■■■■■□
in Off-Topic
With LG and Xbox One and I am assuming other devices I think I will make sure to get dressed before leaving my bedroom for now on.....

LG smart TV snooping extends to home networks, second blogger says | Ars Technica
A second blogger has published evidence that his LG-manufactured smart television is sharing sensitive user data with the Korea-based company in a post that offers support for the theory that the snooping isn't isolated behavior that affects a small number of sets.In addition to transmitting a list of shows being watched and the names of files contained on USB drives, the Internet-connected TV also sent the names of files shared on home or office networks, the blogger reported. He made the discovery after plugging the Wireshark packet-sniffing program into his home network and noticing that an LG TV—model number 42ls570, purchased in April—was transmitting file names that sounded vaguely familiar even though there was no USB drive plugged in.


"It turns out it was pulling filenames from my shared folders over the network and broadcasting those instead," he wrote in a blog post published Thursday. "I moved all the media out of the folder and put a few duds in named 'GiantPorn,' turned the TV off and on and it was still broadcasting the old filenames. The TV couldn't see those files whilst browsing manually so I'd hazard a guess it’s caching some of these locally."


Within about 10 minutes, voilà. The name of the GiantPorn MPEG file was transmitted to 193.67.216.135, an IP address belonging to LG Electronics, according to Whois records.
Mark, a Web developer who asked Ars not to publish his last name, said he also noticed that his TV sent an authorization code to LG as soon as he turned it on and a deauthorization code each time he turned it off.

"I'm not sure how unusual this practice is, but it gives LG a pretty precise measurement of when and how long you are using the TV," he wrote.
As was the case with the previous blogger, the HTTP POST requests Mark observed returned a 404 error typically used to indicate that a requested file wasn't found at a specified address. That could indicate the data the smart TVs are sending wasn't received, but that's by no means certain since it's trivial for that information to be logged even when such errors are broadcast. And even if the data isn't currently being received for whatever reason, the packet captures provide almost irrefutable proof that the data is being sent to LG servers, whether or not they're actually accepting it. With minor fuss, those servers can be tweaked to permanently log the data.

What's more, since LG TVs are sending the data unencrypted, it's trivial for anyone on the same home or office network to monitor the communications. That data is similarly available to anyone who has the ability to monitor communications sent over the larger Internet.


Representatives of LG didn't respond to a request for comment for both this story and a previous post.


Earlier Thursday, Engadget reported LG has promised to stop its smart devices from monitoring users. Reporter Matt Brian wrote:

The response seems odd that it was doing something for a feature that wasn't implemented yet
In light of accusations that its Smart TVs were sending private data to its servers, LG has admitted that some of its sets are behaving in ways they shouldn't be. In a statement, the Korean manufacturer conceded that it has been collecting channel, TV platform and broadcast source data from some units, even when the feature was switched off. However, the company said that when the feature operates normally, it helps provide viewing recommendations to other LG Smart TV owners based on what they are watching. In response to claims it was also beaming over names of files located on connected USB keys, LG admits that it actually forms part of an upcoming service that searches the internet for detailed information on a particular film or TV show.
· Share on FacebookShare on Twitter

Comments

  • Options
    doverdover Member Posts: 184 ■■■■□□□□□□
    tpatt,

    Nice find. I read this story on it yesterday but haven't had a chance to read the Ars article. The one I read had some very nice wireshark screencaps too.

    I've captured some odd traffic from a (satellite provider) device I have at home but haven't had a chance to dig into it.
    · Share on FacebookShare on Twitter
  • Options
    cyberguyprcyberguypr Mod Posts: 6,928 Mod
    My colleague sent me the DoctorBeet link a couple of days ago. I purchased one of these TVs a few weeks ago. As a normal person, I didn't read the endless ToS.

    The best part is "According to the other article, when you disable collection, it sends the information with a flag indicating that collection has been disabled."

    Hell, I don't even know if I want to return it, block it, not worry about it. Man!

    It's ridiculous how you can't trust any big company having common sense and respecting consumers.
    · Share on FacebookShare on Twitter
  • Options
    tpatt100tpatt100 Member Posts: 2,991 ■■■■■■■■■□
    I think it would be a complete coincidence if I scratch myself or pick my nose and jock itch or Kleenex ad pops up on the screen....
    · Share on FacebookShare on Twitter
Sign In or Register to comment.