Friday, November 22, 2013

LG admits that its ‘Smart TVs’ have been watching users – and transmitting data without consent

Some LG ‘Smart TVs’ watch their owners – logging their viewing habits without their permission – and transmitting the information back to the company, LG has admitted. The TVs do this even if the user has specifically selected an option not to share data.
The behavior was first noted by a UK-based developer, Jason Huntley, as reported by The Register this week.

The television company advertised this data collection in a video for advertisers, according to Huntley’s blog, saying, “LG Smart Ad analyses users favourite programs, online behavior, search keywords and other information to offer relevant ads to target audiences. For example, LG Smart Ad can feature sharp suits to men, or alluring cosmetics and fragrances to women.”

However, Huntley said that even if you switched off the option for ‘collection of watching info’, the information was still transmitted to LG, including file names of users’ private videos.

Every time users changed channel, this information was transmitted, Huntley said, adding, “I made an even more disturbing find within the packet data dumps.  I noticed filenames were being posted to LG’s servers and that these filenames were ones stored on my external USB hard drive.  To demonstrate this, I created a mock avi file and copied it to a USB stick.”

The electronics giant has now admitted that some of its Smart TVs do collect information without consent. In a statement released by LG and reported by security expert Graham Cluley, the company said, “Recently, it has been brought to our attention that there is an issue related to viewing information allegedly being gathered without consent. A firmware update is being prepared for immediate rollout that will correct this problem on all affected LG Smart TVs so when this feature is disabled, no data will be transmitted.”

Cluley comments on his blog, “Glad to hear that it’s being removed with the firmware update, but how on earth do features that have only been partially implemented manage to ship in hundreds of thousands (maybe millions) of TVs that end up in consumers’ front rooms?” Cluley also noted that the company did not apologize.

“What does this say for LG’s quality control if surplus code, which hasn’t been properly tested, that sends details of what should be confidential filenames in *plaintext* across the internet, doesn’t get picked up before the product is bought?”

Earlier this year, a U.S. Senator has called on the manufacturers of Smart TVs to make their devices safer – after a demonstration of an attack which showed off how hackers could “spy” on users through a television’s built-in webcam, as reported by We Live Security here.

“You expect to watch TV, but you don’t want the TV watching you,” said Senator Charles E Schumer. “Many of these smart televisions are vulnerable to hackers who can spy on you while you’re watching tv in your living room. Manufacturers should do everything possible to create a standard of security in their internet-connected products.”

His comments came in the wake of a demonstration at the Black Hat security conference in Las Vegas, where a researcher showed off how to remotely activate the microphones and cameras in a Samsung Smart TV.

Share

Twitter Delicious Facebook Linkedin Stumbleupon Favorites More