[LINK] LG Smart TVs send filenames from USB drives!

Jan Whitaker jwhit at internode.on.net
Thu Nov 21 15:35:43 AEDT 2013


At 02:31 PM 20/11/2013, Andy Farkas wrote:
>No wonder I don't own a smart TV yet:
>
> 
><http://doctorbeet.blogspot.co.uk/2013/11/lg-smart-tvs-logging-usb-filenames-and.html>
>
>"At this point, I decided to do some traffic analysis to see what
>was being sent.  It turns out that viewing information appears to
>be being sent regardless of whether this option ["Collection of
>watching info"] is set to On or Off."


It hit the Age today:


LG Australia investigates smart TV spy claims

Ben Grubb
Published: November 21, 2013 - 2:03PM

LG Australia says it is investigating claims that 
some models of LG smart TVs are logging viewing 
information and preferences and sending the data back to the company's servers.

British IT consultant, Jason Huntley, 45, from 
Hull, wrote in a blog post this week that he had 
discovered his LG smart TV was sending the names 
of files on plugged-in USB devices back to an LG 
web server. The names of channels he watched were 
also being collected by the company without his knowledge.

Mr Huntley discovered his TV was accessing this 
information after it began displaying advertising 
on its home screen. He then noticed a "creepy LG 
corporate video" describing a LG Smart Ad 
feature. This analyses a user's favourite 
programs, online behaviour, search keywords and 
other information in order to offer relevant advertising, the ad claimed.

"LG Smart Ad can feature sharp suits to men, or 
alluring cosmetics and fragrances to women. 
Furthermore, LG Smart Ad offers useful and 
various advertising performance reports - that 
live broadcasting ads cannot - to accurately 
identify actual advertising effectiveness," it said.

In the process of investigating the matter, Mr 
Huntley said he found an option in his TV's 
settings called "collection of watching info" 
which is switched "on" by default.

However, following traffic analysis on his home 
network, Mr Huntley said viewing information 
appeared to be sent to LG regardless of whether 
the option was set to "on" or "off".

Speaking with Fairfax Media via email on 
Thursday, Mr Huntley said he had received similar 
reports from multiple users after posting about 
it on his blog. However, some users in Germany, 
for example, could not find evidence of the back-to-base traffic.

"It may be that LG are rolling this tech out 
slowly or that they are still testing in certain 
countries," Mr Huntley told Fairfax.. "One user 
reported on my blog that they had received a 
firmware update yesterday and was presented with 
a new Privacy Policy to agree to."

He said he couldn't say what the situation was in Australia.

But Phillip Anderson, head of public relations at 
LG Australia, told Fairfax in a statement on 
Wednesday: "LG Australia acknowledges the issues 
that have been identified in the UK. We take the 
claims very seriously and are currently 
investigating the situation at a local level."

Before publishing his blog, Mr Huntley said he 
spoke to LG's UK office several times in an email 
conversation regarding the matter and drew their 
attention to the UK Data Protection Act.

The BBC has reported that the UK Information 
Commissioner's Office is looking into the matter.

"They said they had escalated it to their UK head 
office but then replied saying that I had agreed 
to the terms. I think this was a missed 
opportunity for them to resolve it before it 
became widely known and it's a shame they didn't 
react in a more meaningful way," Mr Huntley said.

"I would have been perfectly happy if they 
committed to providing the means to properly 
opt-out of this. (However I would probably not 
have discovered the file name leak had that been the case.)"

Mr Huntley said he didn't see that consumer 
electronics companies had the right to sell 
people's viewing preferences for additional profit.

"Advertising is ever present but I was angered 
that I after paying over £500 for a TV and 
additionally for a broadband connection that LG 
thought that they could commandeer these to 
deliver advertising. What service am I getting in return?" he said.

"Unfortunately there are many companies working 
on achieving these ends and, although this may be 
a setback for LG's Smart Ad division - I'm 
worried that other companies may choose to focus 
on hiding their marketing efforts rather than 
delivering products that users actually want."

As a result, Mr Huntley promised to continue 
researching and analysing any technology products 
that he owned and said he would continue to 
promote public discussion on their features.

The IT consultant's research follows recent 
reports which suggested that smart TVs are dumb 
when it comes to privacy and security.

Security researchers Aaron Grattafiori and Josh 
Yavor recently demonstrated how they could 
remotely abuse Samsung's 2012 line of smart TVs 
to take complete control of the machine.

Using flaws the pair had discovered in the TV's 
web browser – which Samsung has since patched – 
the security engineers at US-based iSec Partners 
gained a foothold on the machine by pointing its 
browser to a web page that was loaded with attack code.

Mr Huntley said smart TVs were not very secure.

"Consumer tech is a very competitive market and 
there is intense pressure to deliver products in 
shorter and shorter time scales," he said. "This 
works against the need for robust security, so 
it's not surprising that exploits exist and are 
discovered frequently. As with computer software, 
it's important to be able to react quickly and 
fix problems before they are exploited in the wild."

     Follow IT Pro on Twitter

This story was found at: 
http://www.theage.com.au/it-pro/security-it/lg-australia-investigates-smart-tv-spy-claims-20131121-hv3nx.html 




Melbourne, Victoria, Australia
jwhit at janwhitaker.com

Sooner or later, I hate to break it to you, 
you're gonna die, so how do you fill in the space 
between here and there? It's yours. Seize your space.
~Margaret Atwood, writer

_ __________________ _



More information about the Link mailing list