[LINK] LG Smart TVs send filenames from USB drives!
Jan Whitaker
jwhit at internode.on.net
Thu Nov 21 15:35:43 AEDT 2013
At 02:31 PM 20/11/2013, Andy Farkas wrote:
>No wonder I don't own a smart TV yet:
>
>
><http://doctorbeet.blogspot.co.uk/2013/11/lg-smart-tvs-logging-usb-filenames-and.html>
>
>"At this point, I decided to do some traffic analysis to see what
>was being sent. It turns out that viewing information appears to
>be being sent regardless of whether this option ["Collection of
>watching info"] is set to On or Off."
It hit the Age today:
LG Australia investigates smart TV spy claims
Ben Grubb
Published: November 21, 2013 - 2:03PM
LG Australia says it is investigating claims that
some models of LG smart TVs are logging viewing
information and preferences and sending the data back to the company's servers.
British IT consultant, Jason Huntley, 45, from
Hull, wrote in a blog post this week that he had
discovered his LG smart TV was sending the names
of files on plugged-in USB devices back to an LG
web server. The names of channels he watched were
also being collected by the company without his knowledge.
Mr Huntley discovered his TV was accessing this
information after it began displaying advertising
on its home screen. He then noticed a "creepy LG
corporate video" describing a LG Smart Ad
feature. This analyses a user's favourite
programs, online behaviour, search keywords and
other information in order to offer relevant advertising, the ad claimed.
"LG Smart Ad can feature sharp suits to men, or
alluring cosmetics and fragrances to women.
Furthermore, LG Smart Ad offers useful and
various advertising performance reports - that
live broadcasting ads cannot - to accurately
identify actual advertising effectiveness," it said.
In the process of investigating the matter, Mr
Huntley said he found an option in his TV's
settings called "collection of watching info"
which is switched "on" by default.
However, following traffic analysis on his home
network, Mr Huntley said viewing information
appeared to be sent to LG regardless of whether
the option was set to "on" or "off".
Speaking with Fairfax Media via email on
Thursday, Mr Huntley said he had received similar
reports from multiple users after posting about
it on his blog. However, some users in Germany,
for example, could not find evidence of the back-to-base traffic.
"It may be that LG are rolling this tech out
slowly or that they are still testing in certain
countries," Mr Huntley told Fairfax.. "One user
reported on my blog that they had received a
firmware update yesterday and was presented with
a new Privacy Policy to agree to."
He said he couldn't say what the situation was in Australia.
But Phillip Anderson, head of public relations at
LG Australia, told Fairfax in a statement on
Wednesday: "LG Australia acknowledges the issues
that have been identified in the UK. We take the
claims very seriously and are currently
investigating the situation at a local level."
Before publishing his blog, Mr Huntley said he
spoke to LG's UK office several times in an email
conversation regarding the matter and drew their
attention to the UK Data Protection Act.
The BBC has reported that the UK Information
Commissioner's Office is looking into the matter.
"They said they had escalated it to their UK head
office but then replied saying that I had agreed
to the terms. I think this was a missed
opportunity for them to resolve it before it
became widely known and it's a shame they didn't
react in a more meaningful way," Mr Huntley said.
"I would have been perfectly happy if they
committed to providing the means to properly
opt-out of this. (However I would probably not
have discovered the file name leak had that been the case.)"
Mr Huntley said he didn't see that consumer
electronics companies had the right to sell
people's viewing preferences for additional profit.
"Advertising is ever present but I was angered
that I after paying over £500 for a TV and
additionally for a broadband connection that LG
thought that they could commandeer these to
deliver advertising. What service am I getting in return?" he said.
"Unfortunately there are many companies working
on achieving these ends and, although this may be
a setback for LG's Smart Ad division - I'm
worried that other companies may choose to focus
on hiding their marketing efforts rather than
delivering products that users actually want."
As a result, Mr Huntley promised to continue
researching and analysing any technology products
that he owned and said he would continue to
promote public discussion on their features.
The IT consultant's research follows recent
reports which suggested that smart TVs are dumb
when it comes to privacy and security.
Security researchers Aaron Grattafiori and Josh
Yavor recently demonstrated how they could
remotely abuse Samsung's 2012 line of smart TVs
to take complete control of the machine.
Using flaws the pair had discovered in the TV's
web browser which Samsung has since patched
the security engineers at US-based iSec Partners
gained a foothold on the machine by pointing its
browser to a web page that was loaded with attack code.
Mr Huntley said smart TVs were not very secure.
"Consumer tech is a very competitive market and
there is intense pressure to deliver products in
shorter and shorter time scales," he said. "This
works against the need for robust security, so
it's not surprising that exploits exist and are
discovered frequently. As with computer software,
it's important to be able to react quickly and
fix problems before they are exploited in the wild."
Follow IT Pro on Twitter
This story was found at:
http://www.theage.com.au/it-pro/security-it/lg-australia-investigates-smart-tv-spy-claims-20131121-hv3nx.html
Melbourne, Victoria, Australia
jwhit at janwhitaker.com
Sooner or later, I hate to break it to you,
you're gonna die, so how do you fill in the space
between here and there? It's yours. Seize your space.
~Margaret Atwood, writer
_ __________________ _
More information about the Link
mailing list