LG Smart TV Caught Collecting Data On Files Stored On Connected USB Drives

from the if-you-give-a-TV-an-internet-connection... dept

The growing presence of "smart" devices, each one requiring a connection to the outside world, is a bit alarming (Samsung TV zero day exploit, anyone?). The territory still remains largely uncharted and device manufacturers are still pretty much free to decide just how much data these devices will cough up when phoning home.

A blogger (and developer and Linux enthusiast) going by the name of DoctorBeet noticed his newly-purchased LG Smart TV was displaying ads on the "home" screen. He dug around and found more info on an LG corporate page that described the process in cheery let's-sell-some-ads tones.

LG Smart Ad analyses users favourite programs, online behaviour, search keywords and other information to offer relevant ads to target audiences. For example, LG Smart Ad can feature sharp suits to men, or alluring cosmetics and fragrances to women.
The endearingly sexist sales pitch attempting to sell other pitchmen on LG's "smart" ad platform/TV makes it pretty clear that LG's TV is very interested in any "interactions" you have with your device.

What the sales pitch failed to make clear is that LG will be grabbing this behavioral data no matter what.
In fact, there is an option in the system settings called "Collection of watching info:" which is set ON by default. This setting requires the user to scroll down to see it and, unlike most other settings, contains no "balloon help" to describe what it does...

At this point, I decided to do some traffic analysis to see what was being sent. It turns out that viewing information appears to be being sent regardless of whether this option is set to On or Off.
Not only was LG sucking up viewer data, it was sending the data on each interaction completely unencrypted. This isn't necessarily a huge problem if the data collection was limited to the channel watched and for what length of time. But as the increasingly creepy sales pitch above points out, LG also wants "search keywords" and a potentially unlimited amount of "other information."

At this point, LG already has a bit of privacy problem. Sending data on channel selection is one thing. Collecting and sending unencrypted web data like search terms is quite another. And it gets even worse.
It was at this point, I made an even more disturbing find within the packet data dumps. I noticed filenames were being posted to LG's servers and that these filenames were ones stored on my external USB hard drive.
DoctorBeet tested his hunch by mocking up an .avi file that would be immediately distinguishable from any other "normal" traffic. Plugging in a USB stick with the bait (Midget_Porn_2013.avi) into his TV, DoctorBeet soon saw data on his faux porn headed to LG's servers in unencrypted plain text. DoctorBeet (and his shocked wife) also watched his children's names being harvested from the file name of a Christmas video located on another connected drive. [Click picture to open a full size version in another tab.]


The implications of this data collection are huge. As DoctorBeet points out, it's simply an invasion of privacy at best. Who knows what ads LG might serve when faced with a hard drive full of porn? Who knows what it might do if it goes trolling through media files at the behest of publishers, studios and labels? It's not tough to imagine a scenario where "connected" files become bricked because of a perceived lack of license. As we've seen before, companies are seeking to patent methods of utilizing connected devices (like the now-mandatory Xbox "camera") to determine who's enjoying what content for ad-serving purposes/licensing fee extraction.

If nothing else, a "smart" TV shouldn't be gathering, much less sending, file data back home from customers' non-LG devices. The fact that LG does this in unencrypted form is also troubling. The fact that LG does this even when you specifically tell it not to is the sort of thing that becomes the basis for a class action lawsuit.

LG's pass-the-buck response to DoctorBeet's complaints makes everything so much worse.
Thank you for your e-mail.

Further to our previous email to yourself, we have escalated the issues you reported to LG's UK Head Office.

The advice we have been given is that unfortunately as you accepted the Terms and Conditions on your TV, your concerns would be best directed to the retailer. We understand you feel you should have been made aware of these T's and C's at the point of sale, and for obvious reasons LG are unable to pass comment on their actions.

We apologise for any inconvenience this may cause you. If you have any further questions please do not hesitate to contact us again.

Kind Regards

Tom

LG Electronics UK Helpdesk
Tel: 0844 847 5454
Fax: 01480 274 000
Email: cic.uk@lge.com
In other words:
"Sorry" if you misunderstood the Terms and Conditions you were compelled to accept if you wanted to use your new purchase. "Sorry" these same terms and conditions nullified your preferences on sending data without your permission. Oh, and by the way, not our fault -- the helpful people with the name tags at your local electronics store should have been intimately familiar with the Terms and Conditions of our entire product line and ensured that potential customers knew they were purchasing a SPY TV rather than a SMART TV.

If you have any other questions about our intrusive data collections, please don't hesitate to fuck off and die.
LG's representation may not care (at the moment) whether DoctorBeet feels LG's watching him more than he's watching its TV, but as this story continues to spread across the internet, I would imagine its tune will change. And when that changes, hopefully it will alter the Terms and Conditions as well.

People don't implicitly surrender their privacy when they attach a "smart" device to the internet. There are responsible ways to collect data and responsible ways to protect this data and, from what's being shown here, LG is doing neither.

Filed Under: information sharing, privacy, smart tv, usb drives
Companies: lg


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    SDF, 20 Nov 2013 @ 12:29pm

    Attempt to see said Terms and Conditions

    I actually tried to get a copy of these terms and conditions from LG, and found the attempt enlightening.

    Ana: Hello S. Fox. Welcome to LG Electronics U.S.A. Support only. How may I provide you with excellent service today?
    ME: I am trying to find the terms and conditions for the smart tv series prior to purchase, but do not see the information on your website
    Ana: HI
    Ana: What terms and conditions are you referring to ?
    ME: the terms and conditions related to the smart tv software
    Ana: That is not available in the website. That only comes up in the TV when you are setting it up for the first time
    ME: the ones that must be accepted to use the smart tv software, but arent accessible until after purchase of the television, at which point i would be out a restocking fee
    Ana: I can email you the TV warranty statement if you want to
    ME: So if I am unwilling to accept them because i find parts objectionable, is the tv eligible for a full refund?
    Ana: Refunds or exchanges depends of the store policy
    ME: so they must be agreed to in order to use the device, but are not available until after purchase, at which point i may or may not be out of money based off of the retailers policy on returning open-box items.
    ME: is this correct?
    Ana: Yes, you need to agree to continue the TV setup
    ME: Is LG able to provide me these prior to purchase so that I can decide if they are acceptable?
    Ana: No, those are not available
    ME: So I have to accept them to use the product, but they will not be made available to me before I purchase the product. Do you not see a problem with this ?
    Ana: That is right.
    ME: In other words, by purchasing the TV I am entering into a contract that I am not allowed to read.
    ME: Thus am unable to make an informed decision whether to proceed
    Ana: You can check with the distributor what are their policies for return in the event you are not satisfy with the product
    ME: I can state unequivocally that LG has been removed from lists of potential products. I find this lack of transparency to be unacceptable.
    Ana: Thank you for your feedback. I have forwarded your comments to our corporate public relations office

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Insider Shop - Show Your Support!

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.