Sunday 15 December 2013

We’re Watching You!

LG Smart TVs Collect Your Personal Info

It recently turned out that LG Smart TV was displaying adverts on the Smart landing screen. LG even has some corporate video to advertise their information collection practices to potential advertisers. The company explains that LG Smart Ad can analyze what people like watching, what they do online, and collect search keywords and other data that can help offer relevant adverts to target audiences. In addition, the company offered ad performance reports to demonstrate actual advertising effectiveness.

So, how do they do this? There appeared to be an option in the system settings named “Collection of watching info”, which is turned on by default. To find it, the users have to scroll down. Moreover, this setting, unlike others, has no “balloon help” to explain what it is for.

If you do some traffic analysis to find out what was being sent from your TV, you will learn that viewing data is being sent regardless of whether the setting is turned on or off. Apparently, the system transmits a channel name and a unique device ID. This data is sent back unencrypted and in the clear to the company each time you change channel – even if you switched the setting “Collection of watching info” off.

This is not all. You can find that within the packet data dumps there are filenames being posted to LG’s servers – the ones stored on your external USB hard drive. It is easy to check – once you create a mock file with unique filename and copy it to your USB stick, you’ll see it transmitted. It is unclear how the system filters the data – sometimes the names of the contents of an entire folder are posted, other times nothing is sent.

By the way, the URL that the information is being sent to doesn’t even exist, as the destination brings the HTTP 404 response from LG’s server. However, this collection URL could as well be implemented by the company on its server tomorrow, and allow to transparently collect detailed data on what content you have stored. The aim is clear – this feature would allow to infer the presence of adult material or files downloaded from file-sharing networks.

When contacted, LG claimed that since its customers accepted the Terms and Conditions on their devices, their concerns would be best directed to the retailer, while LG is unable to pass comment on their actions. So, the company can’t help, but you should prevent this from happening, as you own your router and have absolute jurisdiction of any traffic you allow to pass. The only way to do this is to block the list of Internet domains to stop spying and advertising on TVs. So far the list is the following:

ibis.lgappstv.com

ad.lgappstv.com

smartclip.net

smartclip.com

yumenetworks.com

smartshare.lgtvsdp.com

This move can help you stop seeing adverts plastered on your screen and having your viewing behavior monitored. The most important part is that you will still be able to update firmware.

No comments: