Feeds

You THINK you're watching your LG smart TV - but IT's WATCHING YOU, baby

Phones home with the names of videos you watch, too

Business security measures using SSL

LG smart TVs silently log owners' viewing habits to the South Korean company's servers and use them to serve targeted ads, one researcher has claimed.

According to Yorkshire, UK–based hacker "DoctorBeet," the internet-enabled sets try to phone home to LG every time a viewer changes the channel, giving the chaebol the ability to track exactly which channels are being watched, minute by minute.

Using network packet-sniffing tools, DoctorBeet discovered that his set was also transmitting the names of media files he played off USB storage, which he observes could potentially be embarrassing for those in the habit of watching less savory downloaded fare.

Even worse, these transmissions are completely unencrypted, giving anyone with the ability to mount a man-in-the-middle attack complete knowledge of whether the TV is in use at any given time and what the owner might be watching on it.

DoctorBeet thinks he knows what LG wants this information for: to serve ads. Digging around LG's websites, he came across a slightly creepy promotional video that touts the company's smart TV platform as "the differentiated advertising experience that you always dreamed of":

"LG Smart AD enables publishers to maximize rev-enues through worldwide ad networks, intelligent platform to boost CPM and the remarkable ecosystem," the LG Smart Ad website proclaims in not-quite-perfect English.

Some readers will surely question why a TV that the customer bought and paid for should be serving ads outside of the content being watched to begin with, but that's clearly the direction that LG would like to see things go.

Earlier this year, The Reg reported that LG was the first smart TV vendor to sign on with Cognitive Networks, a company that claims to be able to identify what TV viewers are watching by analyzing the actual images onscreen. The TV maker could then serve targeted ads based on the programming being watched.

LG Smart TV's content collection menu option

Don't worry about this menu – LG smart TVs track your viewing habits either way (Source: DoctorBeet)

The communications DoctorBeet observed don't appear to have anything to do with the Cognitive Networks system. Disturbingly, however, there doesn't seem to be any way to opt out of the data collection. DoctorBeet observed that while his TV did have an option called "Collection of watching info" in its settings menu, the data was still transmitted whether the option was set to on or off.

LG's US offices has yet to respond to a request for comment from Vulture Annex in San Francisco, and DoctorBeet's own request to the LG Electronics UK help desk netted nothing more than a polite dismissal.

If there is any bright side to this, however, it's that LG doesn't seem to actually be doing anything with the viewing data its TVs are sending – at least, not yet.

As DoctorBeet noted, the actual URLs his TV is requesting all resolve to 404 errors. Assuming that message is correct and not an attempt at subterfuge, this means that while LG does have a server setup at the address, it doesn't actually have an application in place to collect or store the viewing data.

Still, it could potentially set one up at any time. As a preemptive measure, DoctorBeet has compiled a list of URLs that he believes are involved with LG's ad-serving system. Customers who are concerned that LG might be spying on their viewing habits are advised to block some or all of these in their internet routers. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Oi, Tim Cook. Apple Watch. I DARE you to tell me, IN PERSON, that it's secure
State attorney demands Apple CEO bows the knee to him
4K-ing excellent TV is on its way ... in its own sweet time, natch
For decades Hollywood actually binned its 4K files. Doh!
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
DARPA-backed jetpack prototype built to make soldiers run faster
4 Minute Mile project hatched to speed up tired troops
Hey, Mac fanbois. HGST wants you drooling over its HUGE desktop RACK
What vast digital media repository could possibly need 64 TERABYTES?
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Apple's ONE LESS THING: the iPod Classic disappears
RIP 2001 – 2014. MP3 player beloved of millions. Killed by cloud
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.