Feeds

You THINK you're watching your LG smart TV - but IT's WATCHING YOU, baby

Phones home with the names of videos you watch, too

Top 5 reasons to deploy VMware with Tegile

LG smart TVs silently log owners' viewing habits to the South Korean company's servers and use them to serve targeted ads, one researcher has claimed.

According to Yorkshire, UK–based hacker "DoctorBeet," the internet-enabled sets try to phone home to LG every time a viewer changes the channel, giving the chaebol the ability to track exactly which channels are being watched, minute by minute.

Using network packet-sniffing tools, DoctorBeet discovered that his set was also transmitting the names of media files he played off USB storage, which he observes could potentially be embarrassing for those in the habit of watching less savory downloaded fare.

Even worse, these transmissions are completely unencrypted, giving anyone with the ability to mount a man-in-the-middle attack complete knowledge of whether the TV is in use at any given time and what the owner might be watching on it.

DoctorBeet thinks he knows what LG wants this information for: to serve ads. Digging around LG's websites, he came across a slightly creepy promotional video that touts the company's smart TV platform as "the differentiated advertising experience that you always dreamed of":

"LG Smart AD enables publishers to maximize rev-enues through worldwide ad networks, intelligent platform to boost CPM and the remarkable ecosystem," the LG Smart Ad website proclaims in not-quite-perfect English.

Some readers will surely question why a TV that the customer bought and paid for should be serving ads outside of the content being watched to begin with, but that's clearly the direction that LG would like to see things go.

Earlier this year, The Reg reported that LG was the first smart TV vendor to sign on with Cognitive Networks, a company that claims to be able to identify what TV viewers are watching by analyzing the actual images onscreen. The TV maker could then serve targeted ads based on the programming being watched.

LG Smart TV's content collection menu option

Don't worry about this menu – LG smart TVs track your viewing habits either way (Source: DoctorBeet)

The communications DoctorBeet observed don't appear to have anything to do with the Cognitive Networks system. Disturbingly, however, there doesn't seem to be any way to opt out of the data collection. DoctorBeet observed that while his TV did have an option called "Collection of watching info" in its settings menu, the data was still transmitted whether the option was set to on or off.

LG's US offices has yet to respond to a request for comment from Vulture Annex in San Francisco, and DoctorBeet's own request to the LG Electronics UK help desk netted nothing more than a polite dismissal.

If there is any bright side to this, however, it's that LG doesn't seem to actually be doing anything with the viewing data its TVs are sending – at least, not yet.

As DoctorBeet noted, the actual URLs his TV is requesting all resolve to 404 errors. Assuming that message is correct and not an attempt at subterfuge, this means that while LG does have a server setup at the address, it doesn't actually have an application in place to collect or store the viewing data.

Still, it could potentially set one up at any time. As a preemptive measure, DoctorBeet has compiled a list of URLs that he believes are involved with LG's ad-serving system. Customers who are concerned that LG might be spying on their viewing habits are advised to block some or all of these in their internet routers. ®

Internet Security Threat Report 2014

More from The Register

next story
PEAK APPLE: iOS 8 is least popular Cupertino mobile OS in all of HUMAN HISTORY
'Nerd release' finally staggers past 50 per cent adoption
Tim Cook: The classic iPod HAD to DIE, and this is WHY
Apple, er, couldn’t get the parts for HDD models
Apple spent just ONE DOLLAR beefing up the latest iPad Air 2
New iPads look a lot like the old one. There's a reason for that
Google Glassholes are UNDATEABLE – HP exec
You need an emotional connection, says touchy-feely MD... We can do that
Caterham Seven 160 review: The Raspberry Pi of motoring
Back to driving's basics with a joyously legal high
Back to the ... drawing board: 'Hoverboard' will disappoint Marty McFly wannabes
Buzzing board (and some future apps) leave a lot to be desired
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
Protecting against web application threats using SSL
SSL encryption can protect server‐to‐server communications, client devices, cloud resources, and other endpoints in order to help prevent the risk of data loss and losing customer trust.