LG Smart televisions have spyware that is spying on their owners, and the LG spyware is sending data back to LG, including the filenames of unrelated files that are stored on the users’ drives! That is the stunning discovery made by a developer and self-professed Linux enthusiast going by the name of Doctor Beet.
Actually, we say it is stunning but what we really mean is “not surprising”. After all, it was nearly ten years ago that the Lexmark Lx_Cats spyware scandal broke (and Lexmark is apparently still including that spyware with their printers, judging by comments we receive). And data collection has only become more rampant since then.
However, we believe this may be the first time that it has been proven that a product that is sending your data back to headquarters is also sending data that is not only completely unrelated to your use of the product, but that is such a gross violation of your privacy that it is grabbing your filenames and sending them back.
Says Doctor Beet, “After some investigation, I found a rather creepy corporate video advertising their data collection practices to potential advertisers. It’s quite long but a sample of their claims are as follows:
LG Smart Ad analyses users favourite programs, online behaviour, search keywords and other information to offer relevant ads to target audiences. For example, LG Smart Ad can feature sharp suits to men, or alluring cosmetics and fragrances to women. Furthermore, LG Smart Ad offers useful and various advertising performance reports. That live broadcasting ads cannot. To accurately identify actual advertising effectiveness. In fact, there is an option in the system settings called “Collection of watching info:” which is set ON by default. This setting requires the user to scroll down to see it and, unlike most other settings, contains no “balloon help” to describe what it does.”
He then started analysing the traffic between his LG Smart TV and the LG servers, and what he found was shocking.
Not only was the LG Smart television sending data back every time he changed channels (in other words it was spying on his usage), but, as Doctor Beet tells it, “I noticed filenames were being posted to LG’s servers and that these filenames were ones stored on my external USB hard drive.”
He then created a dummy file, and put it on his USB drive.
And, plain as day, the file name was transmitted to the LG servers.
Let us repeat that:
The filename on his USB drive was transmitted – in the clear – to the LG servers.
When he brought this to the attention of LG, their response, in relevant part, was:
Further to our previous email to yourself, we have escalated the issues you reported to LG’s UK Head Office.
The advice we have been given is that unfortunately as you accepted the Terms and Conditions on your TV, your concerns would be best directed to the retailer. We understand you feel you should have been made aware of these T’s and C’s at the point of sale, and for obvious reasons LG are unable to pass comment on their actions.
We apologise for any inconvenience this may cause you. If you have any further questions please do not hesitate to contact us again.
Of course, the best way to keep this from happening is don’t by a smart television – or at very least don’t buy an LG smart television.
But if it’s too late – if you already have an LG Smart TV, Doctor Beet recommends blocking all of their known domains at your router. These are the domains that he recommends blocking:
You may also want to check out Doctor Beet’s full report on the LG Smart TV spyware, which includes some great screenshots of what he found.
|Get notified of new Internet Patrol articles!