LG Smart TVs logging USB filenames and viewing info to LG servers

[Charles Christian Miers]

The owner of an LG Smart TV says he’s got evidence that the TV is sending details about his viewing habits and the names of some video files he watched on the TV back to LG, against his instructions.

The British blogger Dr Beet (who the BBC names as IT consultant Jason Huntley) says he became suspicious when he saw advertisements on the TV’s “home screen” and discovered from LG’s site that these ads are targeted and take into account factors including the sites users visit through the TV and the shows that they watch.

Huntley found an option in the settings menu to have “Collection of watching info” switched on or off. However, after hooking up a computer to the TV set to see what data it was sending, he discovered that information about his viewing was being sent regardless of what setting he selected.

The data included the channel, the TV show, and an ID for his set. The unencrypted data was being sent regardless of the info collection setting. The only difference was that if the setting was on, the data was accompanied by a single-digit flag indicating that the user did not agree to the data being collected. Of course, as Huntley notes, using that flag kind of misses the point of having the setting option.

Huntley also discovered that some of the data sent back to LG didn’t refer to TV viewing, but rather listed the filename of videos he had watched on the set via a USB stick. He tested this by creating and watching a file with a memorable (if inaccurate) name and, as the very bottom of the image above shows, it did indeed show up in the data.

Initially Huntley e-mailed LG about the issue. He got a reply which said that he had accepted terms and conditions when starting up the TV for the first time, and that as a result any problem he had was between him and the retailer. That may be irrelevant from a legal perspective as it’s possible LG’s behavior may breach data protection laws. The Information Commissioner’s Office, which deals with data protection in the UK, is making inquiries.

LG has since told the BBC it is investigating the issue and plans to make a further comment later.

According to Huntley, the best way to sidestep such data collection is to configure your router to block outgoing traffic to seven domains, namely:

• ad.lgappstv.com
• yumenetworks.com
• smartclip.net
• smartclip.com
• llnwd.net
• smartshare.lgtvsdp.com
• ibis.lgappstv.com

Read more at http://www.geeksaresexy.net/2013/11/20/lg-phones-home/#XijGU0oCIlIH0sDj.99

DoctorBeet's Blog

Earlier this month I discovered that my new LG Smart TV was displaying ads on the Smart landing screen.

After some investigation, I found a rather creepy corporate video advertising their data collection practices to potential advertisers. It's quite long but a sample of their claims are as follows:

LG Smart Ad analyses users favourite programs, online behaviour, search keywords and other information to offer relevant ads to target audiences. For example, LG Smart Ad can feature sharp suits to men, or alluring cosmetics and fragrances to women.

Furthermore, LG Smart Ad offers useful and various advertising performance reports. That live broadcasting ads cannot. To accurately identify actual advertising effectiveness.

In fact, there is an option in the system settings called "Collection of watching info:" which is set ON by default.  This setting requires the user to scroll down to see it and, unlike most other settings, contains no "balloon help" to describe what it does.

At this point, I decided to do some traffic analysis to see what was being sent.  It turns out that viewing information appears to be being sent regardless of whether this option is set to On or Off.

Here you can clearly see that a unique device ID is transmitted, along with the Channel name "BBC NEWS" and a unique device ID.
Here is another example of a viewing info packet.

GB.smartshare.lgtvsdp.com POST /ibs/v2.2/service/watchInformation.xml HTTP/1.1
Host: GB.ibis.lgappstv.com
Accept: */*
X-Device-Product:NETCAST 4.0
X-Device-Platform:NC4M
X-Device-Model:HE_DTV_NC4M_AFAAABAA
X-Device-Netcast-Platform-Version:0004.0002.0000
X-Device-Country:GB
X-Device-Country-Group:EU
X-Device-ID:2yxQ5kEhf45fjUD35G+E/xdq7xxWE2ghu0j4an9kbGoNcyWaSsoLgyk8JJoMtjRrYRsVS6mHKy/Zdd6nZp+Y+gK6DVqnbQeDqr16YgacdzKU80sCKwOAi1TwIQov/SlB
X-Authentication:YMu3V1dv8m8JD0ghrsmEToxONDI= cookie:JSESSIONID=3BB87277C55EED9489B6E6B2DEA7C9FD.node_sdpibis10; Path=/
Content-Length: 460
Content-Type: application/x-www-form-urlencoded
&chan_name=BBC TWO&device_src_idx=1&dtv_standard_type=2
&broadcast_type=2&device_platform_name=NETCAST 4.0_mtk5398&chan_code=251533454-72E0D0FB0A8A4C70E4E2D829523CA235&external_input_name=Antenna&chan_phy_no=&atsc_chan_maj_no=&atsc_chan_min_no=&chan_src_idx=1&chan_phy_no=&atsc_chan_maj_no=&atsc_chan_min_no=&chan_phy_no=47&atsc_chan_maj_no=2&atsc_chan_min_no=2&chan_src_idx=1&dvb_chan_nw_id=9018&dvb_chan_transf_id=4170&dvb_chan_svc_id=4287&watch_dvc_logging=0

This information appears to be sent back unencrypted and in the clear to LG every time you change channel, even if you have gone to the trouble of changing the setting above to switch collection of viewing information off.

It was at this point, I made an even more disturbing find within the packet data dumps.  I noticed filenames were being posted to LG's servers and that these filenames were ones stored on my external USB hard drive.  To demonstrate this, I created a mock avi file and copied it to a USB stick.

This file didn't really contain "midget porn" at all, I renamed it to make sure it had a unique filename that I could spot easily in the data and one that was unlikely to come from a broadcast source.

And sure enough, there is was...

Sometimes the names of the contents of an entire folder was posted, other times nothing was sent.  I couldn't determine what rules controlled this.

I think it's important to point out that the URL that the data is being POSTed to doesn't in fact exist, you can see this from the HTTP 404 response in the next response from LG's server after the ACK.

However, despite being missing at the moment, this collection URL could be implemented by LG on their server tomorrow, enabling them to start transparently collecting detailed information on what media files you have stored.

It would easily be possible to infer the presence of adult content or files that had been downloaded from file sharing sites. My wife was shocked to see our children's names being transmitted in the name of a Christmas video file that we had watched from USB.

So what does LG have to say about this?  I approached them and asked them to comment on data collection, profiling of their customers, collection of usage information and mandatory embedded advertising on products that their customers had paid for.  Their response to this was as follows:

Good Morning

Thank you for your e-mail.

Further to our previous email to yourself, we have escalated the issues you reported to LG's UK Head Office.

The advice we have been given is that unfortunately as you accepted the Terms and Conditions on your TV, your concerns would be best directed to the retailer.  We understand you feel you should have been made aware of these T's and C's at the point of sale, and for obvious reasons LG are unable to pass comment on their actions.

We apologise for any inconvenience this may cause you. If you have any further questions please do not hesitate to contact us again.

Kind Regards

Tom

LG Electronics UK Helpdesk
Tel: 0844 847 5454
Fax: 01480 274 000
Email: cic...@lge.com

UK: [premium rate number removed] Ireland: 0818 27 6954
Mon-Fri 9am to 8pm Sat 9am-6pm

Sunday 11am - 5pm

I haven't asked them about leaking of USB filenames due to the "deal with it" nature of the above response but I have no real expectation that their response would be any different.

So how can we prevent this from happening?  I haven't read the T&Cs but one thing I am sure about is that I own my router and have absolute jurisdiction of any traffic that I allow to pass, so I have compiled an initial list of internet domains that you can block to stop spying and advertising on TVs that we, as customers have actually paid for.

• ad.lgappstv.com
• yumenetworks.com
• smartclip.net
• smartclip.com
• llnwd.net
• smartshare.lgtvsdp.com
• ibis.lgappstv.com

This will free you from seeing ads plastered on your screen and having your viewing habits monitored, whilst it should still allow firmware updates to be applied.

The owner of an LG Smart TV says he’s got evidence that the TV is sending details about his viewing habits and the names of some video files he watched on the TV back to LG, against his instructions.

The British blogger Dr Beet (who the BBC names as IT consultant Jason Huntley) says he became suspicious when he saw advertisements on the TV’s “home screen” and discovered from LG’s site that these ads are targeted and take into account factors including the sites users visit through the TV and the shows that they watch.

Huntley found an option in the settings menu to have “Collection of watching info” switched on or off. However, after hooking up a computer to the TV set to see what data it was sending, he discovered that information about his viewing was being sent regardless of what setting he selected.

The data included the channel, the TV show, and an ID for his set. The unencrypted data was being sent regardless of the info collection setting. The only difference was that if the setting was on, the data was accompanied by a single-digit flag indicating that the user did not agree to the data being collected. Of course, as Huntley notes, using that flag kind of misses the point of having the setting option.

Huntley also discovered that some of the data sent back to LG didn’t refer to TV viewing, but rather listed the filename of videos he had watched on the set via a USB stick. He tested this by creating and watching a file with a memorable (if inaccurate) name and, as the very bottom of the image above shows, it did indeed show up in the data.

Initially Huntley e-mailed LG about the issue. He got a reply which said that he had accepted terms and conditions when starting up the TV for the first time, and that as a result any problem he had was between him and the retailer. That may be irrelevant from a legal perspective as it’s possible LG’s behavior may breach data protection laws. The Information Commissioner’s Office, which deals with data protection in the UK, is making inquiries.

LG has since told the BBC it is investigating the issue and plans to make a further comment later.

According to Huntley, the best way to sidestep such data collection is to configure your router to block outgoing traffic to seven domains, namely:

• ad.lgappstv.com
• yumenetworks.com
• smartclip.net
• smartclip.com
• llnwd.net
• smartshare.lgtvsdp.com
• ibis.lgappstv.com

Read more at http://www.geeksaresexy.net/2013/11/20/lg-phones-home/#XijGU0oCIlIH0sDj.99

The owner of an LG Smart TV says he’s got evidence that the TV is sending details about his viewing habits and the names of some video files he watched on the TV back to LG, against his instructions.

The British blogger Dr Beet (who the BBC names as IT consultant Jason Huntley) says he became suspicious when he saw advertisements on the TV’s “home screen” and discovered from LG’s site that these ads are targeted and take into account factors including the sites users visit through the TV and the shows that they watch.

Huntley found an option in the settings menu to have “Collection of watching info” switched on or off. However, after hooking up a computer to the TV set to see what data it was sending, he discovered that information about his viewing was being sent regardless of what setting he selected.

The data included the channel, the TV show, and an ID for his set. The unencrypted data was being sent regardless of the info collection setting. The only difference was that if the setting was on, the data was accompanied by a single-digit flag indicating that the user did not agree to the data being collected. Of course, as Huntley notes, using that flag kind of misses the point of having the setting option.

Huntley also discovered that some of the data sent back to LG didn’t refer to TV viewing, but rather listed the filename of videos he had watched on the set via a USB stick. He tested this by creating and watching a file with a memorable (if inaccurate) name and, as the very bottom of the image above shows, it did indeed show up in the data.

Initially Huntley e-mailed LG about the issue. He got a reply which said that he had accepted terms and conditions when starting up the TV for the first time, and that as a result any problem he had was between him and the retailer. That may be irrelevant from a legal perspective as it’s possible LG’s behavior may breach data protection laws. The Information Commissioner’s Office, which deals with data protection in the UK, is making inquiries.

LG has since told the BBC it is investigating the issue and plans to make a further comment later.

According to Huntley, the best way to sidestep such data collection is to configure your router to block outgoing traffic to seven domains, namely:

• ad.lgappstv.com
• yumenetworks.com
• smartclip.net
• smartclip.com
• llnwd.net
• smartshare.lgtvsdp.com
• ibis.lgappstv.com

Read more at http://www.geeksaresexy.net/2013/11/20/lg-phones-home/#XijGU0oCIlIH0sDj.99

The owner of an LG Smart TV says he’s got evidence that the TV is sending details about his viewing habits and the names of some video files he watched on the TV back to LG, against his instructions.

The British blogger Dr Beet (who the BBC names as IT consultant Jason Huntley) says he became suspicious when he saw advertisements on the TV’s “home screen” and discovered from LG’s site that these ads are targeted and take into account factors including the sites users visit through the TV and the shows that they watch.

Huntley found an option in the settings menu to have “Collection of watching info” switched on or off. However, after hooking up a computer to the TV set to see what data it was sending, he discovered that information about his viewing was being sent regardless of what setting he selected.

The data included the channel, the TV show, and an ID for his set. The unencrypted data was being sent regardless of the info collection setting. The only difference was that if the setting was on, the data was accompanied by a single-digit flag indicating that the user did not agree to the data being collected. Of course, as Huntley notes, using that flag kind of misses the point of having the setting option.

Huntley also discovered that some of the data sent back to LG didn’t refer to TV viewing, but rather listed the filename of videos he had watched on the set via a USB stick. He tested this by creating and watching a file with a memorable (if inaccurate) name and, as the very bottom of the image above shows, it did indeed show up in the data.

Initially Huntley e-mailed LG about the issue. He got a reply which said that he had accepted terms and conditions when starting up the TV for the first time, and that as a result any problem he had was between him and the retailer. That may be irrelevant from a legal perspective as it’s possible LG’s behavior may breach data protection laws. The Information Commissioner’s Office, which deals with data protection in the UK, is making inquiries.

LG has since told the BBC it is investigating the issue and plans to make a further comment later.

According to Huntley, the best way to sidestep such data collection is to configure your router to block outgoing traffic to seven domains, namely:

• ad.lgappstv.com
• yumenetworks.com
• smartclip.net
• smartclip.com
• llnwd.net
• smartshare.lgtvsdp.com
• ibis.lgappstv.com

Read more at http://www.geeksaresexy.net/2013/11/20/lg-phones-home/#XijGU0oCIlIH0sDj.99

Source: http://www.geeksaresexy.net/2013/11/20/lg-phones-home/
Source: http://doctorbeet.blogspot.co.uk/2013/11/lg-smart-tvs-logging-usb-filenames-and.html#comment-form

-- 

===========================================
Charles Christian Miers
ccm...@gmail.com
===========================================
 
ALERTA: A informação contida nesta mensagem é confidencial, e destinada ao uso exclusivo do destinatário. Caso essa correspondência tenha sido recebida por equívoco, notifico que sua divulgação é proibida por lei, e solicito que o remetente seja comunicado imediatamente, via e-mail.  Obrigado.
 
NOTICE:  This transmittal and/or attachments may be a privileged or confidential information. If you are not the intended recipient, you are hereby notified thar you have received this transmittal in error. Any review, dissemination, distribution or copying of this transmittal is strictly prohibited. If you have received this message in error, please notify sender by return e-mail.