LG TV phones home with your viewing habits, names of files you screen, even if you tell it not to


Doctor Beet was alarmed to notice that his LG TV was showing him ads on its home screen; he investigated and discovered a hidden, undocumented setting to switch off collection of his viewing habits. Still suspicious, he monitored the packets flowing from his TV's network interface and discovered that even with the "data-collection off" setting engaged, the TV still phoned home with the name of every program it showed, as well as the filenames of every video he loaded over its USB interface. All of this data was sent in the clear to LG's servers.

When he contacted LG, they told him that "unfortunately" he had consented to this by clicking through the EULA, and advised him that it was something he had to take up with the store where he bought the set, because they should have told him about the spying before selling it to him.

This information appears to be sent back unencrypted and in the clear to LG every time you change channel, even if you have gone to the trouble of changing the setting above to switch collection of viewing information off.

It was at this point, I made an even more disturbing find within the packet data dumps. I noticed filenames were being posted to LG's servers and that these filenames were ones stored on my external USB hard drive. To demonstrate this, I created a mock avi file and copied it to a USB stick.

This file didn't really contain "midget porn" at all, I renamed it to make sure it had a unique filename that I could spot easily in the data and one that was unlikely to come from a broadcast source.

And sure enough, there it was…

LG Smart TVs logging USB filenames and viewing info to LG servers

(via /.)