LG Says They'll Fix Their Snooping Broadband Televisions
by Karl Bode 09:21AM Monday Nov 25 2013
The other day a security blogger noticed that LG "Smart" TVs were monitoring everything a user watches, then sending that data back to LG unencrypted via broadband -- even if a setting was checked telling the TV not to. Now a second blogger (via Ars Technica) who has dug into the issue has found that LG's data collection extends even further -- into the home network.
The blogger, who'll only go by the name of "Mark," states that he found that certain LG Smart TVs were also transmitting the names of whatever files were shared on home or office networks back to LG.
"It turns out it was pulling file names from my shared folders over the network and broadcasting those instead," the blogger notes after experimenting with WireShark.
"I moved all the media out of the folder and put a few duds in named 'GiantPorn,' turned the TV off and on and it was still broadcasting the old file names. The TV couldn't see those files whilst browsing manually so I'd hazard a guess it’s caching some of these locally."
Mark also noted that the television transmits an authorization code to LG immediately after being turned on, on and a deauthorization code as soon as the television is turned off. LG has issued a statement acknowledging the transfer of the information, downplaying the privacy risks involved, and noting they hadn't actually gotten around to collecting the data the TVs were sending yet. LG also insisted a firmware is looming that will make the TV's opt-out setting actually work.
This latest reveal comes on the heels of reports from back in July pointing out that the security on connected TVs tend to be largely laughable, potentially giving hackers a new attack vector into the home network.