November 21, 2013
LG Smart TV Is Spying On Your Viewing Habits
[ Watch the Video: Is Your Smart TV Watching Your Every Move? ]
Lee Rannals for redOrbit.com – Your Universe Online
DoctorBeet reported earlier this week that his new LG Smart TV was sending out information to LG about him, regardless of whether or not the “Collection of watching info” button was turned off.
LG had posted a corporate video describing their practices with this collection of information, but since then the company has taken it down. According to DoctorBeet, the video described “LG Smart Ad” as a service that records a user’s behavior in order to offer up more relevant advertisements. This same behavior can be seen with services like Google Ads and Facebook.
DoctorBeet performed a traffic analysis, and found that his TV was sending back unencrypted data to LG every time he changed the channel, even if the settings said not to send this information back.
“It was at this point, I made an even more disturbing find within the packet data dumps. I noticed filenames were being posted to LG's servers and that these filenames were ones stored on my external USB hard drive,” DoctorBeet wrote. “My wife was shocked to see our children's names being transmitted in the name of a Christmas video file that we had watched from USB.”
LG responded to DoctorBeet simply by saying that he agreed to the Terms and Conditions on his TV when he signed up.
“The advice we have been given is that unfortunately as you accepted the Terms and Conditions on your TV, your concerns would be best directed to the retailer. We understand you feel you should have been made aware of these T's and C's at the point of sale, and for obvious reasons LG are unable to pass comment on their actions,” Tom, from the LG Electronics UK Helpdesk, said in an emailed statement.
DoctorBeet made a list of Internet domains for users to block to help stop LG from spying and advertising on their TVs. Blocking these links through a router will help shield the users from seeing ads that are posted on their TV, and will also stop LG from monitoring viewing habits.
“I haven't read the T&Cs but one thing I am sure about is that I own my router and have absolute jurisdiction of any traffic that I allow to pass, so I have compiled an initial list of internet domains that you can block to stop spying and advertising on TVs that we, as customers have actually paid for,” the blogger wrote.
The BBC reported that the Information Commissioner’s Office is looking into the issue DoctorBeet brought to light, as it could be considered an illegal practice.
"We have recently been made aware of a possible data breach which may involve LG Smart TVs," a spokesman told BBC. "We will be making enquiries into the circumstances of the alleged breach of the Data Protection Act before deciding what action, if any, needs to be taken."
LG also said that it would be looking into the complaint as well. The company told BBC that they are taking this issue “very seriously.”
"We are looking into reports that certain viewing information on LG Smart TVs was shared without consent,” the spokesman told BBC. "LG offers many unique Smart TV models which differ in features and functions from one market to another, so we ask for your patience and understanding as we look into this matter."
LG issued a statement that it has verified DoctorBeet’s claims that, personal data is being shared with the company, even with the privacy service turned off.
"We have verified that even when this function is turned off by the viewers, it continues to transmit viewing information, although the data is not retained by the server," LG said in a statement to the BBC. "A firmware update is being prepared for immediate rollout that will correct this problem on all affected LG Smart TVs so when this feature is disabled, no data will be transmitted.”
LG said that the information gathered was not personal, but for viewing information. Whether or not LG actually inspects the data being taken off a user’s TV is still unknown, but having the information stored on their servers can still pose a risk for computer hackers to get a hold of the personal information.