LG smart TVs silently log owners' viewing habits to the South Korean company's servers and use them to serve targeted ads, one researcher has claimed.
According to Yorkshire, UK–based hacker "DoctorBeet," the internet-enabled sets try to phone home to LG every time a viewer changes the channel, giving the chaebol the ability to track exactly which channels are being watched, minute by minute.
Using network packet-sniffing tools, DoctorBeet discovered that his set was also transmitting the names of media files he played off USB storage, which he observes could potentially be embarrassing for those in the habit of watching less savory downloaded fare.
Even worse, these transmissions are completely unencrypted, giving anyone with the ability to mount a man-in-the-middle attack complete knowledge of whether the TV is in use at any given time and what the owner might be watching on it.
DoctorBeet thinks he knows what LG wants this information for: to serve ads. Digging around LG's websites, he came across a slightly creepy promotional video that touts the company's smart TV platform as "the differentiated advertising experience that you always dreamed of":
"LG Smart AD enables publishers to maximize rev-enues through worldwide ad networks, intelligent platform to boost CPM and the remarkable ecosystem," the LG Smart Ad website proclaims in not-quite-perfect English.
Some readers will surely question why a TV that the customer bought and paid for should be serving ads outside of the content being watched to begin with, but that's clearly the direction that LG would like to see things go.
Earlier this year, The Reg reported that LG was the first smart TV vendor to sign on with Cognitive Networks, a company that claims to be able to identify what TV viewers are watching by analyzing the actual images onscreen. The TV maker could then serve targeted ads based on the programming being watched.
Don't worry about this menu – LG smart TVs track your viewing habits either way (Source: DoctorBeet)
The communications DoctorBeet observed don't appear to have anything to do with the Cognitive Networks system. Disturbingly, however, there doesn't seem to be any way to opt out of the data collection. DoctorBeet observed that while his TV did have an option called "Collection of watching info" in its settings menu, the data was still transmitted whether the option was set to on or off.
LG's US offices has yet to respond to a request for comment from Vulture Annex in San Francisco, and DoctorBeet's own request to the LG Electronics UK help desk netted nothing more than a polite dismissal.
If there is any bright side to this, however, it's that LG doesn't seem to actually be doing anything with the viewing data its TVs are sending – at least, not yet.
As DoctorBeet noted, the actual URLs his TV is requesting all resolve to 404 errors. Assuming that message is correct and not an attempt at subterfuge, this means that while LG does have a server setup at the address, it doesn't actually have an application in place to collect or store the viewing data.
Still, it could potentially set one up at any time. As a preemptive measure, DoctorBeet has compiled a list of URLs that he believes are involved with LG's ad-serving system. Customers who are concerned that LG might be spying on their viewing habits are advised to block some or all of these in their internet routers. ®