Full article at:
http://arstechnica.com/security/2013/11 ... ile-names/
Quote:
It sounds like the premise of a Philip K. Dick story, but it's not. A blogger has offered evidence that his Internet-connected television has been transmitting detailed information about his family's viewing habits, including the times and channels they watch and even the names of computer video files stored on connected USB drives.
The unidentified blogger, whose twitter profile described him as a "developer, tweaker and Linux enthusiast" living in UK county of Yorkshire, said the LG Smart TV model is LG 42LN575V and was manufactured May 2013. He provided screenshots of data packets he said he captured showing the information his TV sent unencrypted over the Internet. The data appeared to show a device ID unique to his set, along with the name of the channel it was tuned to. In his tests, the information was sent in the clear every time the channel was changed. Even more remarkable, he said, the smart TV sent the data even after he waded through the system preferences and set the "Collection of watching info" setting to "off" (it was on by default).
But the logging didn't stop there. Included in the traffic sent over the Internet were the names of files stored on a USB drive connected to the LG television. For dramatic purposes and to ensure he chose a file name not likely used by the firmware, he created a mock video file called Midget_Porn_2013.avi, loaded it onto a USB drive and plugged it into his TV. Sure enough, the file name was transmitted unencrypted in HTTP traffic sent to the address GB.smartshare.lgtvsdp.com. /.../
/.../
According to DoctorBeet, LG representatives made no apologies when he brought the monitoring behavior to their attention.
"The advice we have been given is that unfortunately as you accepted the Terms and Conditions on your TV, your concerns would be best directed to the retailer," the representatives wrote in a response to the blogger. "We understand you feel you should have been made aware of these T's and C's at the point of sale, and for obvious reasons LG are unable to pass comment on their actions."
/.../
Assuming the blogger is picking up on behavior common to a significant percentage of smart TVs, it wouldn't be the first time a traditional consumer device that has been retooled with an Internet connection has been found to present a potential privacy threat. Last year, a researcher uncovered a vulnerability in many Samsung smart TVs that allowed him to remotely take control of devices that were connected to the same local network he was on. From there, he could access USB files and install malicious apps, and use the TV's microphone and camera to spy on users. Last month, a security researcher demonstrated how to turn a wireless baby monitor made by Belkin into a stealthy and persistent bugging device.
/.../
Conclusion: Don't buy an LG TV, or any other "smart TV", for Christmas (or Yuletide/Jul/Joulu/whatever you call it). And if you live in Europe (or in an EU member country, anyway), EULA's aren't valid, here, so you should return the TV for a refund. Make these companies feel the only thing they really don't want to feel - getting less money.
Oh, and don't buy any LG mobiles or tablets, either. One must assume that all their Internet-connected products do this.
_________________
"War is Peace
Freedom is Slavery
Ignorance is Strength."
07 Dec 2013, 1:36 am
