Earlier this month I discovered that my new LG Smart TV was displaying ads on the Smart landing screen.
After some investigation, I found a rather creepy corporate video advertising their data collection practices to potential advertisers. It’s quite long but a sample of their claims are as follows:
“LG Smart Ad analyses users favourite programs, online behaviour, search keywords and other information to offer relevant ads to target audiences. For example, LG Smart Ad can feature sharp suits to men, or alluring cosmetics and fragrances to women.”
“Furthermore, LG Smart Ad offers useful and various advertising performance reports. That live broadcasting ads cannot. To accurately identify actual advertising effectiveness.”
In fact, there is an option in the system settings called “Collection of watching info:” which is set ON by default. This setting requires the user to scroll down to see it and, unlike most other settings, contains no “balloon help” to describe what it does…
This information appears to be sent back unencrypted and in the clear to LG every time you change channel, even if you have gone to the trouble of changing the setting above to switch collection of viewing information off.
It was at this point, I made an even more disturbing find within the packet data dumps. I noticed filenames were being posted to LG’s servers and that these filenames were ones stored on my external USB hard drive. To demonstrate this, I created a mock avi (Midget_Porn_2013.avi) file and copied it to a USB stick.
Welcome to the future.
The answer, of course, is to build a white list on your router. 1
Of course…one has to know what a router is, have it placed appropriately (in what we will start referring to as the “home stack”) 2, as well as the savvy to administer it. Not every John and Jane Doe are capable of that, much less desirous of spending the time to figure it all out.
On the bright side…folks running PC repair/config businesses out of their homes were just handed, gift wrapped, another easily marketable service.
- Which, frankly, you should have long past configured in any case; the AVs fessed up to not catching everything over two years ago. It’s not that they went Galt on the security industry, it’s that malware writers got more and better tools… ↩
- Not always an easy integration: Google’s fiber offering is a case in point. ↩