28 November 2013

LG Australia investigates smart TV spy claims






The LG smart TV landing screen Photo: Jason Huntley
LG Australia says it is investigating claims that some models of LG smart TVs are logging viewing information and preferences and sending the data back to the company's servers.

British IT consultant Jason Huntley, 45, from Hull, wrote in a blog post this week that he had discovered his LG smart TV was sending the names of files on plugged-in USB devices back to an LG web server. The names of channels he watched were also being collected by the company without his knowledge.


LG TV's system settings listing a "collection of watching info" option which is switched "on" by default. Photo: Jason Huntley
 
Mr Huntley discovered his TV was accessing this information after it began displaying advertising on its home screen. He then noticed a "creepy LG corporate video" describing a LG Smart Ad feature.
This analyses a user's favourite programs, online behaviour, search keywords and other information in order to offer relevant advertising, the ad claimed.

"LG Smart Ad can feature sharp suits to men, or alluring cosmetics and fragrances to women. Furthermore, LG Smart Ad offers useful and various advertising performance reports - that live broadcasting ads cannot - to accurately identify actual advertising effectiveness," it said.

In the process of investigating the matter, Mr Huntley said he found an option in his TV's settings called "collection of watching info" which is switched "on" by default.

A hacker in your living room: researchers have shown how internet-connected TVs can be remotely manipulated.(A hacker in your living room: researchers have shown how internet-connected TVs can be remotely manipulated.)

However, following traffic analysis on his home network, Mr Huntley said viewing information appeared to be sent to LG regardless of whether the option was set to "on" or "off".

Speaking with Fairfax Media via email on Thursday, Mr Huntley said he had received similar reports from multiple users after posting about it on his blog.

However, some users in Germany, for example, could not find evidence of the back-to-base traffic.

"It may be that LG are rolling this tech out slowly or that they are still testing in certain countries," Mr Huntley told Fairfax.. "One user reported on my blog that they had received a firmware update yesterday and was presented with a new Privacy Policy to agree to."

He said he couldn't say what the situation was in Australia.

But Phillip Anderson, head of public relations at LG Australia, told Fairfax in a statement on Wednesday: "LG Australia acknowledges the issues that have been identified in the UK. We take the claims very seriously and are currently investigating the situation at a local level."

Before publishing his blog, Mr Huntley said he spoke to LG's UK office several times in an email conversation regarding the matter and drew their attention to the UK Data Protection Act.

The BBC has reported that the UK Information Commissioner's Office is looking into the matter.
"They said they had escalated it to their UK head office but then replied saying that I had agreed to the terms. I think this was a missed opportunity for them to resolve it before it became widely known and it's a shame they didn't react in a more meaningful way," Mr Huntley said.

"I would have been perfectly happy if they committed to providing the means to properly opt-out of this. (However I would probably not have discovered the file name leak had that been the case.)"
Mr Huntley said he didn't see that consumer electronics companies had the right to sell people's viewing preferences for additional profit.

"Advertising is ever present but I was angered that I after paying over £500 for a TV and additionally for a broadband connection that LG thought that they could commandeer these to deliver advertising. What service am I getting in return?" he said.

"Unfortunately there are many companies working on achieving these ends and, although this may be a setback for LG's Smart Ad division - I'm worried that other companies may choose to focus on hiding their marketing efforts rather than delivering products that users actually want."

As a result, Mr Huntley promised to continue researching and analysing any technology products that he owned and said he would continue to promote public discussion on their features.

The IT consultant's research follows recent reports which suggested that smart TVs are dumb when it comes to privacy and security.

Security researchers Aaron Grattafiori and Josh Yavor recently demonstrated how they could remotely abuse Samsung's 2012 line of smart TVs to take complete control of the machine.

Using flaws the pair had discovered in the TV's web browser – which Samsung has since patched – the security engineers at US-based iSec Partners gained a foothold on the machine by pointing its browser to a web page that was loaded with attack code.

Mr Huntley said smart TVs were not very secure.

"Consumer tech is a very competitive market and there is intense pressure to deliver products in shorter and shorter time scales," he said. "This works against the need for robust security, so it's not surprising that exploits exist and are discovered frequently. As with computer software, it's important to be able to react quickly and fix problems before they are exploited in the wild."

theage.com.au 22 Nov 2013

All part of the Nanny State agenda.

No comments: