LG smart TVs share data about users' files and viewing habits with the company

LG plans to release firmware updates to give users control over the collection of potentially sensitive information

Smart TVs manufactured by LG Electronics are sending information about users' viewing habits and files back to the company's servers. The company confirmed the behavior and said it plans to release firmware updates to correct it.

A U.K.-based software developer revealed Monday in a blog post that his smart TV was sharing information about what channels he was watching with LG because of an option called "collection of watching info" that was turned on by default.

But even after turning off the feature, the TV continued to share viewing habits with the company, found the software developer, who uses the online alias DoctorBeet.

DoctorBeet said that after seeing ads on his own TV's landing screen he began looking into where they came from. He said he found a video on LG's website that touted the company's ability to analyze users' favorite programs, online behavior, search keywords and other information to offer relevant ads to target audiences.

The webpage he linked to, at us.lgsmartad.com, now says "The service is currently under maintenance," but a copy of it in Google's cache says: ""LG Smart AD provides the powerful marketing tool to reach target audiences across multiple smart home entertainment devices such as LG Smart TVs, Blu-ray Disc Players and Smart Upgrader in more than 120 nations. Sophisticated Targeting: Bring right ads to right target audiences using demographic, geographic, device, contents and user preference data."

DoctorBeet's analysis of the Internet traffic generated by his TV also revealed that the names of files stored on USB storage devices attached to it were being sent to LG's servers, he said.

On Thursday, a second blogger confirmed DoctorBeet's findings after analyzing traffic from his own LG smart TV. However, he found that his TV was also collecting and sending the names of files found in folders shared over the network by other devices.

"I moved all the media out of the folder and put a few duds in named 'GiantPorn,' turned the TV off and on and it was still broadcasting the old file names," the blogger said. "The TV couldn't see those files whilst browsing manually so I'd hazard a guess it's caching some of these locally," he said, adding that it didn't take long until the TV started sending the new file names too.

"The clear problem I see with this is even if I agreed to this in any T&Cs [terms and conditions] presented to me, I doubt guests using my Wi-Fi connection would be happy with filenames from their shared media being dispatched to LG," he said.

This problem might also extend to business networks if such TVs are sitting in conference rooms and are connected to company networks. To make matters worse, all of the information is sent in unencrypted form which means it could be intercepted en route to LG's servers.

LG confirmed that its TVs collected information, but denied that the information was personal or that it was used to target advertising.

"LG does not, or has ever, engaged in targeted advertisement using information collected from LG Smart TV owners," LG said Friday in an emailed statement. "Information such as channel, TV platform, broadcast source, etc. that is collected by certain LG Smart TVs is not personal but viewing information. This information is collected to offer recommendations to viewers based on what other LG Smart TV owners are watching."

The company has verified that this information continues to be transmitted even when the function is turned off on the TV, but said the data is not being retained on the server. "A firmware update is being prepared for immediate rollout that will correct this problem on all affected LG Smart TVs so when this feature is disabled, no data will be transmitted," the company said.

LG also confirmed that the names of media files stored on external drives, like USB flash storage devices, was being transmitted back to the company as part of a planned feature that would have involved searching for metadata related to those media files on the Internet "in order to deliver a better viewing experience."

"This feature, however, was never fully implemented and no personal data was ever collected or retained," the company said. "This feature will also be removed from affected LG Smart TVs with the firmware update."

"LG regrets any concerns these reports may have caused and will continue to strive to meet the expectations of all our customers and the public," the company said. "We hope this update clears up any confusion."

Join the CSO newsletter!

Error: Please check your email address.

Tags consumer electronicsLG ElectronicssecurityTVsprivacy

More about GoogleLGSmart

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Lucian Constantin

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place