back to article LG: You can stop hiding from your scary SPY TELLY quite soon now

South Korean electronics giant LG has confirmed that some of its smart TVs have been logging their owners' viewing habits without their permission and has promised a patch. Hull, UK–based developer Jason Huntley, aka "DoctorBeet," was first to notice the spying behavior when he analyzed network traffic coming from his LG TV …

COMMENTS

This topic is closed for new posts.

Page:

  1. Anonymous Coward
    Anonymous Coward

    #$%%$%@

    dammit!

  2. Splodger
    Big Brother

    Re: #$%%$%@

    Have the BBC picked up on this?

    Should have checked...

    http://www.bbc.co.uk/news/technology-25042563

    Can't wait for "the internet of things" - every bloody thing everywhere will be monitoring you.

  3. Tom 35 Silver badge

    And...

    Will all the TV's (anything else? BluRay players?) that do this get patched or only stuff less then a year old?

    Will the next patch put it back?

    Will the patch be easy to find and say what it fixes? Or will it say optional, might fix some stuff, beware of the Leopard.

  4. CommanderGalaxian
    Big Brother

    Re: And...

    >>Will all the TV's (anything else? BluRay players?) that do this get patched or only stuff less then a year old?

    Realistically, I think you need to assume yes - everything else is probably doing the same. Me personally, I had already been thinking of updating my firewall setup to stop devices like this initiating outbound connections.

  5. Andy Gates

    Re: And...

    " I had already been thinking of updating my firewall setup to stop devices like this initiating outbound connections."

    ...which would have to be done with a bit of finesse, as there's content-delivery services in among the spook-drops and advertising servers. Next thing you know, the baked-in Netflix stops working.

  6. Long John Brass Silver badge

    Damnit

    Now I'm going to have to setup a transparent outbound proxy to filter all outbound http(s) traffic

    Yay; whackamole with all the devices I purchased that are trying to spy on me :(

  7. Anonymous Coward
    Anonymous Coward

    Re: Damnit

    While you're at it, why not send some extra info to them? I'm sure they'll be interested to know that you change channel every 2 seconds, without fail, 24 hours a day. :-)

  8. CommanderGalaxian
    Big Brother

    Re: Damnit

    >>Now I'm going to have to setup a transparent outbound proxy to filter all outbound http(s) traffic

    Why assume it's http(s)? Just block every outbound connection attempt from the tv, blue-ray player etc, regardless of protocol used.

  9. Jamie Jones Silver badge
    Thumb Down

    Too late....

    They are only 'fixing it' because they've been found out.

  10. Splodger

    Re: Too late....

    So will LG face prosecution under data protection legislation?

    As an aside, how do people feel about having TVs with web cam/microphone integration, or owning an Xbox One with its quietly observing kinect now?

  11. John Tserkezis
    Unhappy

    This isn't the first time they've done this, nor will it be their last.

    "Bluebirds" anyone?

    With no disk inserted in an affected DVD drive, it would simulate a disk with their bluebirds utility. Along with autorun, so if you were stupid enough to have that enabled, it would insist on reinstalling itself every time.

    Their firmware update introduced absolutely no changes except bluebirds was taken out. They _insisted_ it was for the betterment of its customers there too. They also _insisted_ it wasn't malware, regardless of the fact that it _silently_ installed itself, without any user confirmation, agreement to do so, or any indication in fact.

    I'm sure there were other examples, but for me, I gave up on them a long time ago.

    "don't take it personally" my arse.

  12. Zack Mollusc

    The patch will encrypt the information. And send it to a frequently changed address.

  13. Gene Cash Silver badge

    Encrptyed?

    Man, if I ever saw encrypted info leaving my network from one of my appliances, it would be hammer time for certain. And not just on the TV, if I ever found any of the devs...

  14. John H Woods Silver badge

    Re: Encrptyed?

    "Man, if I ever saw encrypted info leaving my network from one of my appliances, it would be hammer time for certain. And not just on the TV, if I ever found any of the devs..."

    Make sure they give you the names of the managers and execs responsible first ...

  15. Gray Ham
    Joke

    On the first day of Christmas ...

    I wonder, under a Christmas tree in the Istana Merdeka, is there a shiny new LG TV, with a card reading: "Dear SBY, sorry about the spying thing ... hope this makes up for it ... Merry Christmas from Tony"

  16. MrDamage

    Re: On the first day of Christmas ...

    There will also be an Xbone so the Kinect can see and hear every meeting he has in the privacy of his own home.

  17. croc

    Don't take it personally, but if you are naive enough to believe that anything that you connect to any public facing communications channel is 'private' then here's a clue... You are wrong. Corporations have no morals. Governments have no morals. Makes me wonder sometimes why I bother to even try to be nice. Or legal, for that matter... Corporations and governments can get away with (literally) murder, why not we plebes? Let anarchy reign on everyone's parade!

    NSA, Microsoft, Apple et al... You started it. Make sure that you can finish it, mates....

  18. gap

    It's strange how their attitude changed once the story was picked up by news media. They originally told people "too bad, you agreed to it in the T&C's. Go complain to the retailer you bought it from."

    The problem with their latest response is they don't even act like it's an issue, let alone a privacy issue. Because they don't take the issue seriously, I'll no longer seriously think about buying their spyware infested products.

  19. Ian 14

    Voted with feet

    My previous two LCD purchases were LG products. Yesterday I needed a new monitor. In the wake of this scandal, and LG's f**k y*u attitude to customers who approached them I decided to vote with my feet. A few days ago I'd have been looking at a shiny new LG logo under this very screen I'm typing on, instead it says HP. LG, if you're listening, your bad behaviour isn't just immoral, it also affects your bottom line and doubtless ultimately your stock price.

  20. Anonymous Coward
    Anonymous Coward

    It's strange how their attitude changed

    they must have had a VERY fast session on "damage limitation" and decided to kill the story before it gets picked up by mainstream media under the "your LG telly spies on you!" headline. Let's face it, even the most outrageous story of global proportions published by the Register (or any other non-mainstream) media will sink in no time - unless it gets picked up by the big boys. Or rather: unless the big boys decide to pick it up.

  21. Anonymous Coward
    Anonymous Coward

    Re: It's strange how their attitude changed

    >unless the big boys decide to pick it up.

    How much advertising money does LG send your way Mr Murdoch?

  22. Linker3000

    Web site - does it exist

    Is there a Web site for reporting "I didn't buy 'x' from your company because...." and putting down a value so that over time companies can see how much revenue their stupid designs or actions have cost them?

    If not, there should be.

  23. Victor Ludorum

    Re: It's strange how their attitude changed

    It's been on the Beeb - http://www.bbc.co.uk/news/technology-25018225. Unless a lot of people make a fuss over it, I'm not sure the general (i.e. less tech-savvy) public really understand the implications...

    V.

  24. Sweeping Brush

    Re: Web site - does it exist

    It doesn't yet, but it will soon, you just gave me a wonderful idea.

  25. Anonymous Coward
    Anonymous Coward

    Re: Web site - does it exist

    Yes - it's under the comments section in Amazon product reviews.

  26. Down not across

    "The problem with their latest response is they don't even act like it's an issue, let alone a privacy issue. Because they don't take the issue seriously, I'll no longer seriously think about buying their spyware infested products."

    Indeed. The worst part of the whole debacle is the general attitude and the fact that LG seriously doesn't seem to think there is anything wrong with what they are doing.

    How is viewing information not personal? Isn't it a person doing the viewing? :-)

  27. Fatman

    Re: Voted with feet

    ... I decided to vote with my feet.

    Is the only way to teach these arrogant assholes a lesson - don't buy their shit!

    LG now joins Sony on my list of companies that I will never patronize. Fuck them!

  28. Fatman

    Re: It's strange how their attitude changed

    ...I'm not sure the general (i.e. less tech-savvy) public really understand the implications...

    Whet the hell do you expect of sheeple.

    So damn many have only a 140 character attention span.

  29. gap

    Aren't they breaking the law?

    I wonder how corporations feel about LG TV's and monitors scanning their LAN and reporting the results back?

    I'd like to know how the LAN scanning "feature" isn't illegal. It sounds like intentional and unauthorised spying and data theft.

  30. badmonkey

    Re: Aren't they breaking the law?

    The 'user' probably 'agrees' to it when first turning the TV on by way of a long hard-to-scroll licence written in Korenglish.

  31. Andy Gates

    Re: Aren't they breaking the law?

    Computer Misuse Act, anyone?

  32. Munin

    If it's transmitted, it's collected

    Their statement that the data's not been collected is farcical--anyone who has ever administered any webserver knows full well that the httpd logs have a full record of every single one of those POST operations, regardless of the response code sent.

    I had a notion when those 'smart' TVs started coming out that they'd be too vulnerable an attack vector, but I was thinking that the attack would materialize through bad actors' compromise of poorly patched proprietary firmware in the set, rather than active vendor exfiltration of information.

    My decision to avoid purchasing such a device is looking wiser every day.

  33. Jamie Jones Silver badge

    Re: If it's transmitted, it's collected

    Well, they could be logged, but at default, the majority of web servers don't log the content of POST requests, just any parameters passed in a GET uri.

  34. Anonymous Coward
    Anonymous Coward

    'httpd logs have a full record of every single one of those POST operations'

    Dead right! That press release was clearly written by a patronizing sleazy PR head. Not a techy pro!

  35. Sir Runcible Spoon Silver badge
    Mushroom

    Re: 'httpd logs have a full record of every single one of those POST operations'

    Even if LG weren't listening to the data stream, GCHQ and NSA are, so they now have even more dirt data to peruse - from stuff that shouldn't even be visible on the network. Bastards

  36. DougS Silver badge

    Like I said before

    Has anyone checked to see whether Panasonic, Samsung, Vizio and so on are doing the same? Anyone believe them if they say they'll never do that? Believe them enough they'd let their "smart" TV go ahead and download firmware updates and install them on its own?

    Why do you need to plug any of these into the network? Or if you do (for remote control) to let them access the internet? Netflix? Youtube? Yeah, as if you don't already have a half dozen other devices that can do the same...

  37. Down not across

    Re: Like I said before

    "Has anyone checked to see whether Panasonic, Samsung, Vizio and so on are doing the same?"

    Panasonic (sadly, as their kit has been rather nice and loved their CRT TVs) made my do-not-buy list when they decided its a good idea to have a GUI that serves you adverts. It's not like they give you the TV for free and recoup it with advertising money. No, they sell it at profit and then want advertising money on top.

  38. Turtle

    Value. Real Value.

    "LG values its customers' privacy"

    Yes, and that value is defined by the price they get for it when selling it to third parties.

    Thanks for the laugh, though!

  39. Oh Homer Silver badge
    Coat

    Drat and Tarnations

    And they would've gotten away with it, too, if it hadn't been for that meddling kid.

  40. Anonymous Coward
    Anonymous Coward

    'And has promised a patch.'

    I'd rather be 'promised' a jail sentence and a hefty fine...

    But hey we can't all get what we want for Christmas.......

  41. Anonymous Coward
    Anonymous Coward

    'This feature was never fully implemented and no personal data was ever collected'...

    ...Because .............you caught us....

    LG are Pricks!!

  42. Adam JC

    Legal liability

    Since they'v been beaming people's potentially confidential data (RE: The USB media filename thing) - With personally identifiable information attached (IP Address, et al?) - Why aren't they worried about repercussions from lawsuits as a result of breaching data protection?

    IANAL but I'm sure this opens them up to something in the form of a legal challenge for being so careless with potential confidential(ish) data.

  43. Paul Crawford Silver badge

    Re: Legal liability

    I hope this is picked up in the USA as they have class-action lawsuits to make it worth while for the lawyers to go after them for compensation.

    Sadly the worst likely to happen here is a ICO slap on the wrists. I hoped the BBC and so on would cover it on national TV, that would be fitting punishment for the company - to have its amoral behaviour aired the way its customers where being aired.

  44. badmonkey

    Re: Legal liability

    I suppose it depends on the likelihood of the TV equivalent of the EULA holding up to legal pressure.

  45. Jellied Eel Silver badge

    Impersonal personal information for no purposeful purpose

    "is not personal but viewing information," the statement explains. The information is collected, it says, in order to provide "more relevant advertisement"

    It doesn't collect any personal information, but uses what it collects to try and serve more personalised information. This is an explanation only a marketing person (overshadowed by counsel) could make with a straight face. How could it make adverts "more relevant", unless it understood the personal characteristics of the person it's targetting?

  46. Anonymous Coward
    Anonymous Coward

    Re: Impersonal personal information for no purposeful purpose

    How could it make adverts "more relevant", unless it understood the personal characteristics of the person it's targetting?

    So true. What I choose to watch, particularly from a locally served file, is certainly personal and although it is all above board, I would object to anyone thinking they have a right to know and process that information.

    And besides, their argument is blown out of the water by the fact that they are snooping on shared files of whatever type - nothing whatsoever to do with media consumption.

    Well, credit to LG for encouraging such a wide discussion of a significant privacy and security issue which has been lurking for quite a while.

  47. Tom 35 Silver badge

    Re: Impersonal personal information for no purposeful purpose

    Marketing think you only need to change what you call something to make it ok.

    An email blast is not spam, it's an email blast. And it's totally unfair when they put us on a black list for spamming because it was not spam, it was an email blast. (a real conversation with the head of marketing where I used to work).

  48. ForthIsNotDead Silver badge

    Meh

    Quite sure all the manufacturers are/will be doing it. And you can gurantee that government is being allowed access to the data for "security purposes". They'll use that data to determine what kind of person you are and categorise you appropriately, so that they can prioritise who to round up when the hammer falls.

    If they determine that you have files from wiki leaks, then you're obviously a dangerous terrorist. Put him on the list.

    If you have hard core porn then you could be a potential rapist. Put him on the list.

    If you have lots of TV shows, you're probably a pirate. On the list.

  49. MJI Silver badge

    Relevant advertising

    That was more of a worry.

    Why does Lucky Goldstar need to advertise on your TV?

    My own TV is supposedly smart (actually not very) so simply no network cable is plugged in.

    I know someone with a Samsung smart TV, again not very.

  50. Sir Runcible Spoon Silver badge

    Re: Relevant advertising

    It won't be long before they have secret embedded 3g networking

Page:

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2018