Sign in with
Sign up | Sign in

LG Smart TVs May Spy on Users, Blogger Says

By - Source: Tom's Guide US | B 12 comments

UPDATED 9:45 am ET Wednesday with model number of TV. Updated 11:15 ET Thursday with DoctorBeet's name and occupation.

Just how smart is an LG Smart TV? Smart enough to spy on you, according to one user's findings.

A blogger who goes by the name DoctorBeet wrote that he had performed a traffic analysis on his home router and found that every time he changed the channel, his LG Smart TV would ping LG's servers with the name of the channel and his TV's identification number.

In the TV's system settings, DoctorBeet found an option called "Collection of watching info" that was set to "on" by default.

MORE: TV Buying Guide 2013

But even after he switched this option to "off," more traffic analysis revealed that his TV continued to send the same information to LG's servers.

DoctorBeet said he also discovered that the LG Smart TV would sometimes upload the names of personal files stored on an external USB drive plugged into the TV.

Only the files' names were collected, not the files themselves. However, file names can contain potentially sensitive information.

For example, DoctorBeet said he saw his Smart TV had uploaded a file name of a Christmas video that contained his children's names.

As bait, DoctorBeet created another file and called it "midget porn," just to see if the TV would upload that file name. The TV did.

LG didn't appear to be actually receiving those file names — at least not at that moment. The URL to which the file names were being posted returned a 404 "Not Found" error, indicating that the URL did not exist, even if the receiving server did.

"However, despite being missing at the moment, this collection URL could be implemented by LG on their server tomorrow, enabling them to start transparently collecting detailed information on what media files you have stored," DoctorBeet wrote on his blog.

DoctorBeet said he sent an email message to LG's U.K. subsidiary. He received a response that he should have read the Terms and Conditions of his user agreement before switching on the TV, and that any fault was with the retailer that sold him the TV.

LG's privacy policy doesn't appear to contradict any of DoctorBeet's findings. The policy states that LG collects "personally identifiable information" — names, emails, physical addresses and company names — and "non-personally identifiable information," such as IP addresses and product information. 

Furthermore, LG shares this information with "strategic partners, agents, third-party marketers or information providers, or other unaffiliated parties, who are offering products or services that we believe may be of interest to you."

A video that LG created for prospective advertisers touts the wealth of information the company collects about users of its TVs and smartphones.

The privacy policy doesn't give LG customers any way to opt out of this data collection, stating, "If you do not want us to share your personally identifiable information in this manner, please do not provide us with this information."

Tom's Guide has reached out to LG for comment, which said it was investigating the situation. "Customer privacy is a top priority at LG Electronics and as such, we take the issue very seriously. We are looking into the reports that certain viewing information on LG Smart TVs was shared without consent," the company said in a statement. We will update this story as more information becomes available.

UPDATE: In his Twitter feed, set up Tuesday, Doctor Beet described himself as a "developer, tweaker and Linux enthusiast" living in Hull, Yorkshire, England.

More importantly, Doctor Beet said the television model involved in his research was an "LG 42LN575V manufactured May 2013." That appears to be a U.K.-only model; a similar North American model would be the LG 42LA6200.

UPDATE: The Sydney Morning Herald reports that DoctorBeet's real name is Jason Huntley, an IT consultant from Hull, England.

Email jscharr@techmedianetwork.com or follow her @JillScharr and Google+.  Follow us @TomsGuide, on Facebook and on Google+.

Display 12 Comments.
This thread is closed for comments
Top Comments
  • 10 Hide
    dragonsqrrl , November 19, 2013 4:39 PM
    "If you do not want us to share your personally identifiable information in this manner, please do not provide us with this information."

    ...lol, in other words, "If you don't want us to share your personally identifiable information, please do not buy our TVs."

    Okay.
Other Comments
  • 10 Hide
    dragonsqrrl , November 19, 2013 4:39 PM
    "If you do not want us to share your personally identifiable information in this manner, please do not provide us with this information."

    ...lol, in other words, "If you don't want us to share your personally identifiable information, please do not buy our TVs."

    Okay.
  • 0 Hide
    nebun , November 19, 2013 5:07 PM
    this is one reason why my smart tv is just a tv....not connected to the internet....i pity the fools who think that they are safe and secure...wait...nvm
  • 0 Hide
    Immaculate , November 19, 2013 5:50 PM
    If I use something else for Netflix, Hulu w/e you watch, TV not connected ethernet nor wifi will it still send the information through HDMI? If I Just use a USB stick for updates?
  • 0 Hide
    otacon , November 19, 2013 5:52 PM
    Hence why I will never own a smart tv. I have Apple TV and a Roku3 box, neither does this since I monitor every bit of data that goes in and out of my network.
  • 1 Hide
    otacon , November 19, 2013 5:58 PM
    @Immaculate

    It's technically possible, as HDMI is a bidirectional interface. however, it is designed for packet streams, and not data blocks. LG would have to be down right unethical to configure it's HDMI ports to do something like that. If you don't have your LG smart tv connected via Ethernet or WiFi you're fine.
  • 0 Hide
    10tacle , November 19, 2013 7:11 PM
    I've got an LG "smart" TV and like others here, do not have it connected to my network for just this reason. The only reason I even bought one with all the gadgets is because it seems that is about all that's available anymore with a decent amount of input options (usually basic HDTVs have just one or two HDMI inputs, no optical, no VGA-PC, etc.). I stream from my PS3 for Netflix and surf with a tablet or laptop in the living room. Any flash update needed will be done with a USB drive with the update downloaded to it from LG's support page.
  • 1 Hide
    Darkk , November 19, 2013 7:45 PM
    I too have one of these LG Smart TV and got it connected to the Internet. After reading this not anymore. I did notice it was giving me mini ADs on the TV's home page and didn't think too much of it since I also use the OTA guide to see what is on my local stations. I use Roku and PS3 for streaming anyway. Now it even sends out filenames right off the USB...or even right off your DLNA server!!

    Good job LG. Love your products but hate the fact you also invade our privacy so putting a block on my hardware firewall to keep it from spying on me anymore. Shame on you LG!

  • 0 Hide
    ipwn3r456 , November 19, 2013 8:26 PM
    Did the NSA pay for LG for spying as well?
  • 0 Hide
    Darkk , November 19, 2013 8:53 PM
    Also here is the link for full content of the article:

    http://doctorbeet.blogspot.com/2013/11/lg-smart-tvs-logging-usb-filenames-and.html
  • 1 Hide
    agnickolov , November 19, 2013 11:04 PM
    Just because the server returns 404 does not mean data collection doesn't actually happen. All the data does make it to the server after all.

    How's that for a conspiracy theory?
  • 0 Hide
    TeraMedia , November 20, 2013 5:45 AM
    @agnickolov: I was thinking the same thing. They capture the data, and then return a 404 to make news reporters think they didn't.

    Excuse me while I go unplug my TV and receiver.
  • 0 Hide
    somebodyspecial , November 20, 2013 5:42 PM
    LOL @anyone who believes a 404 error means they didn't get your data. That error is just for show. Does their policy state they will collect your FILENAMES? I understand data you enter or approve, but collection of filenames on personal drives NOT part of your TV seems excessive (no it IS excessive and invading my private viewing habits). You're saying you have rights to anything and everything I may hook to the tv and not just your own data? Use your firewall or your router to kill this (block the mac or if that isn't possible set IP to static and block that etc). Many ways to kill this.
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter