LG Smart TVs May Spy on Users, Blogger Says

UPDATED 9:45 am ET Wednesday with model number of TV. Updated 11:15 ET Thursday with DoctorBeet's name and occupation.

Just how smart is an LG Smart TV? Smart enough to spy on you, according to one user's findings.

A blogger who goes by the name DoctorBeet wrote that he had performed a traffic analysis on his home router and found that every time he changed the channel, his LG Smart TV would ping LG's servers with the name of the channel and his TV's identification number.

In the TV's system settings, DoctorBeet found an option called "Collection of watching info" that was set to "on" by default.

MORE: TV Buying Guide 2013

But even after he switched this option to "off," more traffic analysis revealed that his TV continued to send the same information to LG's servers.

DoctorBeet said he also discovered that the LG Smart TV would sometimes upload the names of personal files stored on an external USB drive plugged into the TV.

Only the files' names were collected, not the files themselves. However, file names can contain potentially sensitive information.

For example, DoctorBeet said he saw his Smart TV had uploaded a file name of a Christmas video that contained his children's names.

As bait, DoctorBeet created another file and called it "midget porn," just to see if the TV would upload that file name. The TV did.

LG didn't appear to be actually receiving those file names — at least not at that moment. The URL to which the file names were being posted returned a 404 "Not Found" error, indicating that the URL did not exist, even if the receiving server did.

"However, despite being missing at the moment, this collection URL could be implemented by LG on their server tomorrow, enabling them to start transparently collecting detailed information on what media files you have stored," DoctorBeet wrote on his blog.

DoctorBeet said he sent an email message to LG's U.K. subsidiary. He received a response that he should have read the Terms and Conditions of his user agreement before switching on the TV, and that any fault was with the retailer that sold him the TV.

LG's privacy policy doesn't appear to contradict any of DoctorBeet's findings. The policy states that LG collects "personally identifiable information" — names, emails, physical addresses and company names — and "non-personally identifiable information," such as IP addresses and product information. 

Furthermore, LG shares this information with "strategic partners, agents, third-party marketers or information providers, or other unaffiliated parties, who are offering products or services that we believe may be of interest to you."

A video that LG created for prospective advertisers touts the wealth of information the company collects about users of its TVs and smartphones.

The privacy policy doesn't give LG customers any way to opt out of this data collection, stating, "If you do not want us to share your personally identifiable information in this manner, please do not provide us with this information."

Tom's Guide has reached out to LG for comment, which said it was investigating the situation. "Customer privacy is a top priority at LG Electronics and as such, we take the issue very seriously. We are looking into the reports that certain viewing information on LG Smart TVs was shared without consent," the company said in a statement. We will update this story as more information becomes available.

UPDATE: In his Twitter feed, set up Tuesday, Doctor Beet described himself as a "developer, tweaker and Linux enthusiast" living in Hull, Yorkshire, England.

More importantly, Doctor Beet said the television model involved in his research was an "LG 42LN575V manufactured May 2013." That appears to be a U.K.-only model; a similar North American model would be the LG 42LA6200.

UPDATE: The Sydney Morning Herald reports that DoctorBeet's real name is Jason Huntley, an IT consultant from Hull, England.

Email jscharr@techmedianetwork.com or follow her @JillScharr and Google+.  Follow us @TomsGuide, on Facebook and on Google+.

Create a new thread in the Streaming Video & TVs forum about this subject
This thread is closed for comments
11 comments
    Your comment
    Top Comments
  • dragonsqrrl
    "If you do not want us to share your personally identifiable information in this manner, please do not provide us with this information."

    ...lol, in other words, "If you don't want us to share your personally identifiable information, please do not buy our TVs."

    Okay.
    10
  • Other Comments
  • dragonsqrrl
    "If you do not want us to share your personally identifiable information in this manner, please do not provide us with this information."

    ...lol, in other words, "If you don't want us to share your personally identifiable information, please do not buy our TVs."

    Okay.
    10
  • nebun
    this is one reason why my smart tv is just a tv....not connected to the internet....i pity the fools who think that they are safe and secure...wait...nvm
    0
  • Immaculate
    If I use something else for Netflix, Hulu w/e you watch, TV not connected ethernet nor wifi will it still send the information through HDMI? If I Just use a USB stick for updates?
    0