Smart TVs manufactured by LG Electronics are sending information about users’ viewing habits and files back to the company’s servers. The company confirmed the behavior and said it plans to release firmware updates to correct it.
A U.K.-based software developer revealed Monday in a blog post that his smart TV was sharing information about what channels he was watching with LG because of an option called “collection of watching info” that was turned on by default.
But even after turning off the feature, the TV continued to share viewing habits with the company, found the software developer, who uses the online alias DoctorBeet.
DoctorBeet said that after seeing ads on his own TV’s landing screen he began looking into where they came from. He said he found a video on LG’s website that touted the company’s ability to analyze users’ favorite programs, online behavior, search keywords and other information to offer relevant ads to target audiences.
The webpage he linked to, at us.lgsmartad.com, now says “The service is currently under maintenance,” but a copy of it in Google’s cache says: “”LG Smart AD provides the powerful marketing tool to reach target audiences across multiple smart home entertainment devices such as LG Smart TVs, Blu-ray Disc Players and Smart Upgrader in more than 120 nations. Sophisticated Targeting: Bring right ads to right target audiences using demographic, geographic, device, contents and user preference data.”
DoctorBeet’s analysis of the Internet traffic generated by his TV also revealed that the names of files stored on USB storage devices attached to it were being sent to LG’s servers, he said.
A trail of sketchy
On Thursday, a second blogger confirmed DoctorBeet’s findings after analyzing traffic from his own LG smart TV. However, he found that his TV was also collecting and sending the names of files found in folders shared over the network by other devices.
“I moved all the media out of the folder and put a few duds in named ‘GiantPorn,’ turned the TV off and on and it was still broadcasting the old file names,” the blogger said. “The TV couldn’t see those files whilst browsing manually so I’d hazard a guess it’s caching some of these locally,” he said, adding that it didn’t take long until the TV started sending the new file names too.
“The clear problem I see with this is even if I agreed to this in any T&Cs [terms and conditions] presented to me, I doubt guests using my Wi-Fi connection would be happy with filenames from their shared media being dispatched to LG,” he said.
This problem might also extend to business networks if such TVs are sitting in conference rooms and are connected to company networks. To make matters worse, all of the information is sent in unencrypted form which means it could be intercepted en route to LG’s servers.
LG confirmed that its TVs collected information, but denied that the information was personal or that it was used to target advertising.
“LG does not, or has ever, engaged in targeted advertisement using information collected from LG Smart TV owners,” LG said Friday in an emailed statement. “Information such as channel, TV platform, broadcast source, etc. that is collected by certain LG Smart TVs is not personal but viewing information. This information is collected to offer recommendations to viewers based on what other LG Smart TV owners are watching.”
The company has verified that this information continues to be transmitted even when the function is turned off on the TV, but said the data is not being retained on the server. “A firmware update is being prepared for immediate rollout that will correct this problem on all affected LG Smart TVs so when this feature is disabled, no data will be transmitted,” the company said.
LG also confirmed that the names of media files stored on external drives, like USB flash storage devices, was being transmitted back to the company as part of a planned feature that would have involved searching for metadata related to those media files on the Internet “in order to deliver a better viewing experience.”
“This feature, however, was never fully implemented and no personal data was ever collected or retained,” the company said. “This feature will also be removed from affected LG Smart TVs with the firmware update.”
“LG regrets any concerns these reports may have caused and will continue to strive to meet the expectations of all our customers and the public,” the company said. “We hope this update clears up any confusion.”
11/22/2013—11:30 a.m. PDT. Clarified the headline of the story