LG Smart TVs Spying on Users
It all started with the fact that I paid attention to the advertising, which shows my new SmartTV from LG. After a little investigation, I came across a video for corporate customers , telling about LG's advertising opportunities. The video is quite long, the point is that LG Smart Ad collects information about the user's favorite programs, its behavior in the network, including the collection of keywords used in the search, and other information about personal preferences. All this is used to display targeted ads.
In fact, in the system settings there is an option “Collection of watching info” (“Collection of watching information”), which is enabled by default. To see this setting, the user must scroll to the bottom of the menu. In addition, this item has no context help with a detailed description of the option, unlike all other items.
')
I decided to do a little analysis of the traffic that the TV sends. It turned out that the traffic is sent regardless of whether the flag is set to allow collection of information or not.
The transmitted information contains a unique device number, the name of the current channel (in my case - “BBC NEWS”), its parameters and other information. Here is an example of an intercepted packet:
As you can see, the information is sent without any encryption. It is sent every time you switch a channel, regardless of the tracking option. I did not stop there and continued to intercept the packets, I noticed strange file names that were also sent to the LG servers, these were lists of files from my external hard drive connected via USB to the TV.
To demonstrate this, I took the first video in AVI and copied it to a USB drive:
In fact, the name of the file does not reflect its contents, I just renamed it to make it easier to find it in traffic :)
Packages containing the file name are detected several times, in some of them only the file name is sent, in others the entire path is sent. I could not determine the principle of sending.
Interestingly, some addresses on the server side of LG, where the information is sent, are no longer available - the screenshot shows the response with the 404th error.
In any case, even if now this information is not stored “from the other side”, no one will give guarantees that LG will not restore the server’s work and will not continue collecting. (It is also possible that the script intentionally returns the 404th error in order to escape from the charges. - comment of the translator. )
I contacted LG representatives and asked them to comment on the secret information gathering of their televisions, their answer below:
I didn’t ask them about transferring file names from USB-drives (obviously, a question was sent about transferring data about channels with the setting turned off - note of the translator) because of their answer policy “come to terms with it” on any questions, in fact, I don’t expected some other answer.
How can I prevent information leakage? The simplest option is to prohibit the transfer of traffic to the LG servers on the router, here is their list:
This ban will block all leaks and may even turn off all ads. In this case, the software update is downloaded from another server and should work fine.
In fact, in the system settings there is an option “Collection of watching info” (“Collection of watching information”), which is enabled by default. To see this setting, the user must scroll to the bottom of the menu. In addition, this item has no context help with a detailed description of the option, unlike all other items.
')
I decided to do a little analysis of the traffic that the TV sends. It turned out that the traffic is sent regardless of whether the flag is set to allow collection of information or not.
The transmitted information contains a unique device number, the name of the current channel (in my case - “BBC NEWS”), its parameters and other information. Here is an example of an intercepted packet:
GB.smartshare.lgtvsdp.com POST /ibs/v2.2/service/watchInformation.xml HTTP / 1.1
Host: GB.ibis.lgappstv.com
Accept: * / *
X-Device-Product: NETCAST 4.0
X-Device-Platform: NC4M
X-Device-Model: HE_DTV_NC4M_AFAAABAA
X-Device-Netcast-Platform-Version: 0004.0002.0000
X-Device-Country: GB
X-Device-Country-Group: EU
X-Device-ID: 2yxQ5kEhf45fjUD35G + E / xdq7xxWE2ghu0j4an9kbGoNcyWaSsoLgyk8JJoMtjRrYRsVS6mHKy / Zdd6nZp + Y + gK6DVqnbQeDqr-chfy4a4y4r4y4rHyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyi
X-Authentication: YMu3V1dv8m8JD0ghrsmEToxONDI = cookie: JSESSIONID = 3BB87277C55EED9489B6E6B2DEA7C9FD.node_sdpibis10; Path = /
Content-Length: 460
Content-Type: application / x-www-form-urlencoded
& chan_name = BBC TWO & device_src_idx = 1 & dtv_standard_type = 2
& Broadcast_type = 2 & device_platform_name = NETCAST 4.0_mtk5398 & chan_code = 251533454-72E0D0FB0A8A4C70E4E2D829523CA235 & external_input_name = Antenna & chan_phy_no = & atsc_chan_maj_no = & atsc_chan_min_no = & chan_src_idx = 1 & chan_phy_no = & atsc_chan_maj_no = & atsc_chan_min_no = & chan_phy_no = 47 & atsc_chan_maj_no = 2 & atsc_chan_min_no = 2 & chan_src_idx = 1 & dvb_chan_nw_id = 9018 & dvb_chan_transf_id = 4170 & dvb_chan_svc_id = 4287 & watch_dvc_logging = 0
As you can see, the information is sent without any encryption. It is sent every time you switch a channel, regardless of the tracking option. I did not stop there and continued to intercept the packets, I noticed strange file names that were also sent to the LG servers, these were lists of files from my external hard drive connected via USB to the TV.
To demonstrate this, I took the first video in AVI and copied it to a USB drive:
In fact, the name of the file does not reflect its contents, I just renamed it to make it easier to find it in traffic :)
Packages containing the file name are detected several times, in some of them only the file name is sent, in others the entire path is sent. I could not determine the principle of sending.
Interestingly, some addresses on the server side of LG, where the information is sent, are no longer available - the screenshot shows the response with the 404th error.
In any case, even if now this information is not stored “from the other side”, no one will give guarantees that LG will not restore the server’s work and will not continue collecting. (It is also possible that the script intentionally returns the 404th error in order to escape from the charges. - comment of the translator. )
I contacted LG representatives and asked them to comment on the secret information gathering of their televisions, their answer below:
Good morning
Thanks for your letter.
As we wrote in the previous letter, your request was redirected to the central office of LG in the United Kingdom.
Since you, unfortunately, have accepted the Terms and Conditions of Use of the LG TV, your complaints should be sent to the seller of the device. You should have read the Terms and Conditions at the point of sale of the TV, for obvious reasons, LG can not provide comments on their actions.
We apologize for the inconvenience that could have caused you. If you have other questions, feel free to contact us in the future.
Respectfully,
Tom
Support service LG Electronics UK
Tel: 0844 847 5454
Fax: 01480 274 ​​000
Email: cic.uk@lge.com
UK: [premium rate number removed] Ireland: 0818 27,6954
Mon-Fri 9am to 8pm Sat 9 am-6pm
Sunday 11am - 5pm
I didn’t ask them about transferring file names from USB-drives (obviously, a question was sent about transferring data about channels with the setting turned off - note of the translator) because of their answer policy “come to terms with it” on any questions, in fact, I don’t expected some other answer.
How can I prevent information leakage? The simplest option is to prohibit the transfer of traffic to the LG servers on the router, here is their list:
ad.lgappstv.com
yumenetworks.com
smartclip.net
smartclip.com
smartshare.lgtvsdp.com
ibis.lgappstv.com
This ban will block all leaks and may even turn off all ads. In this case, the software update is downloaded from another server and should work fine.
Source: https://habr.com/ru/post/202770/
All Articles