LG Smart TVs Leak Data Without Permission

McAfee

Dec 02, 2013

5 MIN READ

Deals abound on gadgets and gizmos in the wintry weeks before Christmas, but could that shiny new toy on your loved one’s wish list put the whole family’s security at risk? Smart TVs will undoubtedly be one of the more hot ticket items this season, but a recently discovered security vulnerability in the LG Smart TV reminds us that when it comes to new tech gadgets, “smart” doesn’t always equate to “more secure.”

Last month, security blogger DoctorBeet discovered that his LG Smart TV was sending private data back to LG, even when a menu option titled “Collection of watching info” was set to “off.” Specifically, data showing when a channel was changed, to what channel it was changed, and the file names of documents stored on USB drives connected to the TV were being collected and passed along to LG.

In answer to the findings, LG released a statement on November 21st acknowledging that their Smart TVs were transmitting the viewing information of their customers such as channels, TV platforms, and broadcast sources. This data is used to “deliver more relevant advertisements and to offer recommendations to viewers based on what other LG Smart TV owners are watching.” The fact that this data was being transmitted after a user had explicitly opted out was labeled by LG as a “problem,” and they’ve said they are working on an update to solve it.

That explains the TV usage data, but why is LG recording the names of private files stored on USB drives plugged into their smart TVs? LG once again confirmed that DoctorBeet’s findings were correct, and said that this data was being collected for a feature that was never actually implemented. The soon-to-come update will fix this issue as well.

Despite their initial security oversights, LG has been quick to respond to concerns and make changes necessary to protect their users’ privacy. The unfortunate reality is that the practice of collecting data for advertising purposes is a fairly common one, and smart TVs aren’t the only household tech gadgets that may be putting your security at risk.

Increasingly “smart” video game consoles are also guilty of over sharing. Microsoft recently released an Xbox One privacy statement confirming that data is collected from the chat, video, and communications features of live-hosted gameplay sessions. In it’s PlayStation 4 software usage terms, Sony acknowledges that they reserve the right to “monitor and record any and all PlayStation activity.” Nintendo addresses the issue of data collection on the Wii in their end user license agreement, stating that all data collection will be done for “legitimate business purposes.” All of this data collection is within legal limits, but it does beg the question—how far does our privacy really extend when so many of our devices are connected to the Internet?

It’s one thing when data is being collected and transmitted back to the manufacturer for product improvements or for advertising purposes, but another when it’s being captured by cybercriminals with malicious intent. I wrote previously on the vulnerability of smart TVs to hackers, specifically how cybercriminals can install spyware and subsequently take over your device.

The phenomenon of everyday objects becoming increasingly connected—both to each other and outside sources—is being referred to as the “Internet of Things.” Smart TVs and gaming consoles are just two examples of the increasing Internet connectivity of things, and this trend will only continue to grow. This year, we’ve seen Internet connected cars, home appliances, medical devices, glasses, watches, and more. Where there is a will, there is a way, and as our devices become more connected, cybercriminals will look to find ways to exploit their security gaps. So, what’s a user to do when personal data is being leaked through so many devices? Here are some tips to help patch the holes:

Always protect your devices with a password. As smart devices become more prolific, it’s important to continue to use basic security tools such as passwords. As always, it helps to frequently update your passwords and use two-step verification for accounts when the option is offered.
Update your software. Smart TVs, gaming consoles, and other cutting edge technologies are fresh to the market, and because of that, many companies are still working out security kinks after the product is made available in stores. Pay close attention to when a company releases a new software update for your device, as it may include patches to close up any security holes.
Do your research. Prior to purchasing a new smart TV or video game console, be sure to investigate the data sharing and privacy policies of the company selling the product. These policies are available online, and you should review before making a purchase.
Browse with caution. Smart TVs are every bit as susceptible to hacking as your home computer. When you’re using your new device to browse the Web, pay attention to sites that look suspicious and avoid clicking on links from unknown senders.
Use social media sparingly. Video-streaming sites like Netflix pose less of a threat to your smart TV than social media sites, where cybercriminals disguise malicious links in phishing attempts. Limit social media use to other home devices such as a computer, smartphone or tablet that can be protected with comprehensive security, like McAfee LiveSafe™ service, which protects all of your devices, your identity and your data.