• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 55

 | 

Security Affairs newsletter Round 534 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Law enforcement operations seized BlackSuit ransomware gang’s darknet sites

 | 

Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme

 | 

Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

 | 

Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access

 | 

Koske, a new AI-Generated Linux malware appears in the threat landscape

 | 

Mitel patches critical MiVoice MX-ONE Auth bypass flaw

 | 

Coyote malware is first-ever malware abusing Windows UI Automation

 | 

SonicWall fixed critical flaw in SMA 100 devices exploited in Overstep malware attacks

 | 

DSPM & AI Are Booming: $17.87B and $4.8T Markets by 2033

 | 

Stealth backdoor found in WordPress mu-Plugins folder

 | 

U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog

 | 

U.S. CISA urges FCEB agencies to fix two Microsoft SharePoint flaws immediately and added them to its Known Exploited Vulnerabilities catalog

 | 

Sophos fixed two critical Sophos Firewall vulnerabilities

 | 

French Authorities confirm XSS.is admin arrested in Ukraine

 | 

Microsoft linked attacks on SharePoint flaws to China-nexus actors

 | 

Cisco confirms active exploitation of ISE and ISE-PIC flaws

 | 

SharePoint under fire: new ToolShell attacks target enterprises

 | 

CrushFTP zero-day actively exploited at least since July 18

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Hacking
  • Security
  • British blogger discovered LG Smart TV spying on users

British blogger discovered LG Smart TV spying on users

Pierluigi Paganini November 20, 2013

British blogger revealed that his LG Smart TV collects and sends details about the owners’ viewing habits even if the users have activated a privacy setting.

Exactly one year ago we discussed about the possibility to exploit a vulnerability in Samsung Smart TV to penetrate our domestic network to spy on us or to serve a malware.

The British Developer and blogger DoctorBeet, announced to have discovered that his LG Smart TV is sending data about his family’s viewing habits back to the South Korean manufacturer.

It seems that the Smart TV, model LG 42LN575V, sends data back to LG servers even if the blogger has disabled the option “Collection of watching info” in the TV settings menu.

Smart TV LG spying

The Smart TV sends back to a non-functional URL information on channels being watched and time of vision, but the most concerning thing is that the device also collect and send to LG filenames of some media on a USB device connected to the TV.

To test the anomalous behavior DoctorBeet created a mock video file which he transferred to a USB stick, he named the file Midget_Porn_2013.avi that couldn’t possibly be confused with the TV set’s firmware. Once connected the USB to the Smart TV he verified that the filename had been transmitted in clear text to GB.smartshare.lgtvsdp.com.

 

Smart TV LG spying traffic

 

Not all filenames present on USB devices were transmitted but DoctorBeet wasn’t able to find out the principle that governs the practice.

“Sometimes the names of the contents of an entire folder were posted, other times nothing was sent. I couldn’t see what rules controlled this.”

DoctorBeet noted that the URL contacted by the Smart TV with a POST requests doesn’t exist, for this reason he received HTTP 404 responses from LG’s server after the ACK.

Even if the URL doesn’t reply it could be used by LG in the future to enable the collection of users’habit for commercial use, for example to provide customized content and ad.

LG Smart Ad collects and analyzes users’ favorite programs, online behavior, search keywords and other information to offer relevant ads to target audiences. For example, LG Smart Ad can feature sharp suits to men, or alluring cosmetics and fragrances for women.

“Note in particular that it means *nothing* that the script returns a 404: The information may still be in their logs – collecting information this way without actually having anything at the endpoint is an old practice, and more efficient on server resources than making the web server execute anything.”

“However, despite being missing at the moment, this collection URL could be implemented by LG on their server tomorrow, enabling them to start transparently collecting detailed information on what media files you have stored. It would easily be possible to infer the presence of adult content or files that had been downloaded from file sharing sites.” reported the blog post.

DoctorBeet decided to contact LG that replied that the behavior respects the Terms and Conditions for the Smart TV, the company also suggested that he take up the issue with the retailer who sold him the set.

Thank you for your e-mail.

Further to our previous email to yourself, we have escalated the issues you reported to LG’s UK Head Office.

The advice we have been given is that unfortunately as you accepted the Terms and Conditions on your TV, your concerns would be best directed to the retailer.  We understand you feel you should have been made aware of these T’s and C’s at the point of sale, and for obvious reasons LG are unable to pass comment on their actions.

We apologise for any inconvenience this may cause you. If you have any further questions please do not hesitate to contact us again.

 

Kind Regards

 

Tom

LG Electronics UK Helpdesk
Tel: 0844 847 5454
Fax: 01480 274 000
Email: cic.uk@lge.com

UK: [premium rate number removed] Ireland: 0818 27 6954
Mon-Fri 9am to 8pm Sat 9am-6pm

Sunday 11am – 5pm

The Information Commissioner’s Office declared to the BBC it is investigating on the issue.

“We have recently been made aware of a possible data breach which may involve LG Smart TVs,” said a spokesman.

“We will be making enquiries into the circumstances of the alleged breach of the Data Protection Act before deciding what action, if any, needs to be taken.”

LG clarified to the BBC , saying that the company is investigating the complaint:

As for why this particular LG Smart TV is collecting data in the first place, DoctorBeet cites a corporate video aimed at potential advertising partners. The lengthy clip includes claims such as:

“Customer privacy is a top priority at LG Electronics and as such, we take this issue very seriously,” 

“We are looking into reports that certain viewing information on LG Smart TVs was shared without consent.” “LG offers many unique Smart TV models which differ in features and functions from one market to another, so we ask for your patience and understanding as we look into this matter.” 

DoctorBeet closes the post suggesting how to stop data trasmission, he has identified and blocked 7 domains used to collect users’ data:

  • ad.lgappstv.com
  • yumenetworks.com
  • smartclip.net
  • smartclip.com
  • smartshare.lgtvsdp.com
  • ibis.lgappstv.com

 

Pierluigi Paganini

(Security Affairs – Smart TV, cyber espionage)


facebook linkedin twitter

cyber espionage Internet of Things LG Samsung smart TV

you might also like

Pierluigi Paganini July 26, 2025
Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme
Read more
Pierluigi Paganini July 25, 2025
Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 55

    Malware / July 27, 2025

    Security Affairs newsletter Round 534 by Pierluigi Paganini – INTERNATIONAL EDITION

    Breaking News / July 27, 2025

    Law enforcement operations seized BlackSuit ransomware gang’s darknet sites

    Cyber Crime / July 26, 2025

    Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme

    Intelligence / July 26, 2025

    Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

    Intelligence / July 25, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT