GB.smartshare.lgtvsdp.com POST /ibs/v2.2/service/watchInformation.xml HTTP/1.1Host: GB.ibis.lgappstv.comAccept: */*X-Device-Product:NETCAST 4.0X-Device-Platform:NC4MX-Device-Model:HE_DTV_NC4M_AFAAABAAX-Device-Netcast-Platform-Version:0004.0002.0000X-Device-Country:GBX-Device-Country-Group:EUX-Device-ID:2yxQ5kEhf45fjUD35G+E/xdq7xxWE2ghu0j4an9kbGoNcyWaSsoLgyk8JJoMtjRrYRsVS6mHKy/Zdd6nZp+Y+gK6DVqnbQeDqr16YgacdzKU80sCKwOAi1TwIQov/SlBX-Authentication:YMu3V1dv8m8JD0ghrsmEToxONDI= cookie:JSESSIONID=3BB87277C55EED9489B6E6B2DEA7C9FD.node_sdpibis10; Path=/Content-Length: 460Content-Type: application/x-www-form-urlencoded&chan_name=BBC TWO&device_src_idx=1&dtv_standard_type=2&broadcast_type=2&device_platform_name=NETCAST 4.0_mtk5398&chan_code=251533454-72E0D0FB0A8A4C70E4E2D829523CA235&external_input_name=Antenna&chan_phy_no=&atsc_chan_maj_no=&atsc_chan_min_no=&chan_src_idx=1&chan_phy_no=&atsc_chan_maj_no=&atsc_chan_min_no=&chan_phy_no=47&atsc_chan_maj_no=2&atsc_chan_min_no=2&chan_src_idx=1&dvb_chan_nw_id=9018&dvb_chan_transf_id=4170&dvb_chan_svc_id=4287&watch_dvc_logging=0This information appears to be sent back unencrypted and in the clear to LG every time you change channel, even if you have gone to the trouble of changing the setting above to switch collection of viewing information off.
It was at this point, I made an even more disturbing find within the packet data dumps. I noticed filenames were being posted to LG's servers and that these filenames were ones stored on my external USB hard drive. To demonstrate this, I created a mock avi file and copied it to a USB stick.This file didn't really contain "midget porn" at all, I renamed it to make sure it had a unique filename that I could spot easily in the data and one that was unlikely to come from a broadcast source.
And sure enough, there is was...Sometimes the names of the contents of an entire folder was posted, other times nothing was sent. I couldn't determine what rules controlled this.
I think it's important to point out that the URL that the data is being POSTed to doesn't in fact exist, you can see this from the HTTP 404 response in the next response from LG's server after the ACK.
However, despite being missing at the moment, this collection URL could be implemented by LG on their server tomorrow, enabling them to start transparently collecting detailed information on what media files you have stored.
It would easily be possible to infer the presence of adult content or files that had been downloaded from file sharing sites. My wife was shocked to see our children's names being transmitted in the name of a Christmas video file that we had watched from USB.
So what does LG have to say about this? I approached them and asked them to comment on data collection, profiling of their customers, collection of usage information and mandatory embedded advertising on products that their customers had paid for. Their response to this was as follows:Thank you for your e-mail.Further to our previous email to yourself, we have escalated the issues you reported to LG's UK Head Office.The advice we have been given is that unfortunately as you accepted the Terms and Conditions on your TV, your concerns would be best directed to the retailer. We understand you feel you should have been made aware of these T's and C's at the point of sale, and for obvious reasons LG are unable to pass comment on their actions.We apologise for any inconvenience this may cause you. If you have any further questions please do not hesitate to contact us again.LG Electronics UK HelpdeskTel: 0844 847 5454Fax: 01480 274 000Email: email@example.comUK: [premium rate number removed] Ireland: 0818 27 6954Mon-Fri 9am to 8pm Sat 9am-6pmI haven't asked them about leaking of USB filenames due to the "deal with it" nature of the above response but I have no real expectation that their response would be any different.So how can we prevent this from happening? I haven't read the T&Cs but one thing I am sure about is that I own my router and have absolute jurisdiction of any traffic that I allow to pass, so I have compiled an initial list of internet domains that you can block to stop spying and advertising on TVs that we, as customers have actually paid for.
(Update: removed llnwd domain, see comments)