Ramblings

D:

LG TV logging filenames from network folders

| 11 Comments

After DoctorBeet’s blog post detailing his LG TV’s shady logging practices I decided to have a look at what my own was doing.

To start off I couldn’t seem to find an option to disable logging of my watching activity, I’d guess we are using different firmware.  Either way I set up a laptop as a middlebox and went about logging communications.  The first thing I noticed was authentication to the server, and when you turn your TV off to standby there is also a request to deauth the session.  I’m not sure how unusual this practice is but it gives LG a pretty precise measurement of when and how long you are using the TV.

 

Auth:

GET /rest/sdp/v3.0/c2.4/authentication.xml HTTP/1.1
Host: GB.lgtvsdp.com
Accept: */*
Content-Length:0
X-Device-ID:{SNIPPED}
X-Device-Product:BROADBAND DTV 4
X-Device-Platform:GP4I
X-Device-Eco-Info:01
X-Device-Model:HE_DTV_GP4I_AFAAABAA
X-Device-Country:GB
X-Device-Country-Group:EU
X-Device-Language:eng
X-Device-Sales-Model:42LS570T-ZB
X-Device-Netcast-Platform-Version:0003.0004.0002
X-Device-Publish-Flag:Y
X-Device-ContentsQA-Flag:N
X-Device-FW-Version:04.41.03
User-Agent:Mozila/4.0

Response 200 OK

<?xml version="1.0" encoding="UTF-8" standalone="yes"?><authentication><deviceSecret>{SNIPPED}</deviceSecret><sessionID>{SNIPPED}</sessionID></authentication>

lg-startup-ping

 

DeAuth:

DELETE /rest/sdp/v3.0/c2.4/authentication.xml HTTP/1.1
Host: GB.lgtvsdp.com
Accept: */*
Cookie: JSESSIONID=C3F3C57B0AB40CDB723FD489B78EC3A0.node_sdp011; Path=/
Content-Length:0
X-Authentication:{SNIPPED}
X-Device-ID:{SNIPPED}
X-Device-Product:BROADBAND DTV 4
X-Device-Platform:GP4I
X-Device-Eco-Info:01
X-Device-Model:HE_DTV_GP4I_AFAAABAA
X-Device-Country:GB
X-Device-Country-Group:EU
X-Device-Language:eng
X-Device-Sales-Model:42LS570T-ZB
X-Device-Netcast-Platform-Version:0003.0004.0002
X-Device-Publish-Flag:Y
X-Device-ContentsQA-Flag:N
X-Device-FW-Version:04.41.03
User-Agent:Mozila/4.0
Response 200 OK

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

lg-shutdown-ping

Network:

Digging a little further, I was seeing the same requests DoctorBeet was seeing when it was logging his media from a USB mounted drive, except I had no USB mounted drive plugged in.  It turns out it was pulling filenames from my shared folders over the network and broadcasting those instead.  I moved all the media out of the folder and put a few duds in named “GiantPorn”, turned the TV off and on and it was still broadcasting the old filenames.  The TV couldn’t see those files whilst browsing manually so I’d hazard a guess it’s caching some of these locally.  It didn’t take long though to pick up the new ones:

POST /rest/sdp/v4.0/c1.0/smartshare/search.xml? HTTP/1.1
Host: GB.smartshare.lgtvsdp.com
Accept: */*
Cookie: JSESSIONID=C3F3C57B0AB40CDB723FD489B78EC3A0.node_sdp011; Path=/
X-Authentication:{SNIPPED}
X-Device-ID:{SNIPPED}
X-Device-Product:BROADBAND DTV 4
X-Device-Platform:GP4I
X-Device-Eco-Info:01
X-Device-Model:HE_DTV_GP4I_AFAAABAA
X-Device-Country:GB
X-Device-Country-Group:EU
X-Device-Language:eng
X-Device-Sales-Model:42LS570T-ZB
X-Device-Netcast-Platform-Version:0003.0004.0002
X-Device-Publish-Flag:Y
X-Device-ContentsQA-Flag:N
X-Device-FW-Version:04.41.03
User-Agent:Mozila/4.0
Content-Length: 713
Content-Type: application/x-www-form-urlencoded

query={SNIPPED PERSONAL FILES}/sample%5Fmpeg%34:/mpegGiantPorn:/mp%34GiantPorn

Response 404 Page Not Found

lg-giant-porn2

Although a 404 is returned it’s pretty trivial to collect the data and serve a 404 anyway.  Obviously I don’t know how/if they are logging the data but I’d prefer it wasn’t sent at all.

Now the clear problem I see with this is even if I did agree to this in any T&Cs presented to me, I doubt guests I have round using my WIFI connection would be too happy with filenames from their shared media being dispatched to LG.  Personally I’m not too happy that files you assume aren’t leaving the network are having their names broadcasted to LG, even worse so that it’s unencrypted.

Again I’d like to thank DoctorBeet  for bringing this to light, and I’ll be having a good look over the comms from my LG TV at the weekend.

11 Comments

  1. Pingback: LG smart TV snooping extends to home networks, second blogger says | RSS Feeds die Dennis graag leest

  2. Pingback: LG smart TV snooping extends to home networks, second blogger says | Cardiff Computer Rescue

  3. Pingback: LG smart TV snooping extends to home networks, second blogger says | Gizmo Envy

  4. Pingback: LG smart TV snooping extends to home networks, second blogger says | Tech Tips

  5. Pingback: LG smart TV snooping extends to home networks, second blogger says | WyeFixIT

  6. Can you publish a list of IP addresses that LG Smart TVs are contacting to send data? I would like to block them!

  7. Thanks for the heads up. I don’t like it… Won’t buy a LG 4 sure.

  8. i have checked also my LG Smart TV LM660 but except a few SSDP notifies sent to 239.255.255.250 nothing was sent

  9. I blocked my TV’s access to all of those sites, but the ad that appears under the mini-TV in the Smart TV screen still appears. I read on some of the other sites that it should get replaced by either a grey box or the “LG Smart TV” banner if one has properly blocked the ad sites, but no luck…

    Hopefully, I’ve at least blocked the data capture and send part of the problem.

  10. Pingback: LG decides its TVs *don’t* steal personal information – “viewing info” isn’t personal | Naked Security

Leave a Reply

Required fields are marked *.