LG TV phones home with your viewing habits, names of files you screen, even if you tell it not to

Countermeasure 1: How long can these filenames be before they crash the LG servers? Can I embed a buffer-overflow attack in a filename on my USB drive?

Countermeasure 2: Place copyrighted material, e.g., song lyrics, in the filenames themselves, thus causing LG to commit copyright violations.

Countermeasure 3: Proxy the TV’s connection to the Internet. Replace their advertising images with actual midget porn. Photograph the TV with midget porn “advertising.” Profit?

Countermeasure 4: Stop buying LG products.

4 Likes

And double-check that it isn’t an HDMI cable with ethernet, and a computer that ‘helpfully’ uPnPs the TV to the internet, yes?

And, with with basic GSM phones retailing for $12, no contract/bundle, quantity one, better sweep for unexpected GPRS chatter as well. (Only some data would be worth the transmission cost, in that case, since they can’t just piggyback on your internet; but if Amazon could do ‘whispernet’ a compressed summary of your viewing habits every X days could probably be done pretty cheaply).

Contemporary MEMs mics are god’s gift to paranoia. High sensitivity, omnidirectional, all ADC handled in-package for a nice low-pin-count digital output, 4x3 mm square, 1mm thick. Doesn’t use much power either, so good for battery powered applications. The ones that hand off analog functions can be even smaller (Mr. 2F17 045, in red, is the mic in those ubiquitous Apple earbuds-for-chattering-with, it even functions inside a fully enclosed plastic housing, no mic hole/grate/etc. Vendor/datasheet unknown, at least to me.)

2 Likes

@isomorphic Given the general shittiness of ‘SmartTV’ firmware, LG probably implicitly trusts all packets with the correct UA (or some other trivially spoofable ID) and validates them incompetently or not at all.

It’d be eleventy-billion felonies and all that; but I’d love to see a particularly displeased black-hat have a look. (On the minus side, the TVs probably implicitly trust all files called ‘LG_frm.img’, write them to boot flash, and restart, so it’d be the clueless users who are likely to get hit piecemeal…)

2 Likes

“No, your honor, I had no idea that naming my kid’s birthday party movie that way somehow resembled the ‘EICAR test pattern’ (as you call it) and that it would result in total chaos on LG’s LAN.”

“What’s your kid’s name?”

“Little Bobby Tables.”

Aside: My old, old Samsung TV can be upgraded with a simple USB stick with the right firmware files on it, and the resulting setup can actually damage your TV if it’s not configured properly.

6 Likes

Ah, that takes me back to the good old days when your X config (and this was xfree86, none of that Xorg, sonny) could drive your CRT out of spec to its eventual death. LCDs these day…

3 Likes

Obligatory:

“In Soviet Russia, TV watches you!”

Yeah, my first thought was “can the packet leeching be weaponized?”

Might I suggest a simple logo for the box packaging for appliances that spy:

6 Likes

Finding a TV without a fast processor had to be fairly easy, since the CPUs in smart TVs are terrible.

Or just see if the marketing tag “smart” is attached to the gadget. That seems to be a hidden synonym for “doubles as surveillance device”.

1 Like

Countermeasure 5: set up a script to replicate the info sent to LG with random show and file names, run it on a few thousand computers, and flood their servers.

1 Like

I like your idea. Also, add hundreds of millions of 1s small video files to an external disk. Have it play these things all day long for months.

1 Like

I wonder if you could cram LUFA and a FAT16 implementation that constantly gets refilled with randomly named files into one of the larger AVRs?

I’m sure that an apparently-tiny USB stick with constantly shifting contents wouldn’t confuse anything.

Interesting. Disturbing. This makes me want to dig a bunker and entertain myself with crochet and paper books, but that’s probably going to look suspicious to some government agency or another.

I’m probably not the only one who’s puts a piece of opaque tape over the camera in my laptop…

4 Likes

God once appeared to me in a dream and asked me to watch all my movies on my laptop.

I’m trying to get my head round the concept of a TV described as ‘old’ and yet has *upgradable firmware *. Which means I’m old, I guess.

2 Likes

Old is relative. It’s “old” for an LCD TV, but not old for a TV. (It’s a 46" LCD that I paid more than $3K for, which is absurd given present prices.) The epithet was intended to convey that it isn’t “smart” in any way, shape, or form–although it can still be owned, badly, with a USB stick.

Did you check the near-IR band? Those things don’t see like we do…

And you’d all probably freak about the (very large) softdrink manufacturer who was trying to have a self-serve soda fountain produced which had a built-in camera and facial recognition system in it.
I tried to imagine getting spied on in a KFC or 7-11…and what marketing idiot came up with this one.

Sadly, horridly, not even kidding.