ICO investigates claims of data breach by LG smart TVs

The ICO is investigating claims that some LG TVs are reporting viewing habits even if privacy settings are activated

The Information Commissioner’s Office (ICO) is investigating claims that some LG televisions are reporting viewing habits to the LG Smart Ad marketing tool even if privacy settings are activated.

The investigation is in response to a blog post by a UK-based IT consultant who claims his TV is sending information about what channels are viewed and collecting filenames on a connected USB drive.

The ICO told the BBC it had been made aware of a possible data breach involving LG smart TVs.

"We will be making enquiries into the circumstances of the alleged breach of the Data Protection Act before deciding what action, if any, needs to be taken,” an ICO spokesman said.

When IT consultant Jason Huntley contacted LG, the South Korean company replied that he had accepted LG's terms and conditions.

“As you accepted the terms and conditions on your TV, your concerns would be best directed to the retailer,” the company said.

But when contacted by the BBC, LG said it is investigating reports that certain viewing information on LG Smart TVs was shared without consent.

"LG offers many unique smart TV models, which differ in features and functions from one market to another, so we ask for your patience and understanding as we look into this matter,” a spokesman said.

LG’s Smart Ad marketing tool enables advertisers to display tailored advertisements on the user interface of some of its TVs.

According to the LG website, the tool has the ability to: “Bring the right ads to the right target audiences using demographic, geographic, device, contents and user preference data.”

Smart Ad uses information collected by TVs, but Huntley discovered that the “collecting of watching info” option in user privacy settings is switched on by default.

After changing the setting, he found that unencrypted details about each channel change were still being sent to LG.

List of domains to block

  • ad.lgappstv.com
  • yumenetworks.com
  • smartclip.net
  • smartclip.com
  • smartshare.lgtvsdp.com
  • ibis.lgappstv.com

Looking through the data sent to LG, Huntley noticed the names of files stored on an external USB drive were also being transmitted.

According to Huntley, even if LG was not using the data, the fact that it was being sent over the internet in clear text meant that it could be accessed and abused by hackers.

In his blog post, Huntley lists internet domains that smart TV owners can block on their routers to stop spying and advertising.

“This will free you from seeing ads plastered on your screen and having your viewing habits monitored, whilst it should still allow firmware updates to be applied,” he wrote.

Read more on Privacy and data protection