The implications are troubling. Your TV collects and broadcasts for the permanent record of anyone who can snoop the cleartext (your neighbors, your ISP, whatever the NSA looks like in your country, etc) all the media it can find on your network.
We used to need firewalls at the edges of our home networks to keep bad actors out. Now we need firewalls that point the other direction to keep the bad actors on our networks in.
A good friend of mine did exactly that for a network some 15 years ago. He called it his "waterwall".
It was for some kind of internet-cafe. But that we seem to need this nowadays for our private homes, troubles me.
What is this with the attitude, that it is ok, to view into the innermost privacy-sphere of your customers? Sorry, but LG is dead and gone for me. A company, that converts its paying customers into a product, ready to be sold to some advertiser just sickens me.
What comes next? Automatically detecting, when people no longer look at the screen, via a camera, to stop the showing of ads and resume, when people return in front of the screen? Or to detect how many people are watching (as Microsoft had patented)?
What happened to good old: We build one thing, sell it and that is fine. Why does everybody have to be an advertising-company, trying to maximize this revenue stream on the back of the live(data) of its paying customers?
I suspect that this is the result of incompetence on their part rather than an actual intent to log private data. Either way though, obviously not good.
I do understand, that most seemingly malicious intend has its roots in incompetence.
In an answer to German press-inquiries, LG states, that the feature will stay. The only thing, they will change is, that disabling the feature really disables it. They stated, that this was a bug. And I actually believe this. I did not allege, it was malicious intend.
My real argument was, that I am more then happy, to pay good money for a good TV. But that I see no reason, why I should have to pay with my data as well (not being informed on that by the way, when buying this TV) and with this feature being enabled by default.
Sidenote:
They told the German press, that the receiving server dropped the information, when the feature was disabled. They never told anyone, how the server should have been able to do that. As far, as I could see, the requests did not change, when deactivating that feature.
Hi! Friendly native English speaker here. Just a tip, your posts read as very disjointed because you are using the comma so often! You can think of the comma as representing a pause in speech. Re-read your post, taking a pause every time you encounter a comma and you'll see how disjointed it feels. You are making good points, but I found your posts difficult to read because of this issue.
Good firewalls should always block unwanted traffic whether it's inbound or outbound. This is not anything new, but you're right that most people trust the devices they own. Not anymore.
I think this is something of a chicken and egg problem. The basic firewall UI is allow <computer> to use <port> for <incoming|outgoing>. This interface can be made very easy to use. The problem is that if this was the default then programs would simply not work, and users would not know why.
However, if it became standard, then programs would tell users to check their firewall, and can even tell users the information that they need to fill into the firewall (eg. name of computer, port, ...).
Conceivably, you could define an protocol for devices to request an opening. This protocol could include a way of sending the password.
We have to assume that our lives are public; and that we have no secrets from those who want to get them the most (i.e. bad actors). We are vulnerable and weak, and had better get used to the idea that we can be f*cked over at will by whosoever takes a fancy to the idea.
Yep you've basically refuted the idea of personal security due to a vague insinuation of how "most people" trust their electronics. Or did you have anything constructive to add?
"Historically it's been very difficult to make detailed firewall configuration user-friendly. As a result, we've lived with the simplistic compromise of 'allow outgoing connections, don't allow incoming connections'. It seems like it's going to require some incredible new firewall configuration interface if we hope to make it possible for the ordinary clueless computer user to properly configure outgoing firewall rules."
Hey man; it's manner, not manor. Manor is more akin to a large house or mansion.
I am often hesitant to offer this kind of correction because I feel like it sometimes sounds conceited, or as if I am trying to be superior to you somehow. I honestly don't feel that way and am just offering the correction because I feel like I would like to be corrected myself. I respect you for having learned a second language, it's more than I can say for myself.
You'll find that people that have english as their first language tend to make that kind of mistakes more often than people who have it as a second language. In my case, for example, my first language is spanish, where everything sounds as it's written. When I see mistakes like writing "manor" instead of "manner", or "should of" instead of "should have" I can't help but think that I would never make that kind of mistake, because of the way people learn english as a second language in comparison to a first language.
You know "manor" is an apropos typo, signifying LG being haughty, privileged and out-of-touch living in this really expensive house they built with the money from paying customers that they are treating like cyber-peasants.
I wish I knew a name for a homophonic typo which suggests criticism in that way, I used to know a guy who made typos like that all the time, emails from him had a kind of surreal meta-level quality to them. It is kind of a mondegreen, but not quite.
Unless he lives in a manor, then it works actually.
But my witty jokes aside, that reminds me of Little Snitch for Mac OS, which keeps installed programs from opening unauthorized connections to the outside. Is there a firewall setup that works this way for an entire home network? Possibly something that could be run on a small device/router?
The real difference is not between outbound and inbound. Classical firewalls have been blocking outbound connections depending on ports since forever.
Firewalls for Windows (I first saw it in ZoneAlarm) introduced application specific filtering. So you can allow one application to connect to HTTP servers and disallow another application from doing the same.
Edit: I was just reading this article an hour ago, about how to programmatically add rules to Windows built-in firewall using Delphi:
Can anyone recommend a consumer grade router that has a good GUI for tracking outgoing connections in real-time and setting up rules to control them?
I am imagining some kind of add-on to DD-WRT or derivatives that will put up a real-time graph of devices on my home network and draw lines representing outgoing TCP and UDP connections while also logging them in a tabular format. Both forms would be clickable to drill down for more details (including session packet captures if enabled) as well as set policies like a per device white-list of acceptable IP addresses to connect with.
I know all of this is possible with individual tools like tcpdump or wireshark and ip-tables configs, but that is too painful. I'm looking for a robust GUI on top of all that.
I tried analyzing all outgoing traffic on my laptop for a couple days, there is a surprising amount of noise [1]. Very hard to spot anything nefarious. It's challenging to find anything meaningful without some sort of automation.
Unless it's a low traffic device, like a TV.
But in my research I didn't come across any router level software that did this in a meaningful way (with a GUI).
Maybe a startup opportunity here? +1 with network intrusion detection for home networks. I'd donate to a crowdfund for that.
It might be a little more complicated than a standard consumer-grade router, but it's powerful enough to do almost anything. It's based on FreeBSD and has a reasonably pretty GUI on top of pf.
I've used it on alix embedded hardware before, and have it currently running on an atom supermicro board - both work great.
pfSense is awesome. It won't help a lot with this specific problem (without a lot of manual work). But it's still a great solution. I've been using its multi-WAN capabilities on a Soekris box for a few years now.
I'll second the pfsense option. I just bought a great little Alix based firewall running pfsense (2.1) [1]. I wanted something that was open-source and less of a black box (firewall inside a consumer grade router/modem).
One thing I'm now noticing - Android (nexus7) is quite noisy. I need to get wireshark looking at what this constant trafic is from the tablet to Google (and the BBC sometimes).
Carambola2[1] runs FreeBSD[2] and thus a version (it's way different than OpenBSD's these days) of Packet Filter[3]. Putting the ADSL modem in bridge mode and this very cheap device as an advanced firewall can keep you safe. You have to write the rules manually, it's a time-consuming procedure (a little bit like programming) because it takes a lot of reading, etc. But once you get the hand of it, writing rules your self gives an absolute control of what goes in and out of your network.
Not a networking guy here, and this is nowhere near all you're asking for, but here's a classic GUI-controlled router setup which allowed me to totally block my son's internet access when needed. Sounds like your TV needs that too:
* Router was a Linksys WRT54GL [1] re-flashed with Tomato [2] firmware
IIRC it took two steps to stabilize things:
* One of the menu options [sorry, don't recall which one] allows watching the MAC and IP addresses of connected devices in real time as they come and go. You can somehow assign names to devices in this list to help sort them out. Unhook or power off off everything else or use the OUI lookup or somehow otherwise identify the TV. Click on 'static' so as to force Tomato's DHCP service to make the current IP address fixed for the TV's MAC.
* Now that the TV has a static IP on your LAN, you can use Tomato's 'Access Restriction' on that IP to disallow all outside access. Works as well for restricting one's kids' access to reasonable time ranges -- and cutting them off when necessary ;).
And unfortunately totally doesn't work for a "Smart TV" where you want the TV to be able to browse YouTube but you don't want it to send the names of your local files to anybody.
We need much more capable filtering.
It seems that because of these immoral corporations (hm, aren't they by definition that way?) we as users have to implement the "Great firewall of China" for our own networks. Bad times.
And as Terr_ notes on this page, we should actually fight for the legal mechanisms to forbid such practices and punish the companies who invade our privacy.
The UK (where these TVs are being sold), much like the rest of the EU, does have legal mechanisms to forbid such practices and punish infringers, under the Data Protection Act 1998 [1]. The fact that LG still sold these TVs in the UK shows that legal mechanisms are not sufficient.
Sure, one can argue that this particular mechanism is not sufficient, while others would be, but we often don't know that until the deed is done.
I setup a vm to collect net flows from my ddwrt enabled router, and used the http://nfdump.sourceforge.net package to collect and parse them into a daily report of all tcp/Udp connections sorted by bytes...
The real challenge is filtering out all the google and ec2 hosts that you come into contact with while using various services...
The de-facto standard packet logging and tracing UI is wireshark, so if you're going to go the surplus PC route then run wireshark on it. I have no idea if it's available for OpenBSD but it's certainly available for linux and windows.
I have a Buffalo Router, it a DD-WRT firmware, I have a new LG tv too, just bought the stupid thing 1 week ago. Anyways, you can block the websites using this router.
Good news is it works.
Using "DMZ" in this context is very confusing, in common usage it means the exact opposite of what you intended.
A lot of home routers have a "DMZ" feature that gives the device you put in the DMZ full access to the outside internet, but restricts their access to other hosts on the local network.
It's typically used for gaming machines when you can't be bothered to forward a lot of ports individually, I have a gaming console in a "DMZ" on my network so I can play games online without fuss.
This is what sdfjkl is intending I think. Have the TVs/Whatever on the other side so they can't scan your network shares to get the information to send back the HQ.
I would be much more effective, straightforward and ultimately more useful though, to firewall the TVs from the internet outbound so they can collect data all they like and never send it home.
Both actually. They might need access to your internal network to access your file shares and whatnot, but you'll want to make sure they can access only the parts you want them to, and nothing else, so they can't for example log onto your unsecured printer and collect a list of most recent print jobs, including filenames.
And they might need to access the internet to download firmware updates and stream video, but you don't want them to "LG phone home" and report your midget porn viewing habits, so you'll block that.
Of course all that requires quite a bit of knowledge, time and equipment to set up and is therefore quite unrealistic, so you're better off just hooking up your laptop via HDMI and putting the damn TV into monitor mode, "smart" be damned.
I've been looking into this possibility myself, as we're currently upgrading our home entertainment systems and I was unpleasantly surprised by the lack of alternatives to "smart" TVs.
Unfortunately, typical home or SOHO Internet and wireless set-ups tend not to support something like shoving all your AV equipment on a separate VLAN when it hits a wireless router. Ideally, you'd probably want either direct access from that router to the Internet, isolated from your main network, or if you've got a slightly more advanced set-up, the ability to set up a static route that will only allow traffic from the AV part of your network to your Internet router, again fully isolated from your main network. Sadly, playing with VLANs tends to need a step up to a more serious level of networking equipment and in particular routing hardware, and the price for that is prohibitive at present.
It would certainly be interesting to see some advances in basic routing coming down into the home/SOHO markets, though, and potentially developments of consumer-friendly hardware firewalls as well. As homes become increasingly networked and automated, I suspect there is going to be a growing market for dealing with these kinds of security issues but with minimal set-up and as few different items of networking equipment as possible.
OpenWRT (and dd-wrt, and I'm sure most other wrt variations) let you set up another "virtual" HotSpot. If your AV equipment can do wireless, that's an option.
Also, I just bought my mom a TP-Link device capable of running openWRT for $25 (don't recall the model). If you care about privacy, it's relatively cheap in enabling hardware - it's your time that is going to be expensive.
I'd rather pursue legal mechanisms than technical ones in this case.
They aren't mutually exclusive. In particular, the very fact that a manufacturer tried to do something covertly as part of another system the customer authorised would potentially make their actions a criminal offence where I am, as it clearly becomes unauthorised access and not merely a privacy or data protection issue mostly likely dealt with through regulation or a civil court.
I can't help thinking that the world would be a better place, and one with a lot fewer of these shady behaviours, if the individuals who were knowingly and deliberately arranging them at each company were personally on the hook for that criminal conduct, and not able to just turn a blind eye and rationalise the abuse away because their employer's lawyers could handle any consequences.
The dutch website tweakers.net contacted LG and confronted them with this behaviour. They replied that it was a left over from some functionality that was never fully implemented and it will be removed in an update.
The only possible way to fix this in some way, is having Open alternatives.
Will love that when you buy a tv, you buy just the monitor. Without the tunning hardware or the crappy ooss. Like when you do with projectors.
Then you buy any chromecast, raspberrypi, or something that you can hack.
I can see for 2014/15 having a lot of startups creating small devices to connect to monitors only that tune internet in the same way they tune digital-tv.
Once you have competition in that market, you can start thinking in security.
You can already do all of that if you want. It's not a 2014/15 thing, it's a 2011 thing.
There are a variety of USB-powered android-on-a-stick-with-hdmi solutions out there. You can also buy separate tv tuner boxes pretty cheap. And many tvs run some form of FOSS and are hackable/flashable already.
On my network, I use the following script to convert the hosts file he provides into an unbound config file which I include from my main unbound config, using this script:
I don't specifically know the services the TV expects from those domains but:
You may want to receive software updates for the TV.
You may also want to access services that the are launched by the LG apps. Those services may only run correctly when the appropriate pre-roll advertising (quite possibly from Smartclip) are allowed to play.
Also, my LG TV's WiFi password text box doesn't accept anything other than letters and numbers and not more than 8 chars long. What is this? A 10th grade programming assignment?!
Having to change my router's password to something insecure just to accommodate LG's retarded software sealed the deal : I will never buy anything LG again.
… or use http://fritz.box/html/capture.html if you have a Fritz!Box router – it's a great device anyway but especially useful for capturing your own LAN and WAN traffic.
Here's my write-up watching Nintendo Wii traffic, but using ethernet port. What I do for wireless devices, is I have an extra router. I connect the secondary router to my laptop's ethernet port then my primary-router(the one connected to the modem) I join with my laptop's wifi. Then, any devices connected to the secondary-router, wired-or-wifi, will have its traffic sniffed by my laptop's wireshark/ngrep.
Not sure how he got it 'connected to his laptop', but probably through that he ran a packet sniffer like Microsoft Network Monitor or something? (I could be way off though lol)
P.S. man this really brings to light the scary world where every device is connected to the net and feeding data to big companies... not that they care about our personal stuff (I'm sure they are just computing data analytics), but it's creepy nonetheless.
The companies probably don't care about your personal data, but if they're collecting it and storing it, organizations who may be interested (FBI, NSA, IRS...) can then obtain your info from them.
This was only found because LG was stupid enough to use plain HTTP instead of HTTPS. I wonder how many devices use SSL/TLS for this same thing that just haven't been caught yet.
That's why Intel's future chips that will allow encrypted connections to Intel's servers and be updated whenever Intel wants them to, without the user seeing anything, worry me, too.
Unless they offer a way to accept certificates and use a proxy server. Neither are particularly uncommon, and something like Charles[1] makes this laughably easy.
Not really, you can do that with any decent SSL tool. Getting the client to accept your trusted certificate is all that is needed. Once you have that you have the keys to the kingdom. I've written similar software myself.
Now on a closed device it can be very difficult to add root certificates to the store, but it's often possible.
For instance when the PS3 firmware was first cracked I took the opportunity to flash mine with a firmware I made that contained my root authority certificate. Then I wrote a python program to intercept and MITM all the traffic.
Result? I found out that on boot your PS3 tells Sony every game (or other thing) you run on the ps3, what times you run them and how long for.
But i think a lot of these companies know that it would be legally hairy to get into vigilante DRM justice, so instead they just surreptitiously collect data that will let them plot their next move. maybe that's paranoid, but comeon in this day & age everything is logged. Even if they are serving 404s, it's trivial to log that data anyway (as was pointed out) or maybe it goes straight to server logs and someone in LG analytics says in the future "well, that data is there somewhere... we may as well use it"
it's hard for me to imagine someone at a corporation standing up and going "NO! that's violating our users' privacy". they pretty much consider any info they can get to hit their servers to be their property no questions asked
Isn't Windows 8.1 logging local filenames, too, thanks to the integrated Bing search and advertising platform, so then it can serve you ads based on your local files?
I've really enjoyed using my LG TV/network informant. I'm wondering whether LG has any other exciting products I could use.
Do you happen to sell a camera that monitors my location? What about a vacuum that phones home with my fingerprints? Or perhaps a washing machine that steals my dreams?
Thanks for developing the products of The Future!"
We used to need firewalls at the edges of our home networks to keep bad actors out. Now we need firewalls that point the other direction to keep the bad actors on our networks in.