The implications are troubling. Your TV collects and broadcasts for the permanent record of anyone who can snoop the cleartext (your neighbors, your ISP, whatever the NSA looks like in your country, etc) all the media it can find on your network.
We used to need firewalls at the edges of our home networks to keep bad actors out. Now we need firewalls that point the other direction to keep the bad actors on our networks in.
A good friend of mine did exactly that for a network some 15 years ago. He called it his "waterwall".
It was for some kind of internet-cafe. But that we seem to need this nowadays for our private homes, troubles me.
What is this with the attitude, that it is ok, to view into the innermost privacy-sphere of your customers? Sorry, but LG is dead and gone for me. A company, that converts its paying customers into a product, ready to be sold to some advertiser just sickens me.
What comes next? Automatically detecting, when people no longer look at the screen, via a camera, to stop the showing of ads and resume, when people return in front of the screen? Or to detect how many people are watching (as Microsoft had patented)?
What happened to good old: We build one thing, sell it and that is fine. Why does everybody have to be an advertising-company, trying to maximize this revenue stream on the back of the live(data) of its paying customers?
I suspect that this is the result of incompetence on their part rather than an actual intent to log private data. Either way though, obviously not good.
Good firewalls should always block unwanted traffic whether it's inbound or outbound. This is not anything new, but you're right that most people trust the devices they own. Not anymore.
Hey man; it's manner, not manor. Manor is more akin to a large house or mansion.
I am often hesitant to offer this kind of correction because I feel like it sometimes sounds conceited, or as if I am trying to be superior to you somehow. I honestly don't feel that way and am just offering the correction because I feel like I would like to be corrected myself. I respect you for having learned a second language, it's more than I can say for myself.
The real difference is not between outbound and inbound. Classical firewalls have been blocking outbound connections depending on ports since forever.
Firewalls for Windows (I first saw it in ZoneAlarm) introduced application specific filtering. So you can allow one application to connect to HTTP servers and disallow another application from doing the same.
Edit: I was just reading this article an hour ago, about how to programmatically add rules to Windows built-in firewall using Delphi:
Can anyone recommend a consumer grade router that has a good GUI for tracking outgoing connections in real-time and setting up rules to control them?
I am imagining some kind of add-on to DD-WRT or derivatives that will put up a real-time graph of devices on my home network and draw lines representing outgoing TCP and UDP connections while also logging them in a tabular format. Both forms would be clickable to drill down for more details (including session packet captures if enabled) as well as set policies like a per device white-list of acceptable IP addresses to connect with.
I know all of this is possible with individual tools like tcpdump or wireshark and ip-tables configs, but that is too painful. I'm looking for a robust GUI on top of all that.
I tried analyzing all outgoing traffic on my laptop for a couple days, there is a surprising amount of noise [1]. Very hard to spot anything nefarious. It's challenging to find anything meaningful without some sort of automation.
Unless it's a low traffic device, like a TV.
But in my research I didn't come across any router level software that did this in a meaningful way (with a GUI).
Maybe a startup opportunity here? +1 with network intrusion detection for home networks. I'd donate to a crowdfund for that.
It might be a little more complicated than a standard consumer-grade router, but it's powerful enough to do almost anything. It's based on FreeBSD and has a reasonably pretty GUI on top of pf.
I've used it on alix embedded hardware before, and have it currently running on an atom supermicro board - both work great.
pfSense is awesome. It won't help a lot with this specific problem (without a lot of manual work). But it's still a great solution. I've been using its multi-WAN capabilities on a Soekris box for a few years now.
I'll second the pfsense option. I just bought a great little Alix based firewall running pfsense (2.1) [1]. I wanted something that was open-source and less of a black box (firewall inside a consumer grade router/modem).
One thing I'm now noticing - Android (nexus7) is quite noisy. I need to get wireshark looking at what this constant trafic is from the tablet to Google (and the BBC sometimes).
Carambola2[1] runs FreeBSD[2] and thus a version (it's way different than OpenBSD's these days) of Packet Filter[3]. Putting the ADSL modem in bridge mode and this very cheap device as an advanced firewall can keep you safe. You have to write the rules manually, it's a time-consuming procedure (a little bit like programming) because it takes a lot of reading, etc. But once you get the hand of it, writing rules your self gives an absolute control of what goes in and out of your network.
Not a networking guy here, and this is nowhere near all you're asking for, but here's a classic GUI-controlled router setup which allowed me to totally block my son's internet access when needed. Sounds like your TV needs that too:
* Router was a Linksys WRT54GL [1] re-flashed with Tomato [2] firmware
IIRC it took two steps to stabilize things:
* One of the menu options [sorry, don't recall which one] allows watching the MAC and IP addresses of connected devices in real time as they come and go. You can somehow assign names to devices in this list to help sort them out. Unhook or power off off everything else or use the OUI lookup or somehow otherwise identify the TV. Click on 'static' so as to force Tomato's DHCP service to make the current IP address fixed for the TV's MAC.
* Now that the TV has a static IP on your LAN, you can use Tomato's 'Access Restriction' on that IP to disallow all outside access. Works as well for restricting one's kids' access to reasonable time ranges -- and cutting them off when necessary ;).
And unfortunately totally doesn't work for a "Smart TV" where you want the TV to be able to browse YouTube but you don't want it to send the names of your local files to anybody.
We need much more capable filtering.
It seems that because of these immoral corporations (hm, aren't they by definition that way?) we as users have to implement the "Great firewall of China" for our own networks. Bad times.
And as Terr_ notes on this page, we should actually fight for the legal mechanisms to forbid such practices and punish the companies who invade our privacy.
I setup a vm to collect net flows from my ddwrt enabled router, and used the http://nfdump.sourceforge.net package to collect and parse them into a daily report of all tcp/Udp connections sorted by bytes...
The real challenge is filtering out all the google and ec2 hosts that you come into contact with while using various services...
The de-facto standard packet logging and tracing UI is wireshark, so if you're going to go the surplus PC route then run wireshark on it. I have no idea if it's available for OpenBSD but it's certainly available for linux and windows.
I have a Buffalo Router, it a DD-WRT firmware, I have a new LG tv too, just bought the stupid thing 1 week ago. Anyways, you can block the websites using this router.
Good news is it works.
Using "DMZ" in this context is very confusing, in common usage it means the exact opposite of what you intended.
A lot of home routers have a "DMZ" feature that gives the device you put in the DMZ full access to the outside internet, but restricts their access to other hosts on the local network.
It's typically used for gaming machines when you can't be bothered to forward a lot of ports individually, I have a gaming console in a "DMZ" on my network so I can play games online without fuss.
This is what sdfjkl is intending I think. Have the TVs/Whatever on the other side so they can't scan your network shares to get the information to send back the HQ.
I would be much more effective, straightforward and ultimately more useful though, to firewall the TVs from the internet outbound so they can collect data all they like and never send it home.
I've been looking into this possibility myself, as we're currently upgrading our home entertainment systems and I was unpleasantly surprised by the lack of alternatives to "smart" TVs.
Unfortunately, typical home or SOHO Internet and wireless set-ups tend not to support something like shoving all your AV equipment on a separate VLAN when it hits a wireless router. Ideally, you'd probably want either direct access from that router to the Internet, isolated from your main network, or if you've got a slightly more advanced set-up, the ability to set up a static route that will only allow traffic from the AV part of your network to your Internet router, again fully isolated from your main network. Sadly, playing with VLANs tends to need a step up to a more serious level of networking equipment and in particular routing hardware, and the price for that is prohibitive at present.
It would certainly be interesting to see some advances in basic routing coming down into the home/SOHO markets, though, and potentially developments of consumer-friendly hardware firewalls as well. As homes become increasingly networked and automated, I suspect there is going to be a growing market for dealing with these kinds of security issues but with minimal set-up and as few different items of networking equipment as possible.
OpenWRT (and dd-wrt, and I'm sure most other wrt variations) let you set up another "virtual" HotSpot. If your AV equipment can do wireless, that's an option.
Also, I just bought my mom a TP-Link device capable of running openWRT for $25 (don't recall the model). If you care about privacy, it's relatively cheap in enabling hardware - it's your time that is going to be expensive.
I'd rather pursue legal mechanisms than technical ones in this case.
They aren't mutually exclusive. In particular, the very fact that a manufacturer tried to do something covertly as part of another system the customer authorised would potentially make their actions a criminal offence where I am, as it clearly becomes unauthorised access and not merely a privacy or data protection issue mostly likely dealt with through regulation or a civil court.
I can't help thinking that the world would be a better place, and one with a lot fewer of these shady behaviours, if the individuals who were knowingly and deliberately arranging them at each company were personally on the hook for that criminal conduct, and not able to just turn a blind eye and rationalise the abuse away because their employer's lawyers could handle any consequences.
The dutch website tweakers.net contacted LG and confronted them with this behaviour. They replied that it was a left over from some functionality that was never fully implemented and it will be removed in an update.
The only possible way to fix this in some way, is having Open alternatives.
Will love that when you buy a tv, you buy just the monitor. Without the tunning hardware or the crappy ooss. Like when you do with projectors.
Then you buy any chromecast, raspberrypi, or something that you can hack.
I can see for 2014/15 having a lot of startups creating small devices to connect to monitors only that tune internet in the same way they tune digital-tv.
Once you have competition in that market, you can start thinking in security.
You can already do all of that if you want. It's not a 2014/15 thing, it's a 2011 thing.
There are a variety of USB-powered android-on-a-stick-with-hdmi solutions out there. You can also buy separate tv tuner boxes pretty cheap. And many tvs run some form of FOSS and are hackable/flashable already.
On my network, I use the following script to convert the hosts file he provides into an unbound config file which I include from my main unbound config, using this script:
Also, my LG TV's WiFi password text box doesn't accept anything other than letters and numbers and not more than 8 chars long. What is this? A 10th grade programming assignment?!
Having to change my router's password to something insecure just to accommodate LG's retarded software sealed the deal : I will never buy anything LG again.
… or use http://fritz.box/html/capture.html if you have a Fritz!Box router – it's a great device anyway but especially useful for capturing your own LAN and WAN traffic.
Not sure how he got it 'connected to his laptop', but probably through that he ran a packet sniffer like Microsoft Network Monitor or something? (I could be way off though lol)
P.S. man this really brings to light the scary world where every device is connected to the net and feeding data to big companies... not that they care about our personal stuff (I'm sure they are just computing data analytics), but it's creepy nonetheless.
The companies probably don't care about your personal data, but if they're collecting it and storing it, organizations who may be interested (FBI, NSA, IRS...) can then obtain your info from them.
Here's my write-up watching Nintendo Wii traffic, but using ethernet port. What I do for wireless devices, is I have an extra router. I connect the secondary router to my laptop's ethernet port then my primary-router(the one connected to the modem) I join with my laptop's wifi. Then, any devices connected to the secondary-router, wired-or-wifi, will have its traffic sniffed by my laptop's wireshark/ngrep.
This was only found because LG was stupid enough to use plain HTTP instead of HTTPS. I wonder how many devices use SSL/TLS for this same thing that just haven't been caught yet.
That's why Intel's future chips that will allow encrypted connections to Intel's servers and be updated whenever Intel wants them to, without the user seeing anything, worry me, too.
Unless they offer a way to accept certificates and use a proxy server. Neither are particularly uncommon, and something like Charles[1] makes this laughably easy.
But i think a lot of these companies know that it would be legally hairy to get into vigilante DRM justice, so instead they just surreptitiously collect data that will let them plot their next move. maybe that's paranoid, but comeon in this day & age everything is logged. Even if they are serving 404s, it's trivial to log that data anyway (as was pointed out) or maybe it goes straight to server logs and someone in LG analytics says in the future "well, that data is there somewhere... we may as well use it"
it's hard for me to imagine someone at a corporation standing up and going "NO! that's violating our users' privacy". they pretty much consider any info they can get to hit their servers to be their property no questions asked
Isn't Windows 8.1 logging local filenames, too, thanks to the integrated Bing search and advertising platform, so then it can serve you ads based on your local files?
I've really enjoyed using my LG TV/network informant. I'm wondering whether LG has any other exciting products I could use.
Do you happen to sell a camera that monitors my location? What about a vacuum that phones home with my fingerprints? Or perhaps a washing machine that steals my dreams?
Thanks for developing the products of The Future!"
The implications are troubling. Your TV collects and broadcasts for the permanent record of anyone who can snoop the cleartext (your neighbors, your ISP, whatever the NSA looks like in your country, etc) all the media it can find on your network.
We used to need firewalls at the edges of our home networks to keep bad actors out. Now we need firewalls that point the other direction to keep the bad actors on our networks in.
A good friend of mine did exactly that for a network some 15 years ago. He called it his "waterwall".
It was for some kind of internet-cafe. But that we seem to need this nowadays for our private homes, troubles me.
What is this with the attitude, that it is ok, to view into the innermost privacy-sphere of your customers? Sorry, but LG is dead and gone for me. A company, that converts its paying customers into a product, ready to be sold to some advertiser just sickens me.
What comes next? Automatically detecting, when people no longer look at the screen, via a camera, to stop the showing of ads and resume, when people return in front of the screen? Or to detect how many people are watching (as Microsoft had patented)?
What happened to good old: We build one thing, sell it and that is fine. Why does everybody have to be an advertising-company, trying to maximize this revenue stream on the back of the live(data) of its paying customers?
I suspect that this is the result of incompetence on their part rather than an actual intent to log private data. Either way though, obviously not good.
7 replies →
Good firewalls should always block unwanted traffic whether it's inbound or outbound. This is not anything new, but you're right that most people trust the devices they own. Not anymore.
Good luck making that easy for the end-user to configure.
4 replies →
I want to try an experiment that goes like this:
1. Block all network traffic, inbound and outbound.
2. When I decide that I need a specific network resource, enable it in a whitelist (i.e. enable traffic to/from news.ycombinator.com on port 80)
I wonder what that Internet would look like.
RFC 3514 makes this easy:
http://www.ietf.org/rfc/rfc3514.txt
They'll just switch to port 80. No one is going to be willing to block that outgoing.
2 replies →
Or boycott LG and any businesses that acts in this manor.
Hey man; it's manner, not manor. Manor is more akin to a large house or mansion.
I am often hesitant to offer this kind of correction because I feel like it sometimes sounds conceited, or as if I am trying to be superior to you somehow. I honestly don't feel that way and am just offering the correction because I feel like I would like to be corrected myself. I respect you for having learned a second language, it's more than I can say for myself.
10 replies →
Or if you're in the EU, where this sort of thing is quite likely to be illegal, complain to your local Data Protection Commissioner.
> Now we need firewalls that point the other direction to keep the bad actors on our networks in.
That's not recent, most firewall do outbound traffic as well, and there are software solely dedicated to outbound traffic management, e.g. http://www.obdev.at/products/littlesnitch/index.html
The real difference is not between outbound and inbound. Classical firewalls have been blocking outbound connections depending on ports since forever.
Firewalls for Windows (I first saw it in ZoneAlarm) introduced application specific filtering. So you can allow one application to connect to HTTP servers and disallow another application from doing the same.
Edit: I was just reading this article an hour ago, about how to programmatically add rules to Windows built-in firewall using Delphi:
http://theroadtodelphi.wordpress.com/2013/11/21/using-the-wi...
Can anyone recommend a consumer grade router that has a good GUI for tracking outgoing connections in real-time and setting up rules to control them?
I am imagining some kind of add-on to DD-WRT or derivatives that will put up a real-time graph of devices on my home network and draw lines representing outgoing TCP and UDP connections while also logging them in a tabular format. Both forms would be clickable to drill down for more details (including session packet captures if enabled) as well as set policies like a per device white-list of acceptable IP addresses to connect with.
I know all of this is possible with individual tools like tcpdump or wireshark and ip-tables configs, but that is too painful. I'm looking for a robust GUI on top of all that.
I tried analyzing all outgoing traffic on my laptop for a couple days, there is a surprising amount of noise [1]. Very hard to spot anything nefarious. It's challenging to find anything meaningful without some sort of automation.
Unless it's a low traffic device, like a TV.
But in my research I didn't come across any router level software that did this in a meaningful way (with a GUI).
Maybe a startup opportunity here? +1 with network intrusion detection for home networks. I'd donate to a crowdfund for that.
[1] http://www.tcpdump.org/
Better a crowd sourced classification algorithm for good an bad traffic? Built-in anomaly detection?
Challenging...
I'm a fan of pfsense:
http://pfsense.org/
It might be a little more complicated than a standard consumer-grade router, but it's powerful enough to do almost anything. It's based on FreeBSD and has a reasonably pretty GUI on top of pf.
I've used it on alix embedded hardware before, and have it currently running on an atom supermicro board - both work great.
pfSense is awesome. It won't help a lot with this specific problem (without a lot of manual work). But it's still a great solution. I've been using its multi-WAN capabilities on a Soekris box for a few years now.
1 reply →
I'll second the pfsense option. I just bought a great little Alix based firewall running pfsense (2.1) [1]. I wanted something that was open-source and less of a black box (firewall inside a consumer grade router/modem).
One thing I'm now noticing - Android (nexus7) is quite noisy. I need to get wireshark looking at what this constant trafic is from the tablet to Google (and the BBC sometimes).
[1] ALIX 2D3 LX800
1 reply →
Carambola2[1] runs FreeBSD[2] and thus a version (it's way different than OpenBSD's these days) of Packet Filter[3]. Putting the ADSL modem in bridge mode and this very cheap device as an advanced firewall can keep you safe. You have to write the rules manually, it's a time-consuming procedure (a little bit like programming) because it takes a lot of reading, etc. But once you get the hand of it, writing rules your self gives an absolute control of what goes in and out of your network.
[1] http://8devices.com/carambola-2
[2] https://code.google.com/p/freebsd-wifi-build/wiki/Carambola2
[3] http://www.freebsd.org/doc/handbook/firewalls-pf.html
Not a networking guy here, and this is nowhere near all you're asking for, but here's a classic GUI-controlled router setup which allowed me to totally block my son's internet access when needed. Sounds like your TV needs that too:
* Router was a Linksys WRT54GL [1] re-flashed with Tomato [2] firmware
IIRC it took two steps to stabilize things:
* One of the menu options [sorry, don't recall which one] allows watching the MAC and IP addresses of connected devices in real time as they come and go. You can somehow assign names to devices in this list to help sort them out. Unhook or power off off everything else or use the OUI lookup or somehow otherwise identify the TV. Click on 'static' so as to force Tomato's DHCP service to make the current IP address fixed for the TV's MAC.
* Now that the TV has a static IP on your LAN, you can use Tomato's 'Access Restriction' on that IP to disallow all outside access. Works as well for restricting one's kids' access to reasonable time ranges -- and cutting them off when necessary ;).
--------
[1] http://www.newegg.com/Product/Product.aspx?Item=N82E16833124...
[2] http://www.polarcloud.com/tomato
And unfortunately totally doesn't work for a "Smart TV" where you want the TV to be able to browse YouTube but you don't want it to send the names of your local files to anybody.
We need much more capable filtering.
It seems that because of these immoral corporations (hm, aren't they by definition that way?) we as users have to implement the "Great firewall of China" for our own networks. Bad times.
And as Terr_ notes on this page, we should actually fight for the legal mechanisms to forbid such practices and punish the companies who invade our privacy.
1 reply →
I setup a vm to collect net flows from my ddwrt enabled router, and used the http://nfdump.sourceforge.net package to collect and parse them into a daily report of all tcp/Udp connections sorted by bytes...
The real challenge is filtering out all the google and ec2 hosts that you come into contact with while using various services...
Surplus PC with an extra NIC and OpenBSD.
Edit: oops sorry you wanted a GUI. I'm guessing there are some GUI tools for pf around but I don't know of any.
The de-facto standard packet logging and tracing UI is wireshark, so if you're going to go the surplus PC route then run wireshark on it. I have no idea if it's available for OpenBSD but it's certainly available for linux and windows.
OpenWRT allows you to track connections with LUCi.
I have a Buffalo Router, it a DD-WRT firmware, I have a new LG tv too, just bought the stupid thing 1 week ago. Anyways, you can block the websites using this router. Good news is it works.
If in the UK take it back to the shop and tell them why. It is faulty - it is sending personal data out to the internet.
Seems it's time to put your closed-source consumer devices into a DMZ, with carefully limited access to both the internet and your home network.
Using "DMZ" in this context is very confusing, in common usage it means the exact opposite of what you intended.
A lot of home routers have a "DMZ" feature that gives the device you put in the DMZ full access to the outside internet, but restricts their access to other hosts on the local network.
It's typically used for gaming machines when you can't be bothered to forward a lot of ports individually, I have a gaming console in a "DMZ" on my network so I can play games online without fuss.
This is what sdfjkl is intending I think. Have the TVs/Whatever on the other side so they can't scan your network shares to get the information to send back the HQ.
I would be much more effective, straightforward and ultimately more useful though, to firewall the TVs from the internet outbound so they can collect data all they like and never send it home.
1 reply →
I've been looking into this possibility myself, as we're currently upgrading our home entertainment systems and I was unpleasantly surprised by the lack of alternatives to "smart" TVs.
Unfortunately, typical home or SOHO Internet and wireless set-ups tend not to support something like shoving all your AV equipment on a separate VLAN when it hits a wireless router. Ideally, you'd probably want either direct access from that router to the Internet, isolated from your main network, or if you've got a slightly more advanced set-up, the ability to set up a static route that will only allow traffic from the AV part of your network to your Internet router, again fully isolated from your main network. Sadly, playing with VLANs tends to need a step up to a more serious level of networking equipment and in particular routing hardware, and the price for that is prohibitive at present.
It would certainly be interesting to see some advances in basic routing coming down into the home/SOHO markets, though, and potentially developments of consumer-friendly hardware firewalls as well. As homes become increasingly networked and automated, I suspect there is going to be a growing market for dealing with these kinds of security issues but with minimal set-up and as few different items of networking equipment as possible.
OpenWRT (and dd-wrt, and I'm sure most other wrt variations) let you set up another "virtual" HotSpot. If your AV equipment can do wireless, that's an option.
Also, I just bought my mom a TP-Link device capable of running openWRT for $25 (don't recall the model). If you care about privacy, it's relatively cheap in enabling hardware - it's your time that is going to be expensive.
You'll still find some manufacturer who slips the nefarious content right in along with the same datastream that offers a legitimate service...
I'd rather pursue legal mechanisms than technical ones in this case.
I'd rather pursue legal mechanisms than technical ones in this case.
They aren't mutually exclusive. In particular, the very fact that a manufacturer tried to do something covertly as part of another system the customer authorised would potentially make their actions a criminal offence where I am, as it clearly becomes unauthorised access and not merely a privacy or data protection issue mostly likely dealt with through regulation or a civil court.
I can't help thinking that the world would be a better place, and one with a lot fewer of these shady behaviours, if the individuals who were knowingly and deliberately arranging them at each company were personally on the hook for that criminal conduct, and not able to just turn a blind eye and rationalise the abuse away because their employer's lawyers could handle any consequences.
The dutch website tweakers.net contacted LG and confronted them with this behaviour. They replied that it was a left over from some functionality that was never fully implemented and it will be removed in an update.
Most of the commenters there don't buy that story, just like here. Full story (dutch): http://tweakers.net/nieuws/92747/lg-erkent-versturen-privacy...
The only possible way to fix this in some way, is having Open alternatives.
Will love that when you buy a tv, you buy just the monitor. Without the tunning hardware or the crappy ooss. Like when you do with projectors.
Then you buy any chromecast, raspberrypi, or something that you can hack.
I can see for 2014/15 having a lot of startups creating small devices to connect to monitors only that tune internet in the same way they tune digital-tv.
Once you have competition in that market, you can start thinking in security.
You can already do all of that if you want. It's not a 2014/15 thing, it's a 2011 thing.
There are a variety of USB-powered android-on-a-stick-with-hdmi solutions out there. You can also buy separate tv tuner boxes pretty cheap. And many tvs run some form of FOSS and are hackable/flashable already.
Sure, you or I can do that. But there is a large majority of the population who are unable to do that.
Here is the list of domains from the original doctor beets post linked in the this story to block on your router to stop this:
ad.lgappstv.com
yumenetworks.com
smartclip.net
smartclip.com
smartshare.lgtvsdp.com
ibis.lgappstv.com
FWIW, all of these are in Dan Pollocks ad blocking hosts list:
http://someonewhocares.org/hosts/
On my network, I use the following script to convert the hosts file he provides into an unbound config file which I include from my main unbound config, using this script:
https://github.com/jodrell/unbound-block-hosts
This provides ad blocking for my entire network, including my smart tv.
Thanks, was looking for a list like this. I've blocked them all via DNS, hopefully doesn't break anything too important.
What sort of communication between your TV and these domains would you feel is important?
1 reply →
Why not just blocking traffic originating from the device in question?
1 reply →
Previous discussion from the original DoctorBleet finding:
https://news.ycombinator.com/item?id=6759426
Also, my LG TV's WiFi password text box doesn't accept anything other than letters and numbers and not more than 8 chars long. What is this? A 10th grade programming assignment?!
Having to change my router's password to something insecure just to accommodate LG's retarded software sealed the deal : I will never buy anything LG again.
The dangerous precedent set here is inclusion of Terms & Conditions on multipurpose electronic hardware.
Genuine, question. How does one actually go about sniffing traffic from a device like this? This is really interesting stuff.
1) Install Wireshark
2) Connect laptop to Wifi network
3) Connect TV to laptop's Ethernet port (and set TV to use wired Ethernet)
4) "Share" your wifi connection with devices on the Ethernet port.
5) Run Wireshark and start a capture session on your [edit: Ethernet] port.
Edit: recommend capturing from Ethernet port as there will be less other traffic.
… or use http://fritz.box/html/capture.html if you have a Fritz!Box router – it's a great device anyway but especially useful for capturing your own LAN and WAN traffic.
1 reply →
You would need a Ethernet crossover cable for step 3, not the regular cable, correct?
1 reply →
If it's unencrypted (it is):
Use a network hub + ethernet (not a switch)
OR:
use wireless
OR:
Make your router/switch replay the packets to a port of your choosing.
Then most people use wireshark. But you can use tcpdump/pcap or whatever else you want.
Not sure how he got it 'connected to his laptop', but probably through that he ran a packet sniffer like Microsoft Network Monitor or something? (I could be way off though lol)
P.S. man this really brings to light the scary world where every device is connected to the net and feeding data to big companies... not that they care about our personal stuff (I'm sure they are just computing data analytics), but it's creepy nonetheless.
The companies probably don't care about your personal data, but if they're collecting it and storing it, organizations who may be interested (FBI, NSA, IRS...) can then obtain your info from them.
> through that he ran a packet sniffer like Microsoft Network Monitor or something?
The screen cap's look like it was Wireshark: http://www.wireshark.org/
Here's my write-up watching Nintendo Wii traffic, but using ethernet port. What I do for wireless devices, is I have an extra router. I connect the secondary router to my laptop's ethernet port then my primary-router(the one connected to the modem) I join with my laptop's wifi. Then, any devices connected to the secondary-router, wired-or-wifi, will have its traffic sniffed by my laptop's wireshark/ngrep.
http://blog.sanriotown.com/minusworld:hellokitty.com/2011/02...
This was only found because LG was stupid enough to use plain HTTP instead of HTTPS. I wonder how many devices use SSL/TLS for this same thing that just haven't been caught yet.
That's why Intel's future chips that will allow encrypted connections to Intel's servers and be updated whenever Intel wants them to, without the user seeing anything, worry me, too.
http://www.popularresistance.org/new-intel-based-pcs-permane...
http://semiaccurate.com/2012/05/15/intel-small-business-adva...
Unless they offer a way to accept certificates and use a proxy server. Neither are particularly uncommon, and something like Charles[1] makes this laughably easy.
[1] http://www.charlesproxy.com
Can you self sign other people packages with Charles? That's crazy!
3 replies →
reminds me of the old sony rootkit cd stuff.
But i think a lot of these companies know that it would be legally hairy to get into vigilante DRM justice, so instead they just surreptitiously collect data that will let them plot their next move. maybe that's paranoid, but comeon in this day & age everything is logged. Even if they are serving 404s, it's trivial to log that data anyway (as was pointed out) or maybe it goes straight to server logs and someone in LG analytics says in the future "well, that data is there somewhere... we may as well use it"
it's hard for me to imagine someone at a corporation standing up and going "NO! that's violating our users' privacy". they pretty much consider any info they can get to hit their servers to be their property no questions asked
Isn't Windows 8.1 logging local filenames, too, thanks to the integrated Bing search and advertising platform, so then it can serve you ads based on your local files?
"Dear LG,
I've really enjoyed using my LG TV/network informant. I'm wondering whether LG has any other exciting products I could use.
Do you happen to sell a camera that monitors my location? What about a vacuum that phones home with my fingerprints? Or perhaps a washing machine that steals my dreams?
Thanks for developing the products of The Future!"
I cut my finger on this edge.
What is this even supposed to be doing? Monitoring the user's watching habits is evil but unsurprising. But why do they even want your filenames?
So who's going to be the first to start sending bogus data to LG's endpoints?
Could do some very fun things to their statistics.
Coming soon to an episode of CSI
Great work by Samsung!
Did anyone think DRMed systems can ever be trusted? If you are using one, expect stuff like this by default.