Even the Dumbest Ransomware Is Almost Unremovable On Smart TVs

An anonymous reader writes: Apparently even the easiest-to-remove ransomware is painfully hard to uninstall from smart TVs, if they're running on the Android TV platform, and many are. This didn't happen in a real-world scenario (yet), and was only a PoC test by Symantec. The researcher managed to remove the ransomware only because he enabled the Android ADB tool beforehand, knowing he would infect the TV with the ransomware. "Without this option enabled, and if I was less experienced user, I'd probably still be locked out of my smart TV, making it a large and expensive paper weight," said the researcher.

"Reset to factory settings" button

[ZorinLynx]

Why the heck don't these devices have a "Reset to factory settings" button?

Flash memory is cheap. Have a permanent, unmodifiable copy of the firmware the device ships with. If you power it on while holding the button, copy that firmware over as the active firmware, clear out the user data area, and restart. Boom! TV is back to normal.

This sort of thing is ludicrously easy to implement and would save the companies money on warranty repairs.

I have a JBL speaker that I had to ship back to the manufacturer to be replaced because of a bad firmware update. A simple reset button like the one I described would have saved me a ton of pain and saved JBL money on shipping the speaker both ways. WHY isn't this sort of thing universal?

Re:"Reset to factory settings" button

[Irate+Engineer]

I have a JBL speaker that I had to ship back to the manufacturer to be replaced because of a bad firmware update. A simple reset button like the one I described would have saved me a ton of pain and saved JBL money on shipping the speaker both ways. WHY isn't this sort of thing universal?

Because, for every person like you, there are 10 that would just say "Speaker not work. Must buy new speaker." Repair options do not spur new sales.

Re:"Reset to factory settings" button

[ZorinLynx]

This is a $400 speaker. Are you saying people are such sheep that after doing a firmware update that breaks the speaker, they wouldn't bitch to the manufacturer? I find it hard to believe anyone would give up on a $400 speaker that quickly, unless they are rich and $400 is nothing to them.

Re:"Reset to factory settings" button

[gstoddart]

Because companies are lay, cheap, overly optimistic, and not really interested in designing robust products which can be maintained over their lifecycle.

Extra money spent up-front cuts into profitability, adds cost and complexity, and would have to be done by an organization which is cautious and makes long-term plans.

Do you think the marketing guys screeching to get the product out before Christmas give a crap about any of this stuff?

Sure, lots of things can be designed robustly. But increasingly, nobody gives a damn. They just figure you'll just buy another TV.

Consumer electronics aren't exactly being designed to the highest engineering standards known to man. They're being put out the door as cheaply as possible.

Re:"Reset to factory settings" button

[gstoddart]

I find it hard to believe anyone would give up on a $400 speaker that quickly, unless they are rich and $400 is nothing to them.

I find it hard to believe a damned speaker needs firmware upgrades.

Oh, but wait, it's controllable by an app, has Bluetooth and wifi, and connects to the internet, right?

Yeah ... me, I don't want speakers which do that stuff. Precisely because time and time again companies demonstrate they're terrible at it, and you end up with a product with a MUCH shorter lifecycle -- because it's focused on 10 things besides being a good speaker.

My guess, if it needs firmware updates, it's really a $100 speaker with a bunch of extra crap slapped onto it.

These days, digital pretty much means disposable.

Re:"Reset to factory settings" button

[Noah+Haders]

i had to upgrade the firmware on my wireless powered speakers, and it was a pain. next time, i'm getting a pair of passive speakers and an integrated amp.

Re:"Reset to factory settings" button

[Noah+Haders]

yes, but which capacitor was it? and how do you fix it? maybe they wanted to get a 4k anyway?

Re:"Reset to factory settings" button

[gstoddart]

Define "good speaker".

And there's the rub ... if you ever describe the sound of your speakers as "moist, peaty, and with chocolate overtones" ... well, I have no idea what you consider to be a "good" speaker. I sure as hell can't hear what you claim to be able to.

I currently own four of these, and highly recommend them.

They still use old-fashioned head-phone jacks, can be daisy chained, have hours of battery life and can be charged from USB ... utterly compatible with everything from an original Walkman to an iPhone, because everything still uses that headphone jack. There's no app or custom software, just a little 3.5mm jack. There's also no firmware updates.

Those little suckers have traveled with me for the last 4 years ... they've been in hotels, in tropical resorts, in my backyard, poolside ... all four of them weigh in at less than a pound and take up very little space. Two of them have traveled with me everywhere I have flown since I got them, the other two are much newer but give me a little more flexibility.

Being small little speakers, they have the benefit that in a relatively short distance you can't hear them at all. Which means the wife and I can have music that people 30 feet away can't even hear -- which is a bonus when you're in the back yard or lounging by a pool and don't want to disturb other people.

I have literally hundreds if not thousands of hours on the damned things. I consider them awesome speakers, mostly because of their utility and portability.

I'm with you, for overall utility and convenience, I define "good" as "good enough". But they completely eschew any form of network or wireless technology, because they don't need it.

smart tvs are not smart

[The-Ixian]

Is there any "smart" TV that actually works well?

I have owned a few and I always end up hooking up the Roku because it just works.

Seems like this is another reason not to hook up your smart TV to the Internet.

Re:smart tvs are not smart

[TheCastro1689]

I have a LG 3D Smart TV and the apps on it suck. They're slower than my Apple TV or my XboxOne. I had one roommate that liked to push his Netflix from his phone to the TV, but that was the only time it was used like that.

Re:smart tvs are not smart

[UnknowingFool]

Well there's also the other problem that the software works fine for a while. But often they get few updates if any. So the features, UI, etc remain stuck for years. Take Netflix, for example, which has changed their interface and added more features. Most likely a smart TV's Netflix app will never see them. Little changes like changing the search alphabet layout, prominently displaying what you were watching last when it opens, etc. make a big difference.

Re:Smart TVs Are Not Smart

[sudon't]

Right. Here's what I worry about - the next time I need a new TV, (or any other appliance), am I gonna be able to buy a "normal" one? Really, I fear manufacturers and app developers more than I fear actual malware. As it is, my TV is basically a monitor, and that's how I like it.
The less shit connected to the internet, the better, as far as I'm concerned, and I don't use wireless for any device except my phone.

Re:Android == Windows?

[webmistressrachel]

"Windows CE didn't have that sort of penetration" - this is not actually accurate, companies just didn't Internetwork all of their rubbish embedded systems, leaving them unexposed

I'm still surprised every time I see a new example of a living installation of CE still in use in 2015.

Examples still in use today include:

- POS and cash registers (Fujitsu, others)

- ATMs (newer ones use a variant of 7 called Embedded, the successor to CE)

- devices with a display in a supermarket that can read barcodes, and check stock or prices (so called "guns", ASDA, Wal*Mart, Tesco)

- devices used to take signatures for postal delivery and parcel delivery (Royal Mail, UPS)

- devices to log utility meter readings in the field (G4S, British Gas)

- Police Airwave terminals of various descriptions (the Compaq iPaq with peripheral for fingerprint reader paired with a PCMCIA II Airwave modem, gives Greater Manchester Police an ID for a suspect in less than 30 seconds.)

Again: Big Dumb Co

[ThatsNotPudding]

After I win All The Lotteries, I will form Big Dumb Company, with the principal division being Big Dumb Appliances, such as clothes and dish washers that are so well built, they can be handed down at least two generations, stupidly fixable with decades-long part availability, and that are designed to accomplish one task: WASH THINGS.

Same with TVs - or should I say monitors - with the best display possible, replaceable power supplies, interface ports (sans wireless nor Ethernet) out the kazoo, AND DUMB AS A BAG OF HAMMERS. Tuner? game console? Roku? Fantastic: PLUG THEM IN. What will the TVs do? DISPLAY THINGS, PERIOD.

Now, onto phone / Internet service: BIG DUMB PIPE.