Slashdot Mirror
Android Ransomware Hits Smart TVs (trendmicro.com)
Reader Trailrunner7 writes: Security researchers have discovered a variant of the FLocker Android ransomware that not only infects mobile devices, but also can infect smart TVs running certain versions of the operating system. FLocker ransomware has been active for more than a year now, and it is many ways a typical piece of mobile ransomware. It is designed to scare victims into paying a ransom -- $200 in this case -- by locking the infected device and throwing up a screen that accuses the victim of some fictitious crime. The ransomware doesn't appear to encrypt files on an infected device, but it locks the screen so the user can't open any other apps or take any other actions until paying the ransom.
Researchers at Trend Micro said they have seen various versions of FLocker over the last year and the activity level of the ransomware has varied. The newest version of the malware, however, includes the ability to infect art TVs, many of which run Android.
Researchers at Trend Micro said they have seen various versions of FLocker over the last year and the activity level of the ransomware has varied. The newest version of the malware, however, includes the ability to infect art TVs, many of which run Android.
Why can't someone hack the cable box & unlock free hbo? holding the cable co / hbo and get a nice ransom from them?
Sorry sir, we no longer support that model (or your warranty doesn't cover software). We can service it for 90% of the cost of a new TV, or recommend some of our newer models.
always have a throwaway box first, like for instance, an antenna switch for rabbit ears or rooftop.
if this is supposed to be a new economy, how come they still want my old fashioned money?
For local content, an RPi2 works flawlessly ($35). For streaming, a first generation Chromecast works flawlessly ($35). For anything else, a laptop and a long HDMI cable does the trick.
If my Chromecast gets infected, that would be a bummer but I'd be out $35. If my RPi2 gets infected, I'll wipe it and start over again.
Why can't someone hack the cable box & unlock free hbo? holding the cable co / hbo and get a nice ransom from them?
cuz its in crypt.
Don't all Android devices deny Unknown Sources for App installation by default? Don't Android TVs?
Seems like this is a non-issue for people who know where the power button is... and know how to use it.
For too long, LUDDITES have been writing LUDDITE software disguised as apps like this ransomware "app", taking away jobs from hard-working app appers. Vote for Appald Trump, and he will MAKE APPS APPY AGAIN! All LUDDITES will be deported to LUDDITE Mexico, and American companies will be forced to app apps that app other apps!
Apps!
No such thing as ransomware or viruses on iOS or tvOS....
where /. was asking why people wanted or avoided "Smart" televisions?
Consider this exhibit A in the Not column.
http://blog.newskysecurity.com/2015/08/removing-android-ransomware-from-my-tv/
That's not an option with many new TVs: they require network connectivity or else they won't even work as a TV or display monitor.
This is probably a good reason to buy your TV from Walmart actually: it's trivially easy to throw stuff back in the box (poorly) and get a full refund at your local Walmart. With Amazon, they'll probably require you to pay for return shipping costs.
This is why I only use "science TVs"!
Just don't fucking buy a TV with networking. Are you having difficulties understanding that?
Hillary will fail so badly. Look at how she's failed to protect the american outpost in benghazi!
Free HBO? That was the cool thing to do.....in the 1980s (Having grown up in the 80s, I remember this well, along with IRoc cars, La Bamba (movie and song remake), and casette tape Walkmans)
You have to be pretty dumb to buy one.
"
Researchers at Trend Micro said they have seen various versions of FLocker over the last year and the activity level of the ransomware has varied. The newest version of the malware, however, includes the ability to infect art TVs, many of which run Android
"
I'm sure it's not "Art TVs" you're missing something off the front of art. I'm guessing an F.
/ No, I'm not a 12 year old boy, but I play one on TV!
The only "smart" in "smart" TVs is the marketing effort behind them which convinces the sheep they want one.
Mod me down with all of your hatred and your journey towards the dark side will be complete!
Multiple function devices always give up some functionality. "Flying cars" are expensive, poor cars and expensive, poor planes. Swiss army knives are great, but never as nice a blade as a good hunting knife.
TV/VCR Combo are stupid know. Ten years from now, the smart TV will also be stupid. Better to get a huge monitor and connect it to a good computer - that you can update in 5 years, keeping the monitor for another 10
Smart TV's etc. are not worth it.
excitingthingstodo.blogspot.com
Not during the football Euro Championship! How can you!
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Is there still one offered without?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
How about Ethernet/WiFI===>cheap smart tv box===>good quality non-smart tv? The boxes are small enough now to simply mount to the back of your set or hide somewhere and if the box gets bricked/turned into a storage device for illicit material that a bot net uses, you simply replace the box and throw away/grind it down.
Z. Cavaricis FTW.
And if you can imagine implementing the whole "internet of things" you could wake up every morning to find out something like this about all sorts of critical systems on your house!
The "internet of things" is a COMPLETELY stupid concept; I'm not sure why people seem to keep promoting it.
-Styopa
I still have a "dumb" TV. It's not big screen, only 32", but good enough, and a better fit for my not-so-big living room anyway. And no ransomware worries.
Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
As someone who doesn't use any features of a "Smart TV", I'm curious what the attack vector is?
I was doing it as late as 2004. Why? Because breaking smart cards was more fun than actually watching TV, which has mostly uninteresting crap.
Why can't someone hack the cable box & unlock free hbo?
That's been done ever since HBO was a thing. From the days of analog cable boxes through today.
That disconnecting your smart TV from the Internet is the smartest thing of all. I want a screen, not another marketing / malware opportunity.
Security researchers have discovered a variant of the FLocker Android ransomware that not only infects mobile devices, but also can infect smart TVs running certain versions of the operating system.
Oh so you mean the malware doesn't inspect the screen resolution and block itself from running if it's a large screen? Fascinating.
Not really. You can buy computer monitors, but they don't get much above 32".
Heh, my combo set (which I didn't pay a dime for, and whose VCR broke long ago) can't play DVDs through the video input. The video passes through the VCR's AGC circuit whether I am using it or not, and Macrovision signal corruption creates brightness flicker as is its pathological intent. I use my xdimax Grex time-base corrector on it when I must.
I always recommend against "smart" TVs myself. To describe it succinctly, the upgrade life-cycle of a TV is much longer than the upgrade cycle of a streaming appliance. If TVs had slots for plug-in cards that would be better, but we don't really have anything like PCI or Cardbus for TV sets.
Yep, it's called a commercial set. and contrary to the videophiles, they have an awesome picture.
Do not look at laser with remaining good eye.
Really? then how did I get this planar 50" that is just a basic display with inputs only?
Do not look at laser with remaining good eye.
He was asking if you can buy one (in the present tense), not whether or not you already bought one in the past perfect tense. This is about 2016, not 2008.
Now, if you wanna tell us that you recently bought your dumb TV, and also mention its manufacturer's name and its model, great! You'll be contributing to the conversation. (Otherwise: WTF, dude? We care as much about your old TV as your old coffee-maker or your favorite brand of toothpaste.)
I would be extremely surprised if a tv did this, as its a good way to get returns. Because there are many reasons why a network connection can't be made.
First, WiFi may require a password - not just a wpa key, but a captive portal. Second, Ethernet may not be available. Third, the user may just want to get something on the screen in a hurry (perhaps they bought the first TV they saw to replace a broken one for the big game). Finally, internet may not be available, period (e.g., trade show).
Or the user wants to have a TV to watch and wait for their kids to come over on the weekend to set up the wifi stuff.
>> always have a throwaway box first, like for instance, an antenna switch for rabbit ears or rooftop.
>
> Ha ha! Connecting a TV with Ethernet. You must be old. Does your house smell like onions and old books? How's your prostate working??
You're confused. Wireless is for people that have old houses that are the equivalent of an old man with a bad prostate. Wireless is what's for people that can't or won't get with the times.
A Pirate and a Puritan look the same on a balance sheet.
Yes. I recently got this one cause it's 4k without the smart "features". https://www.amazon.com/LG-Electronics-49UF6700-49-Inch-Ultra/dp/B016W8XDY8/ref=sr_1_8?s=tv&ie=UTF8&qid=1465851983&sr=1-8&keywords=4k+tv&refinements=p_n_feature_keywords_three_browse-bin%3A7688788011%2Cp_n_size_browse-bin%3A1232882011%2Cp_72%3A1248879011
I've been unfortunate enough to garner a few IoT devices, including a Samsung Smart TV. With a little bit of effort and a decent Asus Router with Tomato firmware I've placed any questionable devices on isolated VLANs so they don't affect the rest of of my trusted network. I can also block or whitelist their outbound traffic if needed.
Have a squat over at the hobo house.
In 5 years you may not be able to buy a dumb TV anymore, as manufacturers are shifting away from them. It's rather onerous to buy a dumb TV now, unless you want to order one online and deal with returning the first couple that show up broken. Go to any big box store and look at the big screen display televisions they have hooked up. Almost every one of them is internet enabled and some of them are internet required. As in, if you turn on your TV and it can't phone home to the mother ship, you aren't watching anything today. Not even from your DVD player.
A TV is no longer an appliance that you buy, own, and use as you see fit. Having a TV in your home is quickly becoming a "service" that you must license and rent from a company like Samsung. Of course Samsung won't send you a monthly bill like the cable company does; they'll get their cut through the device itself, with always-on microphones, viewer analysis that would make the Neilsen ratings people cream their pants, unskippable advertising, and constant spying on your household to monetize you. This isn't tinfoil hat stuff, it's been evolving for a few years already.
The masses will accept these Telescreen devices because the price goes down a couple hundred dollars. And the manufacturers will stop making televisions that don't do this shit. Give it a few years and trying to buy a dumb TV that doesn't require internet access will get you blank stares or laughed out of the store like you'd get if you tried to buy a CRT television today. You and I, who want to buy a TV without any of these "features," will be relegated to poking around at garage sales hoping to find one that still works.
"If there was a gay Afro-Puertorican Linux distribution, I'd give it a try" ~lucm
We would like to know that too, so in case you ever find out, please enlighten us.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Proof or you made that up. I'm going to block everything outside my LAN to the TV at the router.
>32" is out of the main stream for computer monitors. If you search on Amazon, you get a bunch of oddball shit, about half of which is priced exorbitantly.
https://www.amazon.com/s/ref=n...
Which one of these "reasonably priced" models do you own? Whichever one, that wasn't exactly a savvy purchase. They are more expensive than a 2016 4K TV, and don't have any of the image enhancement features of modern TVs (upscaling, local dimming, etc) and aren't newer display technology like VA, OLED, IPS.
Only one of the 10+ models listed has a review, and only one review. Big sellers I guess.
There is one model that's listed at ~$1k, the rest are >$2k many of which are $5k+. The $1k model is a plain old TN LCD display (hello, 1997). The first listing if $2.2k and is also a plain old TN LCD.
I guess my biggest question is if you aren't using the "smart" features of the TV, installing apps, browsing the internet, etc, how is it getting infected with malware? From what I'm reading (in the sparsely detailed linked article) this isn't something that gets brought in from outside the device (bringing it in on an infected phone or pc), you have to install the offending app on the TV.
It seems to me that the only people that are affected by this are the people that want to use the "smart" features of the TV. The people that don't care to use apps on their TV are fine. I get that having a TV connected to a network opens an attack vector, but for this particular virus that isn't the source of the problem. And setting up a segmented network for your smart tv gets you around that problem.
Wireless is a LOT slower than wired, so if you are a casual user of the internet I guess you could get by with just wireless.
Get your router tables ready, you're going to be setting up some new rules real soon! :P
I'm to lazy to go look up the articles for other people. Today, I'm not even doing it for myself.
I think people are learning the wrong lesson here. This story is why you want your computer (whether it's in a separate box or inside of the monitor) to be maintainable.
Boot your computer from rescue/install image and either remove the malware or re-install (preferably a newer version of the OS, which doesn't contain whatever bug enabled the installation of the malware in the first place). If you can't do that, then it's a shitty computer no matter how big the bundled monitor is.
It doesn't matter that the monitor and the computer are in the same enclosure. Many people are reasonably happy with their phones, tablets, iMacs, etc -- all essentially the same thing as "Smart TVs" just on a physically smaller scale.
You're just unhappy because the market is full of extremely shitty products, even if based on decent technology. Putting computers in everything is good, but that's assuming you aren't choosing user-hostile computers! Take any good application for a computer, and I could turn it into your worst nightmare by substituting the computer with a hostile computer. That doesn't make the tech bad, though.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Yeah, that's a good question. I really don't know, but you're probably right: if you don't mind being spied on by the TV maker (which is why it needs to be connected to the internet ultimately, for the phone-home "feature"), but don't mess around with any of the other "smart" features, and especially if you're behind any typical NAT router, I don't see how you'd get infected with anything unless the TV maker's own service gets compromised.
And you still thought connecting your TV to the Internet was a pretty neat idea.
I told you so.
"Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
I don't know anybody who has either. So basically Smart TV's run on Android Linux and since they are computers you "could" have a problem just like any computer. The only people who would ever try to hack your TV are big corporations and the American government. How is this /. news?
You misunderstood. Different AC here, but I'm pretty sure the other guy meant to make fun of the notion that you can prevent these shenanigans by "never connecting the TV to Ethernet". If you don't enter the Wifi password, the TV will use the access you granted some other appliance from the same manufacturer, or your neighbor's. At least some of the appliances will come with M2M SIMs, so even not having a wireless access point won't save you. To think that you could easily prevent future TVs from connecting to the Internet is, well, old people thinking.
Multi-plataform virus in Windows...or the zombie installed in the Android phone of your friend that asked for your "password". Or IPv6.
Yes, that's bull shit. It makes no sense, but imagine where someone gets that idea. The TV can't guarantee you have a network connection when you open the box. Sure, a new TV will bug you on first boot when it goes through its Welcome process to enter a network config. But if you don't have a network connection, you can skip and do that later.
Not every place you put a TV will have network. Manufacturers know that.
At our house, we skipped that step. Our TV known nothing about a home network. We use a Roku device instead. If the Roku ever breaks (or hacked?) we spend less than $100 to replace it.
Just because you are too poor to buy the real deal does not mean others are not.
and considering that Planar is commercial quality, it's actually not bad for the price. you are just used to low grade crap at low grade crap prices. Here at the office we have a 9 panel planar video wall made up of these... just for security and networking operations.
http://www.newegg.com/Product/...
quite affordable for a 24/7 commercial display, You want to buy a $499 display rated for maybe 3 hours a day use.
The root problem is this: The Android system does not allow you to back up images of your device (via USB to a PC or Mac) and restore the device from a PC or Mac when something goes wrong. With Desktops and Laptops, I save images of C: and Macintosh HD (using Paragon software for PCs, the built in Disk Utility for the Macs). I also save my data on other partitions than C: or Macintosh HD where allowed. When something goes badly wrong I don't even try to figure it out; I just restore the last good image.
I may be poor, but paying more for less is retarded. If the shoe fits.
LG have a few "dumb" TVs, Samsung has a few. I'd also consider Roku models a safe bet. Heck, I bought a lesser brand 50" 1080p last spring for $400.