Slashdot Mirror
Android Ransomware Infects LG Smart TV, Company 'Refuses' To Help (bleepingcomputer.com)
Security firms have been warning us for more than a year about the possibility of Android malware jumping from phones and tablets to other Android-powered devices, such smart TVs. The latest incident involving ransomware on a smart TV involves software engineer Darren Cauthon, who revealed that the LG smart TV of one of his family members was infected with ransomware right on Christmas day. What's worse? He claims LG wouldn't help him with perform factory reset of the device. From a report: Based on a screenshot Cauthon posted online, the smart TV appears to be infected with a version of the Cyber. Police ransomware, also known as FLocker, Frantic Locker, or Dogspectus. The infected TV is one of the last generations of LG smart TVs that ran Google TV, a smart TV platform developed by Google together with Intel, Sony, and Logitech. Google TV launched in 2010, but Google discontinued the project in June 2014. In the meantime, LG has moved on from Google TV, and the company's TVs now run WebOS. Cauthon says he tried to reset the TV to factory settings, but the reset procedure available online didn't work. When the software engineer contacted LG, the company told him to visit one of their service centers, where one of its employees could reset his TV.
So, will they be renaming the company to "Life Sucks"?
Great minds think alike; fools seldom differ.
"the smart TV appears to be infected..."
I guess the TV ain't so smart now...
Everything I write is lies, read between the lines.
Just wait for best buy to up sell geek squad for smart tvs
I can't think any better demonstration of why smart TVs are such a bad idea than this. I hope this story gets as much chatter as possible.
"The company told him to visit one of their service centers, where one of its employees could reset his TV."
funny, that seems like a legit offer of help.
they'll be wiping its memory and re flashing it entirely. hence send it to a service center.
I bought one of them Smart TVs, but it still had all the same dumb shows on it, so we put it up on a pair of sawhorses and are now using it as a dining table. Assholes at Best Buy didn't want to give me a refund.
You are welcome on my lawn.
Trying to load some off the wall app and they get ransom-ware instead.
Who'd of thunk it!
A bullet may have your name on it, but artillery is addressed to " Whom It May concern"
when I was buying tv's a few years ago, the only models in the size I wanted were 'smart'.
ok, no big deal. just don't give it a wifi access and don't ever let it on the net.
simple. mine is still using factory firmware (which has bugs but the cure is worse, I'm told) and it won't ever be upgraded.
it just runs hdmi from my htpc and that's that. I don't have cable/etc - I download what I want and watch it on the pc. bonus that the vizio sets would support 1080p@120hz and my intel skylake chip also supports native 120hz out of hdmi (you MUST have a tv that is 1.4b hdmi or better or it won't see all the 'lanes' on the hdmi cable, essentially, and you will be limited to 60hz).
but back to the smart tv stuff: the more this happens, the smarter WE (the consumers) will eventually get. right now, too many people trust their vendor and that's a big mistake. eventually we'll all learn NOT to enable 'teh shiney!' and just use the basic features without letting it go online.
--
"It is now safe to switch off your computer."
How is directing someone to a support center, who will perform the reset, refusing to help?
This event highlights one of the many shortcomings with Android. I have a Sony 49in TV with FreeSat (UK). It only ever gets connected to the internet when I want to update the software.
For LG to basically wash their hands is just stupid. But they are not alone in being like this.
Doesn't LG use webOS, not android?
And that would be the locally available service center. And a fee.
One of the big lies about modern electronics is that they are repairable. Sort of, often. TVs are particularly difficult, with the lack of data the biggest problem. And service data is too precious to be let out of the system, so we no longer can even hope to repair a modern TV ourselves. Even for this issue, a reset.
Not good.
deleting the extra space after periods so i can stay relevant, yeah.
"He claims LG wouldn't help him with perform factory reset of the device."
"[...] the company told him to visit one of their service centers, where one of its employees could reset his TV."
How's that "wouldn't help"? He obviously gets help offered. Maybe not what he hopes to get, but it's a clear offer of help getting the TV working again.
Do not connect the TV to the net ever or buy a commercial display with no 'SMART' features that will cease to be supported. Hook in the trusted device of your choice via HDMI. Roku, Chromecast, Pi with Kodi, PC, fire stick, you name it. Your source device will typically be much cheaper than the entire TV, faster, and better supported. Also very easy to replace if the manufacturer screws you over, while keeping the same display.
Silence is a state of mime.
I think the account is probably largely accurate, what I think IS BS is this claim that the company is "refusing" to help. Sending them to a service centre and even potentially charging them for service is fine when it seems likely that this resulted from user error (downloading shady app to watch film for free).
Yeah, somebody is trying to make this story bigger than it really is.
"Dumb user infects smart TV, inaccurately claims that LG 'refuses' to help"
I want my display to be a dumb panel. Nothing good has ever come from combining two unrelated items into one package. Buy a printer/scanner/fax? Now you can't scan if you're out of toner. Good tools do one thing and do it well.
We bought a nice Vizio with a good display. I played with the builtin apps long enough to verify that they were ancient junk that would never not suck. About that time it came out that Vizio was monitoring your content for advertising purposes
so that completely ended the experiment. Fun fact, though: there's no way in the Vizio UI to disable a wireless network! I could give it an unroutable static IP, but didn't trust their code not to say "that's not working - let's try DHCP instead!" I ended up setting up my Wi-Fi router's guest network with a weird, random SSID and associating the TV with it. Then I removed the guest network, so the TV is now trying to find an SSID that will never again exist. I don't think it's smart enough to figure its way out of that one.
BTW, we use Apple TV instead of the weird built-in apps. It was either that or Chromecast, but Google sells you TV boxes cheaply so they can monitor your habits. Apple sells you devices at full price and then doesn't monitor them. I went with the less creepy option.
Dewey, what part of this looks like authorities should be involved?
This case highlights a more general problem with most(not quite all, Nexus devices and a few others aren't affected) Android hardware:
Vendors just don't supply system images. If they are in a good mood, you might get some OTA updates; and there will be some key combo that allows you to initiate a 'system restore', which may do the trick if nothing has tampered with or corrupted the 'system' side of things and just wiping the user-writeable data is good enough; but if you want to reflash the entire device? Haha, good luck with that.
Doing this with iDevices generally requires installing the weeping pustule that is iTunes; but if you are willing to do that it's pretty trivial: click, click, new system image. ADB is a trifle clunkier and definitely not intended for general consumer use; but for many models the vendor simply does not provide a system image, period.
It's like the bad old days when Wintel OEMs treated Windows install CDs(rather than 'restore partitions') as practically a controlled substance; except that there is no such thing as a 'generic' Android install, so you either get vendor cooperation; hope for a usable 3rd party build; or get nothing.
I really don't understand why this is the case. If you are willing to distribute the ROM written to handsets; you know full well that anyone who really cares will be able to inspect it without too much trouble; and there are a variety of situations where being able to just reflash everything above the bootloader is really convenient(and, even if you are a control freak, you don't sacrifice any control by providing a signed image with a locked bootloader); but a substantial portion of Android devices just don't have system images available, expect perhaps as unofficial extracted versions pulled from devices. Why not?
The efforts of TV manufacturers are half-baked or an afterthought. I have yet to find a smart tv that works better than a dedicated device. Even something as cheap as a Fire/Roku stick is a better experience.
Keep the Classic Slashdot.
...it probably is. Don't try to find some app to watch movies for free as an alternative to paying for them via approved, signed applications and you most likely will not get ransomware. If you try to find "free" stuff, you're playing the malware equivalent of Russian Roulette.
On the note of resetting firmware, for most TV's you normally do this via the remote and the menu. However, in this particular case that won't work. There should be a way to physically hard-reset any consumer device to factory defaults without requiring an OSD. The reasons you might need to do this go beyond malware such as a power outage during a firmware upgrade or maybe (gasp) the consumer device manufacturer pushed a bad software update, bricking your consumer device.
There is actually a way to reset your LG firmware without using the OSD though. Go to LG's website: http://www.lg.com/us/support/s..., search for your TV model, then click on your TV's model number (found on the back of the TV). You will see modal dialog that has two links, one to the firmware and one to the software upgrade guide. The software upgrade guide walks you through the steps to put the firmware on a USB drive and upgrade it without needing to use the OSD. I found this youtube video that walks you through the whole process as well: https://www.youtube.com/watch?...
Don't go drama on tech support which in a lot of cases is outsourced to call centers full of low income incompetent idiots. If you want something done right, figure it out and do it yourself. Be your own tech support.
We'll make great pets
they'll be wiping its memory and re flashing it entirely. hence send it to a service center.
And the $340 to do so is no big deal...
Remember this company used to be called GoldStar, best known for substandard product and nonexistent customer service in the 90s. The brand name was so thoroughly trashed they renamed themselves LG.
ELOI, ELOI, LAMA SABACHTHANI!?
I like how Slashdot is the leading forum for the defense of multi-billion dollar corporations against the horrible slander and oppression of middle-class private individuals. Such a misleading headline, "refuses" instead of "demands $340 dollars to perform a simple software procedure that their customer could perform, if he knew how." Fight on, brave knight, show those uppity consumers the error of their rebellion against our rightful corporate overlords, whose every demand is always reasonable and right.
His relatives installed malware on his TV, without his permission or knowledge. He should bill them for the repair cost.
but after the factory guys pull the lithium cell, or hook it to a tesla coil, or replace a module, or whatever to hard-reset the set, it's still vulnerable.
"Smart TV" is bogus. never hook an ethernet cable to one. use a Roku or Chromecast or something else cheap, easily replaceable, and disposeable if you feel the need for direct streaming.
if this is supposed to be a new economy, how come they still want my old fashioned money?
"You are not Geek Squad, you are Suicide Squad!"
Squad: "We merged."
Table-ized A.I.
How many typos and grammatical errors can there be in one summary?
what if it is possible to unplug something inside, or snip a few wires, or cut a circuit board trace to turn off the internet/computer part of the TV basically disabling it so it is no longer an internet aware TV and a basic dumb TV that only handles cable/satellite or over the air broadcast TV???
Politics is Treachery, Religion is Brainwashing
The big lie about modern electronics is that they're easily repairable.
Yes, the TV in question can be repaired. Mr. Cauthon can disassemble the thing, remove the boards, desolder the flash memory, attach it to a reader/programmer, change bits to match a known-good unit, then rebuild the entire thing to see if it works. It's not going to be easy, but it will work... Of course doing it that way would cost a lot more than just replacing the board with a spare and resetting the memory, so that's what the service center will actually do.
Of course, all of that work really should be done in an ESD-safe environment, with clean air and properly-trained technicians. While a random software engineer might have the tools and ability to do the work, it's very unlikely that the repair quality could be good enough for LG to accept any remaining warranty (explicit or implicit) on the unit, which they may be legally obligated to do if they provide assistance.
It's easy to forget just how fragile electronics actually are. We are used to consumer goods, which have been designed specifically to handle the stress of normal use, but after the initial manufacturing, it's just not cost-effective to do troubleshooting and repair work with such delicacy. It's much easier to just replace what's replaceable with newly-manufactured parts, fresh from the mechanized assemblers that can handle such precision.
You do not have a moral or legal right to do absolutely anything you want.
Only $340 to have a qualified technician disassemble a large electronic device, connect specialized repair equipment, and perform the repair, then reassemble the device again to meet original specifications, perform a functionality test, and recertify the device?
$30/hour for 10 hours (plus about 10% overhead) sounds pretty cheap, actually... or would you prefer that the cost of such repairs just already be worked into the cost of the initial product, which was sold several years ago and was perfectly suitable for its purpose during that time?
You do not have a moral or legal right to do absolutely anything you want.
I understand (if I do not share) the "business is business" rationale, maximizing profit regardless or morality, etc. However, I fail to understand the behavior of companies like LG, Samsung, Comcast, Verizon, etc. when they seem to act obnoxiously just because they can - i.e. they are in control, and because they can screw you, the customer, they will screw you, just because they can. Not that I was buying a lot of stuff from LG but, after this, it has definitely gained a slot in my list of companies from whom I will buy nothing. It will make no difference to them, but I will not have to put up with their attitude.
Nobody thinks modern electronics are easily repairable. Do they even have TV repairmen anymore?
... and getting rid of it when the fucking TV didn't ship with it?
It could be within the scope of the app store or a side load, but it's not the goddam hardware.
It little behooves the best of us to comment on the rest of us.
I guess it is possible to infect a TV through the HDMI cable if it acts as an Ethernet cable, but can it infect it through the other bits that flows through it? Maybe something in CEC or a video/sound that causes an buffer overflow.
Just wondering what else that HDMI cable can transport. There are devices that filter out stuff like HDCP, maybe need device to filter CEC.
.. was lobotomize it..
When I first booted the TV it asked me if it was going to be used as a TV or as a monitor and I chose monitor and plugged a ROKU into it.
Yes Francis, the world has gone crazy.
Only $340 to have a qualified technician disassemble a large electronic device, connect specialized repair equipment, and perform the repair, then reassemble the device again to meet original specifications, perform a functionality test, and recertify the device?
$30/hour for 10 hours (plus about 10% overhead) sounds pretty cheap, actually... or would you prefer that the cost of such repairs just already be worked into the cost of the initial product, which was sold several years ago and was perfectly suitable for its purpose during that time?
How much does it cost to wipe and reinstall Windows? And that is a low bar to set...
While you are spot on about the actual work involved to fix a modern device, I'm curious as to your assertion that some fraction of the world thinks that modern electronics are easily repairable. As far as I can tell, it's just the fine folks at iFixit that think modern electronics should be repairable.
The rest of us just toss the things in the recycler.
Really, I have a rework station but rarely use it to fix a commercial device and even more rarely are successful. Mostly use it to fix my own copious errors. You can't even figure out what most of the chips on a board do without hours of study and referencing work.
Faster! Faster! Faster would be better!
Yes, the TV in question can be repaired. Mr. Cauthon can disassemble the thing, remove the boards, desolder the flash memory, attach it to a reader/programmer, change bits to match a known-good unit, then rebuild the entire thing to see if it works. It's not going to be easy, but it will work... Of course doing it that way would cost a lot more than just replacing the board with a spare and resetting the memory, so that's what the service center will actually do.
Or, more likely, he can just do whatever control-dance is necessary to get the unit into the "Service Menu", and either attach a JTAG interface to the on-board connector, or more likely, plug a USB stick with the proper firmware file into one of the several USB ports that the TV is likely to have (my LG TV has FOUR of them), or, if the Firmware Update process is like it normally is, the whole thing can be triggered and will download and apply the Firmware via WiFi/Terrestrial Ethernet.
It may, however, require taking the TV to an authorized repair center for LG, perhaps using this handy webpage.
Only $340 to have a qualified technician disassemble a large electronic device, connect specialized repair equipment, and perform the repair, then reassemble the device again to meet original specifications, perform a functionality test, and recertify the device?
Generous version: Only $340 to remove a few screws, insert a doohickey to write a new image and replace said screws.
More likely: Press magic key combo for 5 seconds and insert ordinary USB stick.
$30/hour for 10 hours (plus about 10% overhead) sounds pretty cheap, actually...
$30/hour for 10 minutes of work (90% of it waiting for image to write) sounds pretty cheap actually... when you figure service center has to pay for equipment, electricity, sewer, water, insurance, rent, snow removal, accountants, landscaping, telecomm, employee salary, garbage pickup, continuing education and benefits. If you can't make up for it in volume/honest work then your only option is to have a few suckers paying outrageous price in order to successfully monetize vendor incompetence.
Simply reminding others LG = Goldstar is surprisingly effective at making people think twice about ever purchasing an LG product.
More like: Plug in thumb drive. Key secret incantation into remote. Wait for the process to finish. Remove thumb drive. Bill customer
Kid-proof tablet..
Who are you kidding? They plug a thumb drive into the thing. Done in 60 seconds.
You don't have a clue what you're talking about. Why would you unsolder a flash chip to reprogram it? It's FLASH! I suppose you uninstall the window frames from your house to clean the windows too? The quality of slashdot posters has gone straight to hell.
What are you talking about? Pretty much the only thing everyone knows about modern electronics is that they are near impossible to fix, in anyway. Even if you do know a lot about them, it's either economically unfeasible to fix them or outright impossible altogether.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
When he couldn't perform a factory reset, they told him to have it serviced. That seems like the right response to me.
What else are they supposed to do? Step him through disassembling it over the phone? Do any consumer support lines ever go that far?
Maybe the crypto malware tampered with just the right thing, or maybe there is a physical defect preventing the reset. At the service center, I assume they can replace whatever is necessary to resolve the problem.
I'd be more pissed off at a company that wasted my time on the phone instead of arranging service when necessary.
---
According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
No need to de-solder anything. JTAG should be sufficient.
Of course, had the device been designed properly in the first place, there would be a recessed button to press in order to load everything from read only memory.
Only stupid people buy Smart TV sets. and if you have no other option, then only stupid people hook up internet and use the smart function of a "smart TV set"
buy tv, hook up Roku or ATV, or Nvidia Shield and get an experience that utterly kicks the shit out of any smart tv ever made.
If it takes 10 hours to plug in a JTAG programmer, select the model number and press the program button, the tech is nowhere near qualified. The whole thing including opening the back and closing it back up again should take an hour.
And if the device was perfectly suitable for purpose (which included unskilled people downloading new apps to it) it would have a fool-proof way for the end user to recover from bad software (intentionally bad or not).
When I was a little kid they still had tube testers in stores. You'd take the tubes out of your radio or TV, plug them into a socket on the tester, and it'd tell you if your tube was in spec. A lot of times you didn't even have to do that because it was obvious the filament in the tube had burned out.
Maybe one day they'll put a few computers in sockets in the TV, with nice warm reddish-orange LEDs that let you know they're working. Problems? unplug the little computers and take them to the computer tester. Unlike the tube tester, the computer tester could actually fix the computers by re-flashing them back to factory settings, or applying patches.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
I have suggested this many times. Core OS update stuff should be segregated from normal runtime at hardware level. The obvious approach is a switch which, in one position, boots the machine into an 'OS install mode' which permits copying files to a small flash boot device, and in the other position allows normal booting. Everything necessary for security, reset, and core libraries should be in there, everything else on the main storage device. In normal runtime, the switch hardware write-protects the device the core files are loaded from. That sort of idea.
John_Chalisque
What if I told you it would take under 10 minutes because the tech knows where all the screws are already, and just has to plug in a plug on the board and press a button and wait 37 seconds for the light to flash?
This is an older model, so likely you would only hit the USB interface firmware through that port, and the firmware for the smart TV part would be loaded using whatever FTDI or ISP programmer is standard for the microcontroller used.
Newer ones can probably be flashed over the wifi.
I agree with another poster that you should use another "cheap" streaming box and not hook your TV directly to the interwebs... but I also think companies should only sell products they are qualified to fix in a reasonable way. Taking your TV off the fucking wall... putting it in your car... taking it somewhere... taking it out of your car and into the "service center"... finding a translation app for whatever language the asshole there says... him hand waving over it... taking it back to your car... back up three flights of stairs in my case... putting it back on the wall... nah... I will just use a different brand... LG kinda sucks in the "smart tv" category anyway.
How 'bout you just don't plug it into the network or configure the wifi?
What do you do if the set's "unconfigured" WiFi looks around for anything claiming to be an open WiFi hotspot, hooks up to that, and tries to "phone home" for the latest upgrade. And keeps trying this in the background, over and over, until it gets something claiming to be what it wants to see? And that something is a ransomware server on a neighbor's machine...
How do you even know it's DOING this?
This scenario is reminiscent of how Intel's AMT seems to work:
- When configured, firmware in an auxiliary processor built into the chipset listens for and intercepts connection requests (on Ethernet or WiFi) from the remote administrative center. (It can be configured to "phone home" to get through firewalls and NAT.)
- When "virgin" it also listens, intercepts, and obeys. But in this case it presumes it's a new machine at a big company with the hardware tools from the vendor, and it accepts ANY claimant with enough credentials to appear to be such an IT department worker.
- You can't turn it off. "Deconfiguring" it resets it to the factory state of accepting the first good-looking bad-guy and doing whatever he wants.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Well if it's anything like the last time a company suggested I send my device to the "nearest" service center,it was in another city on the other side of the country, soooooo....
They still wouldn't have been able to help in the case in the article. The best they could do is try to get the TV replaced under warranty.
I have a similar TV from LG. The official LG App Store is pretty terrible and there are apps on there promising free movies. So I wouldn't be surprise if the infection actually came from there. Plus, the built in browser is fully functional. They may even have the version of the TV where LG never sent out the update to disable Flash in the browser. So it could even have come from there.
I don't think the relatives would try sideloading an app on someone else's TV. But can't rule it out.
I guess people will start having to side load AV onto these droid based tv's for their elderly parents/grandparents??
but that is what you find out when you need it to be fixed and not when the pushy sales man says it's covered.
TVs are often locked into only downloading and installing apps from Google Play and/or their own branded app stores.
Locked how? Last I checked, Google required adb install to be usable as a condition of allowing Google Play Store and other Gapps onto the device.
Hello, I'm the author of the tweet that started this all. I think LG noticed the amount of feedback on the tweet, and contacted me to help. It took a bit, but they gave me the factory reset codes. I tried it out tonight, and the tv appears to be back to its original state. I tweeted about it here with a youtube video: https://twitter.com/darrencaut... My family member admitted to downloading an application to watch movies "for free." It's totally her fault that this happened. She installed the malware that made the tv stop working. She changed the setting to allow the unverified software to run on her computer. Her actions led to the tv almost being ruined.
But you know what else? She's no different than most regular customers, and LG should have put the most basic factory reset instructions in the manual... or the service manual... or the FAQs... or on their website... or their tech support (which I called, and they said there was no factory reset, which I knew couldn't be true)... or anywhere. Now, to their credit, LG did research the answer and provide it to me, and I've published it on Youtube and twitter for others to hopefully find (because I've read about others who had this problem and no answer was found).
If the fix to the problem is to press two buttons in sequence on the tv... who is more to blame for the problem, her or the tv manufacturer? I say it's the latter. TV manufacturers should prepare for dumb users, as they are their customers.
I do appreciate LG for their help, and all of the Twitter advice I received. I also hope that LG and other tv manufacturers learn how missing information about a 4-year-old, discontinued model can blow up with negative feelings from their customers *today*.
I'd laugh at you for thinking that finding the screws is the time-consuming part.
You do not have a moral or legal right to do absolutely anything you want.
While you are spot on about the actual work involved to fix a modern device, I'm curious as to your assertion that some fraction of the world thinks that modern electronics are easily repairable. As far as I can tell, it's just the fine folks at iFixit that think modern electronics should be repairable.
To clarify, there is a small fraction of Slashdotters specifically (themselves a subset of a fraction of the world population... I hope) that complains often about how manufacturers don't make user-repairable devices any more. They're most commonly found on articles about legal changes affecting repairs.
There is also a surprisingly large fraction of the world that has no idea how modern electronics works. When something (integrated, no spare parts available) breaks, they think they can take it to a repair shop or to someone "good with computers", and the technician will pop open the case, poke some things with a probe, shine a fancy light on it, and it'll be as good as new again. After all, that's what they did on Star Trek. They get quite upset when told about reality, like "it'll take days to fix this", or "it's cheaper to buy a new one", or "your data is already lost". Now, I've done a number of miracles myself, finding and replacing bad surface-mount components and reflashing memory. Sometimes it's possible, but usually it isn't.
As for the fine folks at iFixit, they're in an interesting middle ground. The vast majority of their guides are not really the detailed repair I describe, but more "how to replace X", where X is somewhat less than the whole device. While this does restore the device to functionality, I want to distinguish them from low-level repairs. iFixit's goals and methods are reasonable and admirable, not delusional.
You do not have a moral or legal right to do absolutely anything you want.
The whole thing including opening the back and closing it back up again should take an hour.
It "should take an hour", except for the handling, workspace management, inventory control, testing, rework, and other complications that come up in a "normal" repair job. If you expect to take an hour and things go abnormally (like the JTAG not having access to the right parts), there's no time budget left to fix it.
You might be able to do the actual repair in an hour, but the company's not putting their legal fate in your hands.
And if the device was perfectly suitable for purpose (which included unskilled people downloading new apps to it) it would have a fool-proof way for the end user to recover from bad software (intentionally bad or not).
At the time the TV was built, that was assumed to be "delete the offending app". Ransomware wasn't a major thing yet. There's a reset procedure, but apparently that either doesn't work on this particular unit (perhaps due to a second unrelated failure, also to be diagnosed and fixed in the 10-hour window), or there's a highly skilled fool out there who screwed it up.
You do not have a moral or legal right to do absolutely anything you want.
Per TFS, the "secret incantation" (at least as available online) doesn't work. Maybe the procedure's wrong, or the software engineer screwed it up, or maybe the unit is broken more than the simple reset can fix.
You do not have a moral or legal right to do absolutely anything you want.
No inventory or rework required. The same JTAG that writes the image will be able to run tests on the boards as well. You seem to be desperately imagining a complicated and difficult procedure (even though you don't seem to know much about it, have you ever used or even SEEN a JTAG programmer in person?) to justify a crazy high cost to do a simple thing. The JTAG will certainly have access to the right parts. The right part is the CPU.
It would be an amazing coincidence that this mythical second failure just happened to occur while the TV was infected, but even so, they could offer to do the re-flash for free but warn that other repairs will be charged at $30/hr plus parts.
As for the rest, viruses and trojans have been with us for decades. Even when the TV was made, rootkits for Android were in the wild. If the reset procedure doesn't work, then the TV is defective by design and LG should fix or replace it without charge.
In truth, the $340 is a fuck off fee. They don't want to be bothered with it but don't want to actually say no, so they charge enough to make sure it isn't worth it to get the TV fixed. At $340, they would make a profit just giving him a refurbished TV and that is probably their actual plan if he calls their bluff.
No inventory or rework required.
That's a wonderfully naive idea of reality you have there. Good luck with that.
The same JTAG that writes the image will be able to run tests on the boards as well.
Hopefully, but not necessarily. I'm not familiar with LG's product internals, but it's not uncommon for systems to have multiple JTAG connections for the various component boards. JTAG can only test things it has access to which (again, not being familiar with LG's internals) may not cover things like "did the tech set the tv down on a screw and shatter the screen?". After repair work, you still have to run an end-to-end quality check, which is not just plugging in the JTAG and looking for the happy lights.
You seem to be desperately imagining a complicated and difficult procedure (even though you don't seem to know much about it, have you ever used or even SEEN a JTAG programmer in person?) to justify a crazy high cost to do a simple thing.
I've spent a few decades around electronics, including a few years doing electronics repairs. My day job currently involves occasionally programming via JTAG. I'm intimately familiar with the bone-headed processes and procedures involved in doing actual quality repair work.
The JTAG will certainly have access to the right parts. The right part is the CPU.
Not necessarily. If the TV is designed as a monolithic processing unit, and the CPU's JTAG is accessible, then that's a reasonable assumption. On the other hand, it could have been designed as a regular TV with the "smart" parts tacked on, as was the trend when smart TVs first came out, in which case the CPU is embedded into another module, which may or may not still have an accessible JTAG connector. Yes, I've seen a number of devices where the JTAG connectors were removed after use, because the manufacturers don't want competitors reverse-engineering their products.
It would be an amazing coincidence that this mythical second failure just happened to occur while the TV was infected
That actually comes from a "fun" story from my past as a sound tech. I was modifying an old rig, which involved pressing a nice big red button to switch how an amp worked. When I tried to find the big red button, I instead found a nice big empty hole. The button had never been installed, the failure was never caught in QA, and the customer had never needed to change that from the default, so it was never a problem until I arrived. Now I assume that every plan carries the implicit warning that equipment may or may not actually work, or even exist.
To clarify, I don't think it's a second failure that happened recently, but more that the reset procedure (again, I'm not familiar with the details here) may require something unusual, and that function may have already been broken, but nobody noticed, so that's why the reset failed.
but even so, they could offer to do the re-flash for free but warn that other repairs will be charged at $30/hr plus parts.
That is an option, but again it's not the "real work" that takes the most time. Rather, it's the handling and overhead to run the procedure. How long does it take to generate a work order saying that this TV belongs to this customer? How long does it take to get the TV out of the receiving bay (or front desk) and get it to the staging area? How long does it take to move the TV to the work area? Is it a two-man lifting job, doubling the cost of the move? How long does it take to check out tools from the controlled tool room?
They're all tiny actions, never taking more than a moment... but those moments add up. Then there's the general overhead like air conditioning and lighting, but those costs are fairly low compared to the per-item workflow.
As for the rest, viruses and trojans have been with us for decades. Even when the TV was made,
You do not have a moral or legal right to do absolutely anything you want.
So someone did something to their TV they shouldn't have and the manufacturer should cover the cost of fixing it? Or are the technicians at the repair center supposed to work for free because [end user stupidity]? I'm not understanding why anyone is upset at LG for this. If "a family member" bricked your cell phone, I'm guessing you would expect the manufacturer to fix that for free also?
I'm a firmware programmer, and I've recently had a new TV apart for modifications, so between the two of those I probably actually do know what would be time-consuming. It sure as heck isn't the loading of the firmware that takes a lot of time! And an early edition, as described, might not have OTA updates. Many people just assume USB updates, because phones and tablets have them, but on appliances that isn't often implemented and you go straight from having to plug into a header on the PCB to updating over wifi. If it doesn't have wifi OTA updates, then yeah, you probably have to take the case off because they don't normally reprogram any of that and they did the initial programming before the PCB was installed. They're not going to have a special port that passes through the case, because they don't even want you to reprogram it.
There is no maintenance task that would take longer than getting the case off. There are multiple PCBs inside and they're not repairable; you would never replace an individual surface mount component on the board, you'd just replace that subsystem. Even the buttons are mounted on a PCB that can be quickly unscrewed, unplugged, and replaced. But it only has 1 or 2 screws, the case is going to have 10 or more. Nothing at all is hand-soldered, not even connectors. There is nothing that doesn't quickly unplug. People say that can't be repaired, what they really mean is, repair involves replacing a PCB and it will cost too much to warrant the repair!
Laugh all you want.
Not necessarily. If the TV is designed as a monolithic processing unit, and the CPU's JTAG is accessible, then that's a reasonable assumption.
Either way, there exists a board that the CPU is mounted on. There will be a JTAG for that board. The CPU will be in the chain.
That actually comes from a "fun" story from my past as a sound tech. I was modifying an old rig, which involved pressing a nice big red button to switch how an amp worked.
That missing button was a manufacturing defect. It would be unfair to charge the time and materials to correct that to the customer.
Rather, it's the handling and overhead to run the procedure.
If they can't do an hour's work without 9 hours of overhead, they deserve to lose money.
The legal term you're looking for is "due diligence". Viruses, trojans, and rootkits rarely destroy their host, so a reset procedure that rewrites the OS memory from a stored file would have been generally sufficient at the time the TV was designed.
Right. So they apparently failed to exercise due diligence here.
You're effectively asking a manufacturer to anticipate threats a decade in the future,
No, I am expecting them to take into account a threat that was very much in the wild at the time they designed the thing.
The user did nothing but exercise the UI provided by the manufacturer with the level of skill that is to be expected of someone who simply bought a TV (that is, none). Had it been pro video gear, the manufacturer MIGHT have the right to expect better from the owner.
You're making that up. It might be true, but there isn't enough information in the article to way. The article explicitly says that the user might or might not have installed a third-party app.
Also, let's consider my son, who just got his driver's license. Suppose he's taken by surprise by a traffic incident, doesn't notice in time, and drives into the car in front of him. He's using the provided UI with the level of skill to be expected from someone who just got his license. By your reasoning, it's all Honda's fault.
LG can't make everything absolutely safe against future threats. The only way to keep the user from doing the wrong thing with the UI is to greatly restrict what the user can do, and when Apple does that people on Slashdot complain about it.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
You're making that up.
So you maintain that this unskilled user somehow hacked the firmware to permit side loading? As opposed to simply using the provided UI to install an app that in retrospect proved to be malware?
Your son had to qualify for a license. He did NOT exhibit the full level of skill expected (though such lapses are far from rare, they are lapses). He knew that hitting other cars is bad. I presume there was insurance as well.
/.'s complaint with apple is that there isn't an official way to take personal responsability and override the protections. LG could have completely eliminated any lasting effect by providing a reliable factory reset function (a common feature of Android devices).
Either way, there exists a board that the CPU is mounted on. There will be a JTAG for that board. The CPU will be in the chain.
That's not how it works. Not all boards have a place to connect the JTAG, not even CPU-bearing boards.
That missing button was a manufacturing defect. It would be unfair to charge the time and materials to correct that to the customer.
That's not how fairness works, either. It is indeed a defect, but the customer had accepted the product and used it for a significant period of time already. In the US, the general rule is "perfect-tender", which requires the manufacturer to deliver a product that's suitable for use, within reason. If the customer inspects the item with reasonable promptness and finds it to be defective, then the manufacturer has to repair/replace/refund it.
If they can't do an hour's work without 9 hours of overhead, they deserve to lose money.
That's not how a repair shop works. The time with the case open might be an hour, but it's also vitally important to do the overhead, like not lose track of where the customer's TV is. Again, there's also no guarantee that it's only an hour of work. Your baseless assertion that every board has JTAG accessible and that nothing ever goes wrong is ludicrous.
The legal term you're looking for is "due diligence". Viruses, trojans, and rootkits rarely destroy their host, so a reset procedure that rewrites the OS memory from a stored file would have been generally sufficient at the time the TV was designed.
Right. So they apparently failed to exercise due diligence here.
That's not how due diligence works, either. The product passed inspection, worked fine for years for its intended purpose, and the issue is limited to an incredibly small number of units? That sounds like they did a perfectly fine job of the diligence that was actually due.
As an aside, according to an update to TFA, LG did have the user try the reset again. It turns out he had performed it incorrectly the first time. So they apparently exercised due diligence here, and more.
No, I am expecting them to take into account a threat that was very much in the wild at the time they designed the thing.
The malware in question didn't exist until late 2015. Ransomware has been around since the mid-eighties, but didn't become widespread until Cryptolocker in 2013, and didn't arrive on Android until June of 2014, coincidentally when Google discontinued the Google TV project.
The user did nothing but exercise the UI provided by the manufacturer with the level of skill that is to be expected of someone who simply bought a TV (that is, none). Had it been pro video gear, the manufacturer MIGHT have the right to expect better from the owner.
As noted by david_thornley, you have no evidence of that. The ransomware in question is a payload from other malware, which could have been a remote exploit, or it could have been a side-loaded app. For all we know, the user could have connected the TV to a computer to extract and reverse-engineer the components.
Let's suppose this was physical damage, rather than electrical. If the user had placed the TV face-down on a rock and cracked the screen, is it still LG's fault? After all, the user simply behaved "with the level of skill that is to be expected of someone who simply bought a TV (that is, none)". This is why manufacturer liability should never depend on what the end user does. You can't justly hold someone liable for someone else's actions.
You do not have a moral or legal right to do absolutely anything you want.
That's not how it works. Not all boards have a place to connect the JTAG, not even CPU-bearing boards.
Only if they're idiots.
That's not how a repair shop works. The time with the case open might be an hour, but it's also vitally important to do the overhead, like not lose track of where the customer's TV is.
Sure, there's overhead. So slap a repair tag on it matching the customer paperwork. Place it on a designated shelf with the tag visible. If that takes 9 HOURS, the shop is screwed anyway. Although repair shops are not as common as they once were, none ever needed to have a 10 hour minimum charge to be profitable.
That's not how fairness works, either
It isn't how the weak consumer laws in the U.S. work, but it *IS* how fairness works. Anyone who attended kindergarten knows that if you make a mistake you should fix it.
As for the update, I am glad that LG decided after all to divulge the simple yet sooper sekret method of press settings + CH Dwn together, release; Select "wipe data," then "Yes." Wait for "complete;" Power cycle. Somehow it worked without a solder rework station or 10 hours of labor. Might have been nice had they just told him that in the first place rather than "offering" to do that for him for a $340 fuck-off fee. Perhaps it was the bad publicity, perhaps it was a more reasonable and fair minded manager picking up the case.
As for your increasingly absurd suppositions of physically breaking the TV, everyone knows you shouldn't break the screen with a rock (so it is a reasonable expectation for a casual TV owner) and there is no UI or other invitation from the manufacturer to do so.
Even LG came around to agree with my position after a bit of pressure.
Only if they're idiots.
Or concerned about physical space, reverse-engineering, or any other reason not to have a feature that's almost never used. Unlike you apparently are, I'm not pretentious enough to assume that I know LG's motives and design criteria.
Sure, there's overhead. So slap a repair tag on it matching the customer paperwork. Place it on a designated shelf with the tag visible. If that takes 9 HOURS, the shop is screwed anyway. Although repair shops are not as common as they once were, none ever needed to have a 10 hour minimum charge to be profitable.
That's funny... most of the shops I've seen had at least a one-day turnaround time, and usually charged several hours' labor with it. Then again, they also did put things on a shelf with the tag visible, and maybe that's why those repair shops often had a bad reputation for losing customers' devices.
Anyone who attended kindergarten knows that if you make a mistake you should fix it.
You're begging the question. You haven't shown that LG made any mistake. They built a product, the customer bought it, and it worked just fine for several years. There's no reason to fault them for any of this.
As for the update, I am glad that LG decided after all to divulge the simple yet sooper sekret method ... Somehow it worked without a solder rework station or 10 hours of labor.
Gee, that's fortunate... but you're still ignoring the possibility of what exactly happens if it didn't work? If LG accepts it to their repair shop, they're (almost certainly, depending on local laws) guaranteeing that it will be repaired.
Might have been nice had they just told him that in the first place rather than "offering" to do that for him for a $340 fuck-off fee.
Per TFA, he had already tried a reset procedure, and it didn't work. Without more detail on exactly what happened, I can claim with equal evidence that he had the right procedure originally, and screwed it up, leading LG's support to recommend a more drastic option.
As for your increasingly absurd suppositions of physically breaking the TV, everyone knows you shouldn't break the screen with a rock (so it is a reasonable expectation for a casual TV owner) and there is no UI or other invitation from the manufacturer to do so.
I can also claim that "everyone knows" you shouldn't install malware on your TV, and there's no invitation from the manufacturer to do so. In fact, LG's terms of service
make it pretty clear that they have no control over the content of those third-party apps. They even explicitly disclaim any responsibility for loss or damage due to malware, and the customer accepted those terms.
Even LG came around to agree with my position after a bit of pressure.
Your "position" is so terribly uninformed that you don't even understand why it's wrong, and you don't understand that LG's position hasn't actually changed at all. That they went out of their way to give the user a reset procedure is a nice PR move, but it's not acknowledging any kind of mistake or failure on their part.
Let me say it again, to make it absolutely clear for you: The customer accepted. They accepted that LG had no responsibility to fix malware. They accepted the TV at the time of purchase, and they used it for years. They accepted the service, and they accepted the risk. There's nothing left that LG is liable for. You don't have to like it, but everybody with an actual interest in this matter agreed that LG had no requirement to assist the user.
You do not have a moral or legal right to do absolutely anything you want.
You don't even realize you're standing there with metaphorical egg dripping down your face, do you? You were dead wrong. Even LG came to agree with my position and finally divulged the sooper sekret cheat code to actually restore to factory. It's even documented in a video.
My error was UNDER-estimating the dickheadedness of the initial "support"
There's no point trying to twist logic into a pretzel with your what ifs that clearly did not come to pass. There was no particular reason to expect the what ifs either. Perhaps more to the point, the cost of giving it a try was near zero and it resolved the problem. According to TFA, his first attempt to do a reset was from instructions found on the internet. Clearly those instructions were either wrong or meant for a different model. Do you not believe in the KISS principle? Apparently not Occam's razor either.
So it seems the $340 was indeed a fuck off fee. There was a simple and known resolution that they chose not to divulge.
As for the kindergarten comment, that was in reference to your big red button story. I made that clear by quoting from your reply to that argument.
If you're just going to try to talk around the simple fact that time and events have demonstrated my point and refuted yours, don't bother.
You were dead wrong.
Prove it, then. Show me any legal doctrine requiring a manufacturer to make products that remain perfect years after their sale.
Even LG came to agree with my position and finally divulged the sooper sekret cheat code to actually restore to factory. It's even documented in a video.
Providing a reset code does not imply they agree with your position. Again, prove it. Show me their public apology admitting they made a mistake.
There's no point trying to twist logic into a pretzel with your what ifs that clearly did not come to pass.
And yet, that's exactly what the $340 was. It was an offer for a business deal that did not come to pass.
Clearly those instructions were either wrong or meant for a different model.
So it was user error, then, and still not any mistake on LG's part.
Do you not believe in the KISS principle? Apparently not Occam's razor either.
Actually both, but above that I believe in rule of law. LG may have pissed somebody off by keeping secret procedures, but that does not change the legal or moral framework around the situation.
As for the kindergarten comment, that was in reference to your big red button story. I made that clear by quoting from your reply to that argument.
Yes, I got that, but you seem to have missed the point of the story. The flawed product is obvious, and it's clearly traceable back to manufacturing, but in both cases the manufacturer was unaware of the issue, and the product was accepted and operated for a significant amount of time, effectively terminating any initial implicit warranty under the perfect-tender doctrine. You still haven't shown any liability for LG, or the amp manufacturer in my anecdote, and you haven't shown that enforcing eternal implicit warranties is fair, or established any boundary which would be fair.
Again, I'll ask you to please prove your assertions. Please provide links to established laws or precedents on the subject.
If you're just going to try to talk around the simple fact that time and events have demonstrated my point and refuted yours, don't bother.
You're making ridiculous claims about what LG "should" do, and how you assume their repair shops work, and how you assume their products are designed. You provide no evidence for your claims, but simply keep saying that you're right. You can't even piece together a moral basis for your claim, and you haven't coherently refuted any of mine.
Like I've said several times now, it's time for proof. Please explain precisely where in established legal procedure or moral philosophy your claims come from.
You do not have a moral or legal right to do absolutely anything you want.
It is clear that your reading comprehension sucks. Perhaps lay off the sauce in the new year?
There is a marked difference between the weak and toothless consumer laws in the U.S. and doing the right thing most of us learned about in kindergarten. When you make a mistake, fix it. I made it quite clear that I was speaking of the moral and ethical thing to do rather than the legal requirement. If you can't comprehend that, go away.
For that matter, just go away anyway. You are clearly one of those people who when they lose an argument, whine and moan until the other person just quits answering. For example, by demanding that I prove assertions I never made. Whatever gets you through the night I suppose.
<PLONK>