Android Ransomware Infects LG Smart TV, Company 'Refuses' To Help

Security firms have been warning us for more than a year about the possibility of Android malware jumping from phones and tablets to other Android-powered devices, such smart TVs. The latest incident involving ransomware on a smart TV involves software engineer Darren Cauthon, who revealed that the LG smart TV of one of his family members was infected with ransomware right on Christmas day. What's worse? He claims LG wouldn't help him with perform factory reset of the device. From a report: Based on a screenshot Cauthon posted online, the smart TV appears to be infected with a version of the Cyber. Police ransomware, also known as FLocker, Frantic Locker, or Dogspectus. The infected TV is one of the last generations of LG smart TVs that ran Google TV, a smart TV platform developed by Google together with Intel, Sony, and Logitech. Google TV launched in 2010, but Google discontinued the project in June 2014. In the meantime, LG has moved on from Google TV, and the company's TVs now run WebOS. Cauthon says he tried to reset the TV to factory settings, but the reset procedure available online didn't work. When the software engineer contacted LG, the company told him to visit one of their service centers, where one of its employees could reset his TV.

A Perfect Illustrationk

I can't think any better demonstration of why smart TVs are such a bad idea than this. I hope this story gets as much chatter as possible.

"Refuses?"

"The company told him to visit one of their service centers, where one of its employees could reset his TV."

funny, that seems like a legit offer of help.

Re: "Refuses?"

[iggymanz]

an untrustworthy user whose relative installed a trojan malware to play a pirated movie.

He's lucky LG gave him the time of day. He richly deserves the trouble he's having.

Re: "Refuses?"

[TheRaven64]

If your TV can be exploited by installing an app through the curated app store, then it's the TV's fault, not the user's.

Re: "Refuses?"

[tomhath]

He installed malware from a movie pirating site, then he cries because LG wants to charge him to clean up the mess. No sympathy here.

Re: "Refuses?"

[sjames]

No, he deserves a consumer electronics device that can be reliably reset to factory by the end user.

not a rejection, a redirection

[swschrad]

but after the factory guys pull the lithium cell, or hook it to a tesla coil, or replace a module, or whatever to hard-reset the set, it's still vulnerable.

"Smart TV" is bogus. never hook an ethernet cable to one. use a Roku or Chromecast or something else cheap, easily replaceable, and disposeable if you feel the need for direct streaming.

Re:4 Year Old TV

[Moof123]

TV's should be supported for at least 10 years, and should be in as much of a walled sandbox as possible. We have a TV that is now almost 9 years old, and thankfully it is not "smart". I actively avoid "smart" stuff, I just don't see any real upside for a "smart" toaster, fridge, oven thermometers, etc. Instead I see tons of downside.

Companies churn through new stuff on a yearly basis and rarely support any older stuff, so that "smart" stuff quickly stops shipping apps to support it, and it is only a matter of a phone OS update before you risk bricking the damn thing.

Connected cars are complete BS too. They should last 20 years minimum, so why put in the latest technology fad?! My used Nissan Leaf is days away from the 2G connection being shut off, meaning I have to spend $200 to upgrade it, or I will lose the pre-heat and remote charge start features (won't actually miss them much). Try buying a new car today without a stupid touch screen in it. A quick knob turn for changing the radio now requires wading through menus while driving. WTF?!

Re:"the smart TV appears to be infected..."

[Dutch+Gun]

Asked to detail how he got infected with the ransomware, Cauthon said "They [the relatives] said they downloaded an app to watch a movie. Halfway thru movie, tv froze. Now boots to this."

10-to-1 odds his relatives downloaded some shady app promising "free movies" (aka pirated movies), and was downloaded from a shady source. This generally doesn't happen by itself, and it's pretty rare to get infected by stuff from the official store. Yes, it happens, but the *vast* majority of Android malware is on 3rd party sites.

The general public needs to learn that downloading stuff from unverified 3rd party sources is going to get you infected sooner or later. To be perfectly honest, this is why Apple's walled garden with locked-down devices may be better for your typical user. Most people certainly can't handle the responsibility of keeping a modern PC clean, and it appears they can't even keep a smart TV malware free. Remember the saying "a little knowledge is a dangerous thing"? Well, time and time again we see that users seem to have just enough knowledge to thoroughly screw themselves and their devices.

I feel for them having to shell out a few hundred to learn this lesson, but its a lesson worth learning before they get infected with a banking trojan on their PC. Of course, we don't really know the whole story, so I'm sort of reading between the lines and could certainly be wrong about this. But I doubt it.

Re:Oh look, here comes the corporate white knight

[almitydave]

Ever notice that when a sentence starts off, "I like how ...," the rest of it is a sophomoric diatribe about how the author doesn't actually, " ... like how ...?"

I like how everybody here understands sarcasm.

Re:"the smart TV appears to be infected..."

[DarkOx]

The general public needs to learn that downloading stuff from unverified 3rd party sources is going to get you infected sooner or later.

Why because situations like a TV where proper sandboxing should basically be a trivial to do isn't. Sure there will be sandbox escapes and such due to bugs in the VM but that should be THE ONLY way on a smart TV. There is no good reasons 'apps' should be allowed to run unmanned code, and there is not reason they need to share data with any other apps on a TV. Its not like my phone where I need to be able to copy a number from an e-mail to my address book app. The unsafe data inputs vector should be almost non-existent. If things like buffer overflows are happening that is just as silly as it should all be running on Androids VM.

this is why Apple's walled garden with locked-down devices may be better for your typical user

No its not better for the user. Its better for the large manufacturers and software shops. Its about the most anti freedom thing you could possibly do. Here we are in 2016 where the opportunity for anyone to learn program (books were expensive and knowledgeable mentors were hard to come by) etc is a reality, and the tools are available (buying a decent compiler used to cost both your arms and a leg, now great ones are free), except were are taking away the ability to execute a program once you write it, unless you pay the right people their tribute money. It might be easier for the user, but it isn't better.

most people certainly can't handle the responsibility of keeping a modern PC clean, and it appears they can't even keep a smart TV malware free. Remember the saying "a little knowledge is a dangerous thing"? Well, time and time again we see that users seem to have just enough knowledge to thoroughly screw themselves and their devices.

Than maybe those people should not have a computer and should stick with a regular TV with channel up and down buttons + a volume knob. Seriously if you can't or won't be bothered to maintain a computer than don't use one or use someone else s, that or pay someone to maintain it for you. Go to the library and use a computer there. Its like a car either you are willing to learn to drive and do something about getting the oil changed from time to time, or walk.