Slashdot Mirror
Android Ransomware Infects LG Smart TV, Company 'Refuses' To Help (bleepingcomputer.com)
Security firms have been warning us for more than a year about the possibility of Android malware jumping from phones and tablets to other Android-powered devices, such smart TVs. The latest incident involving ransomware on a smart TV involves software engineer Darren Cauthon, who revealed that the LG smart TV of one of his family members was infected with ransomware right on Christmas day. What's worse? He claims LG wouldn't help him with perform factory reset of the device. From a report: Based on a screenshot Cauthon posted online, the smart TV appears to be infected with a version of the Cyber. Police ransomware, also known as FLocker, Frantic Locker, or Dogspectus. The infected TV is one of the last generations of LG smart TVs that ran Google TV, a smart TV platform developed by Google together with Intel, Sony, and Logitech. Google TV launched in 2010, but Google discontinued the project in June 2014. In the meantime, LG has moved on from Google TV, and the company's TVs now run WebOS. Cauthon says he tried to reset the TV to factory settings, but the reset procedure available online didn't work. When the software engineer contacted LG, the company told him to visit one of their service centers, where one of its employees could reset his TV.
I can't think any better demonstration of why smart TVs are such a bad idea than this. I hope this story gets as much chatter as possible.
"The company told him to visit one of their service centers, where one of its employees could reset his TV."
funny, that seems like a legit offer of help.
I bought one of them Smart TVs, but it still had all the same dumb shows on it, so we put it up on a pair of sawhorses and are now using it as a dining table. Assholes at Best Buy didn't want to give me a refund.
You are welcome on my lawn.
"He claims LG wouldn't help him with perform factory reset of the device."
"[...] the company told him to visit one of their service centers, where one of its employees could reset his TV."
How's that "wouldn't help"? He obviously gets help offered. Maybe not what he hopes to get, but it's a clear offer of help getting the TV working again.
While they do seem to be using that as a motto right now, LG doesn't really even stand for "Life's Good" but rather "Lucky-Goldstar", which is a combination of two brands which merged to form the company. Amusingly, while Goldstar sold electronics, Lucky was more commonly associated with detergents and hygiene products.
...it probably is. Don't try to find some app to watch movies for free as an alternative to paying for them via approved, signed applications and you most likely will not get ransomware. If you try to find "free" stuff, you're playing the malware equivalent of Russian Roulette.
On the note of resetting firmware, for most TV's you normally do this via the remote and the menu. However, in this particular case that won't work. There should be a way to physically hard-reset any consumer device to factory defaults without requiring an OSD. The reasons you might need to do this go beyond malware such as a power outage during a firmware upgrade or maybe (gasp) the consumer device manufacturer pushed a bad software update, bricking your consumer device.
There is actually a way to reset your LG firmware without using the OSD though. Go to LG's website: http://www.lg.com/us/support/s..., search for your TV model, then click on your TV's model number (found on the back of the TV). You will see modal dialog that has two links, one to the firmware and one to the software upgrade guide. The software upgrade guide walks you through the steps to put the firmware on a USB drive and upgrade it without needing to use the OSD. I found this youtube video that walks you through the whole process as well: https://www.youtube.com/watch?...
Don't go drama on tech support which in a lot of cases is outsourced to call centers full of low income incompetent idiots. If you want something done right, figure it out and do it yourself. Be your own tech support.
We'll make great pets
Remember this company used to be called GoldStar, best known for substandard product and nonexistent customer service in the 90s. The brand name was so thoroughly trashed they renamed themselves LG.
ELOI, ELOI, LAMA SABACHTHANI!?
His relatives installed malware on his TV, without his permission or knowledge. He should bill them for the repair cost.
but after the factory guys pull the lithium cell, or hook it to a tesla coil, or replace a module, or whatever to hard-reset the set, it's still vulnerable.
"Smart TV" is bogus. never hook an ethernet cable to one. use a Roku or Chromecast or something else cheap, easily replaceable, and disposeable if you feel the need for direct streaming.
if this is supposed to be a new economy, how come they still want my old fashioned money?
TV's should be supported for at least 10 years, and should be in as much of a walled sandbox as possible. We have a TV that is now almost 9 years old, and thankfully it is not "smart". I actively avoid "smart" stuff, I just don't see any real upside for a "smart" toaster, fridge, oven thermometers, etc. Instead I see tons of downside.
Companies churn through new stuff on a yearly basis and rarely support any older stuff, so that "smart" stuff quickly stops shipping apps to support it, and it is only a matter of a phone OS update before you risk bricking the damn thing.
Connected cars are complete BS too. They should last 20 years minimum, so why put in the latest technology fad?! My used Nissan Leaf is days away from the 2G connection being shut off, meaning I have to spend $200 to upgrade it, or I will lose the pre-heat and remote charge start features (won't actually miss them much). Try buying a new car today without a stupid touch screen in it. A quick knob turn for changing the radio now requires wading through menus while driving. WTF?!
Asked to detail how he got infected with the ransomware, Cauthon said "They [the relatives] said they downloaded an app to watch a movie. Halfway thru movie, tv froze. Now boots to this."
10-to-1 odds his relatives downloaded some shady app promising "free movies" (aka pirated movies), and was downloaded from a shady source. This generally doesn't happen by itself, and it's pretty rare to get infected by stuff from the official store. Yes, it happens, but the *vast* majority of Android malware is on 3rd party sites.
The general public needs to learn that downloading stuff from unverified 3rd party sources is going to get you infected sooner or later. To be perfectly honest, this is why Apple's walled garden with locked-down devices may be better for your typical user. Most people certainly can't handle the responsibility of keeping a modern PC clean, and it appears they can't even keep a smart TV malware free. Remember the saying "a little knowledge is a dangerous thing"? Well, time and time again we see that users seem to have just enough knowledge to thoroughly screw themselves and their devices.
I feel for them having to shell out a few hundred to learn this lesson, but its a lesson worth learning before they get infected with a banking trojan on their PC. Of course, we don't really know the whole story, so I'm sort of reading between the lines and could certainly be wrong about this. But I doubt it.
Irony: Agile development has too much intertia to be abandoned now.
The various branded flavours of Android on phones, tablets, and TVs are often locked into only downloading and installing apps from Google Play and/or their own branded app stores. Installing apps from 3rd parties, i.e. download the package and install it manually, is beyond most users knowledge and capabilities. It's more likely that the malware was installed from Google Play or the branded app store. Their verification and malware screening processes will always be at least a step behind the criminals.
just don't give it a wifi access and don't ever let it on the net.
Vizio has this fun new trick. You literally can't configure the TV without their smartphone app and a wifi connection.
Ever notice that when a sentence starts off, "I like how ...," the rest of it is a sophomoric diatribe about how the author doesn't actually, " ... like how ...?"
I like how everybody here understands sarcasm.
my, your, his/her/its, our, your, their
I'm, you're, he's/she's/it's, we're, you're, they're
The problem is that there are so many ways to spread an infection, and that those that write malware use multiple vectors to infect, that it doesn't really matter if the user tried to do something shady and got bitten or not. Infections that the user brings down on themselves, infections brought down by ad servers, infections brought down by compromised content servers, infections that make use of network vulnerabilities in the device, infections that the users are tricked into bringing down, all very common routes. I see this lightweight computer as being no different than any other computer, other than since the manufacturer has no interest in paying for the costs associated with after-sale support, this will become increasingly common.
Do not look into laser with remaining eye.
The general public needs to learn that downloading stuff from unverified 3rd party sources is going to get you infected sooner or later.
My younger brother recently infected a tablet I had let him borrow with this malware. I wanted to smack him in the head when he called me saying that there was some FBI warning that he couldn't get rid of, and asked if it was really the FBI.
You would think that something would go off in their head telling them not to follow instructions to disable security settings, but I suppose most people are used to being sheep and doing what they're told instead of engaging their brains and doing some critical thinking. This same brother fell for a social engineering attack where someone called him up and wanted him to verify his bank account information. *sigh*
The general public needs to learn that downloading stuff from unverified 3rd party sources is going to get you infected sooner or later.
Why because situations like a TV where proper sandboxing should basically be a trivial to do isn't. Sure there will be sandbox escapes and such due to bugs in the VM but that should be THE ONLY way on a smart TV. There is no good reasons 'apps' should be allowed to run unmanned code, and there is not reason they need to share data with any other apps on a TV. Its not like my phone where I need to be able to copy a number from an e-mail to my address book app. The unsafe data inputs vector should be almost non-existent. If things like buffer overflows are happening that is just as silly as it should all be running on Androids VM.
this is why Apple's walled garden with locked-down devices may be better for your typical user
No its not better for the user. Its better for the large manufacturers and software shops. Its about the most anti freedom thing you could possibly do. Here we are in 2016 where the opportunity for anyone to learn program (books were expensive and knowledgeable mentors were hard to come by) etc is a reality, and the tools are available (buying a decent compiler used to cost both your arms and a leg, now great ones are free), except were are taking away the ability to execute a program once you write it, unless you pay the right people their tribute money. It might be easier for the user, but it isn't better.
most people certainly can't handle the responsibility of keeping a modern PC clean, and it appears they can't even keep a smart TV malware free. Remember the saying "a little knowledge is a dangerous thing"? Well, time and time again we see that users seem to have just enough knowledge to thoroughly screw themselves and their devices.
Than maybe those people should not have a computer and should stick with a regular TV with channel up and down buttons + a volume knob. Seriously if you can't or won't be bothered to maintain a computer than don't use one or use someone else s, that or pay someone to maintain it for you. Go to the library and use a computer there. Its like a car either you are willing to learn to drive and do something about getting the oil changed from time to time, or walk.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
It's the Windows UAC curse. It didn't teach them that there are certain things where you should think before you act, all it taught them is that you have to click "yes" or it doesn't work.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
you think there is no malware in official google store?
There you go: https://play.google.com/store/...
4.5 stars :DDD 161,829 positive reviews :)
https://virtuallyfun.superglob...
Who logs in to gdm? Not I, said the duck.