Slashdot Mirror
Android Ransomware Infects LG Smart TV, Company 'Refuses' To Help (bleepingcomputer.com)
Security firms have been warning us for more than a year about the possibility of Android malware jumping from phones and tablets to other Android-powered devices, such smart TVs. The latest incident involving ransomware on a smart TV involves software engineer Darren Cauthon, who revealed that the LG smart TV of one of his family members was infected with ransomware right on Christmas day. What's worse? He claims LG wouldn't help him with perform factory reset of the device. From a report: Based on a screenshot Cauthon posted online, the smart TV appears to be infected with a version of the Cyber. Police ransomware, also known as FLocker, Frantic Locker, or Dogspectus. The infected TV is one of the last generations of LG smart TVs that ran Google TV, a smart TV platform developed by Google together with Intel, Sony, and Logitech. Google TV launched in 2010, but Google discontinued the project in June 2014. In the meantime, LG has moved on from Google TV, and the company's TVs now run WebOS. Cauthon says he tried to reset the TV to factory settings, but the reset procedure available online didn't work. When the software engineer contacted LG, the company told him to visit one of their service centers, where one of its employees could reset his TV.
"The company told him to visit one of their service centers, where one of its employees could reset his TV."
funny, that seems like a legit offer of help.
I bought one of them Smart TVs, but it still had all the same dumb shows on it, so we put it up on a pair of sawhorses and are now using it as a dining table. Assholes at Best Buy didn't want to give me a refund.
You are welcome on my lawn.
While they do seem to be using that as a motto right now, LG doesn't really even stand for "Life's Good" but rather "Lucky-Goldstar", which is a combination of two brands which merged to form the company. Amusingly, while Goldstar sold electronics, Lucky was more commonly associated with detergents and hygiene products.
...it probably is. Don't try to find some app to watch movies for free as an alternative to paying for them via approved, signed applications and you most likely will not get ransomware. If you try to find "free" stuff, you're playing the malware equivalent of Russian Roulette.
On the note of resetting firmware, for most TV's you normally do this via the remote and the menu. However, in this particular case that won't work. There should be a way to physically hard-reset any consumer device to factory defaults without requiring an OSD. The reasons you might need to do this go beyond malware such as a power outage during a firmware upgrade or maybe (gasp) the consumer device manufacturer pushed a bad software update, bricking your consumer device.
There is actually a way to reset your LG firmware without using the OSD though. Go to LG's website: http://www.lg.com/us/support/s..., search for your TV model, then click on your TV's model number (found on the back of the TV). You will see modal dialog that has two links, one to the firmware and one to the software upgrade guide. The software upgrade guide walks you through the steps to put the firmware on a USB drive and upgrade it without needing to use the OSD. I found this youtube video that walks you through the whole process as well: https://www.youtube.com/watch?...
Don't go drama on tech support which in a lot of cases is outsourced to call centers full of low income incompetent idiots. If you want something done right, figure it out and do it yourself. Be your own tech support.
We'll make great pets
Remember this company used to be called GoldStar, best known for substandard product and nonexistent customer service in the 90s. The brand name was so thoroughly trashed they renamed themselves LG.
ELOI, ELOI, LAMA SABACHTHANI!?
but after the factory guys pull the lithium cell, or hook it to a tesla coil, or replace a module, or whatever to hard-reset the set, it's still vulnerable.
"Smart TV" is bogus. never hook an ethernet cable to one. use a Roku or Chromecast or something else cheap, easily replaceable, and disposeable if you feel the need for direct streaming.
if this is supposed to be a new economy, how come they still want my old fashioned money?
TV's should be supported for at least 10 years, and should be in as much of a walled sandbox as possible. We have a TV that is now almost 9 years old, and thankfully it is not "smart". I actively avoid "smart" stuff, I just don't see any real upside for a "smart" toaster, fridge, oven thermometers, etc. Instead I see tons of downside.
Companies churn through new stuff on a yearly basis and rarely support any older stuff, so that "smart" stuff quickly stops shipping apps to support it, and it is only a matter of a phone OS update before you risk bricking the damn thing.
Connected cars are complete BS too. They should last 20 years minimum, so why put in the latest technology fad?! My used Nissan Leaf is days away from the 2G connection being shut off, meaning I have to spend $200 to upgrade it, or I will lose the pre-heat and remote charge start features (won't actually miss them much). Try buying a new car today without a stupid touch screen in it. A quick knob turn for changing the radio now requires wading through menus while driving. WTF?!
Asked to detail how he got infected with the ransomware, Cauthon said "They [the relatives] said they downloaded an app to watch a movie. Halfway thru movie, tv froze. Now boots to this."
10-to-1 odds his relatives downloaded some shady app promising "free movies" (aka pirated movies), and was downloaded from a shady source. This generally doesn't happen by itself, and it's pretty rare to get infected by stuff from the official store. Yes, it happens, but the *vast* majority of Android malware is on 3rd party sites.
The general public needs to learn that downloading stuff from unverified 3rd party sources is going to get you infected sooner or later. To be perfectly honest, this is why Apple's walled garden with locked-down devices may be better for your typical user. Most people certainly can't handle the responsibility of keeping a modern PC clean, and it appears they can't even keep a smart TV malware free. Remember the saying "a little knowledge is a dangerous thing"? Well, time and time again we see that users seem to have just enough knowledge to thoroughly screw themselves and their devices.
I feel for them having to shell out a few hundred to learn this lesson, but its a lesson worth learning before they get infected with a banking trojan on their PC. Of course, we don't really know the whole story, so I'm sort of reading between the lines and could certainly be wrong about this. But I doubt it.
Irony: Agile development has too much intertia to be abandoned now.
The various branded flavours of Android on phones, tablets, and TVs are often locked into only downloading and installing apps from Google Play and/or their own branded app stores. Installing apps from 3rd parties, i.e. download the package and install it manually, is beyond most users knowledge and capabilities. It's more likely that the malware was installed from Google Play or the branded app store. Their verification and malware screening processes will always be at least a step behind the criminals.
just don't give it a wifi access and don't ever let it on the net.
Vizio has this fun new trick. You literally can't configure the TV without their smartphone app and a wifi connection.
Ever notice that when a sentence starts off, "I like how ...," the rest of it is a sophomoric diatribe about how the author doesn't actually, " ... like how ...?"
I like how everybody here understands sarcasm.
my, your, his/her/its, our, your, their
I'm, you're, he's/she's/it's, we're, you're, they're