Slashdot Mirror

← Back to Stories (view on slashdot.org)

Programmer Finds Way To Liberate Ransomware Affected Smart TV, Thanks To LG (theregister.co.uk)

Posted by msmash on from the power-of-social-media dept.

Television production factory LG has saved Darren Cauthon's new year by providing hidden reset instructions to liberate his Google TV from ransomware. From a report on The Register: The company initially demanded more money than the idiot box was worth to repair the TV and relented offering instructions for resetting the telly after Cauthon took to Twitter to express his displeasure. The infection came after the programmer's wife downloaded an app to the TV promising free movies. Instead, it installed the ransomware, with a demand of US$500 to have the menace removed. Cauthon said LG offered factory reset steps which are not publicly revealed nor known to its customer support technicians. He says a family member showed him the TV over Christmas laden with ransomware purporting to be a FBI message bearing a notice that suspicious files were found and the user has been fined.

32 of 161 comments (clear)

  1. Welcome by burtosis · · Score: 5, Insightful

    Welcome all to a world where you don't own nor are allowed to alter the software on items you purchased outright. Be glad that you can still begrudgingly get the information you need on some products to restore an item to factory condition. Remember, only criminals want to tamper with the perfection companies provide. Want to modify something? Be prepared for jail time.

    1. Re:Welcome by Anonymous Coward · · Score: 5, Interesting

      >It cost the manufacturer millions just to develop that software. Do you think by you get the right to own it just by paying a few hundred bucks?

      There's a right to repair movement and I agree with them. If I can't repair it myself, I don't buy it. Simple. They can rationalize it however they want, I don't care. The argument "but it is so expensive to the manufacturers" doesn't really work. So are cars. So what?

    2. Re:Welcome by Gr8Apes · · Score: 2

      Welcome all to a world where you don't own nor are allowed to alter the software on items you purchased outright.

      It cost the manufacturer millions just to develop that software.

      I'd be happy if they spent those millions in making better TVs. I have a cheap external box to deal with all the other features that no TV no matter how expensive can remotely compare to price-wise. I know they wish to own the consumer, but that boat sailed a long long long time ago.

      --
      The cesspool just got a check and balance.
    3. Re:Welcome by Lord+Kano · · Score: 3, Insightful

      That's like saying you ate at a restaurant, so you're now partial owner of that restaurant and demand access to their secret recipes.

      It's more like saying that since you paid for the food, you have the right to add salt, pepper or any other seasoning of your choosing in order to enjoy the food, that you purchased, in the manner that you choose.

      LK

      --
      "Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
    4. Re:Welcome by myowntrueself · · Score: 2

      If you don't like the terms, don't buy the product. Let the free market sort things out.

      Thats nice. I'll just buy out the water supply and include "Your first born become my slaves" in the terms of service. Let the free market sort things out, if they don't want to give me their first born they are welcome to die of thirst about 2 days later. That free market really works.

      --
      In the free world the media isn't government run; the government is media run.
    5. Re:Welcome by Aaden42 · · Score: 4, Insightful

      Show me where in the terms is said, "While this television is an Android-based computer and reasonably accepted industry standards include a way of reloading fresh operating software from scratch on such computers, this computer has no such function."

      The "everything's a computer" IoT industry has a LONG way to go in terms of disclosing limitations of the devices they're producing. Both sides of the techy and non-techy world have expectations for these devices that are generally agreed upon for other devices of their type in either the consumer electronics or computing device camps. Non-techies have a reasonable expectation that a TV is a box that shows pictures and can't be infected by malware. Techies understand that smart TV's are actually computer that might have malware vulnerabilities and further presume that like all other computers they should have some way to reset them and completely erase any infection.

      Manufacturers are falling short of both camp's expectations, and they're also failing to disclose the true nature of the devices to consumers. They're producing devices that are simultaneously unprecedentedly vulnerable by TV standards and unrepairable by computer standards. The only way for a consumer to find these things out is to buy it and find out the hard way. That's not acceptable.

    6. Re:Welcome by Mr.+Droopy+Drawers · · Score: 2

      It's getting to become the norm where the cost of developing the software IS a large chunk of the cost of goods of a piece of equipment. Such costs are called, "non-recoverable expense" and is amortized over the estimated number of pieces to be sold.

      --

      To Copy from One is Plagiarism; To Copy from Many is Research.

    7. Re:Welcome by budgenator · · Score: 5, Informative

      It cost the manufacturer millions just to develop that software. Do you think by you get the right to own it just by paying a few hundred bucks?

      Well since it runs on Android, which is a version of Linux, which is distributed under the GPL, for free, the short answer is basically yes, costing the manufacturer $Millions is unlikely, $10's of thousands is probably stretching it.

      The manufacture won't hand you the source code, because that will compromise his trade secrets and therefore, harm his business.

      The kernel portions are distributed under V2 of the GPL and they must absolutely be available, the Android portions distributed by Google/Android have source code available. My guess is that since the factory reset occurs during the device being in a switched off mode, it hooks into the linux kernel and is either GPL'ed or Google/Android source code.

      --
      Apocalypse Cancelled, Sorry, No Ticket Refunds
    8. Re:Welcome by Archangel+Michael · · Score: 2

      That's not acceptable.

      It is acceptable to me. Your opinion is different, and I get that, but blanket statements like this are almost always untrue.

      These "Smart" TVs are incremental "feature" upgrades to regular TVs. They literally cost a small transaction difference in price to similar but non-smart TVs. That small incremental price difference is a huge profit center for the manufacturers. It literally costs them next to nothing to install, and increases the price $100. This feature differentiator is key to driving profits up, so much so, that they probably make the two models completely identically in the factory, and disable/enable features based on the price point they want.

      If you don't want or need a SmartTV, then don't get one. If you want one, then investigate a bit more than spur of the moment shopping decision, which is exactly what they are expecting. Get a ROKU or Googlecast (Chromecast) or build your own RaspberryPi version.

      Speaking of RaspberryPi, why didn't the "Programmer" have one of those setup to do the "SmartTV" bits in the first place??

      --
      Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    9. Re:Welcome by kelemvor4 · · Score: 2

      Welcome all to a world where you don't own nor are allowed to alter the software on items you purchased outright.

      It cost the manufacturer millions just to develop that software. Do you think by you get the right to own it just by paying a few hundred bucks? That's like saying you ate at a restaurant, so you're now partial owner of that restaurant and demand access to their secret recipes. You have the right to use the product, but don't own the design. The manufacture won't hand you the source code, because that will compromise his trade secrets and therefore, harm his business.

      The main issue is that the "Smart" (read connected) TV is exposed to millions of hackers and that's the stupid part. More connected something is to the internet, the more vulnerable it is. If the world continues down this moronic path for more convenience, there'll be a day when hackers will lock you out of your house when they seize control of your smart door.

      No, it's more like saying he bought a plate of food at that restaurant and can do whatever he wants with the food. See how that works? He can eat it as they prepared it, add salt and pepper and steak sauce then eat it, take it home and make changes to it, give it away, throw it away, the possibilities are endless.

    10. Re:Welcome by unrtst · · Score: 2

      That's a terrible analogy. When you go to a restaurant you only "own" the food on your plate and your body gets rid of it a few hours later.

      I think you're on to a better analogy.
      For TV, you "own" the show content until you're done processing it (ie. you rent it, or have a temporary license to it). So, where's the TV/software/restaurant fall in there?
      * food = content/shows/etc
      * salt/pepper = ff/pause/rewind/mute
      * restaurant = network (abc/nbc/etc)
      * chef/waiters/staff = content producers (director/actor/etc)
      * tv = plate/fork/knife/etc
      * tv OS = Miss Manners rules for using your utensils and how to properly consume your food

      If you eat at a restaurant, it's then like going out to the movie theater.
      If you order delivery (and thus supply your own dishes and your own house rules for the handling thereof), it's like watching the content on your TV.
      As such, they have no business enforcing Judith Martin's rules while in the privacy of your own home.

  2. Re:programmers wife!... by The-Ixian · · Score: 5, Insightful

    I am still trying to figure out why the person's profession or skill set even matters in this story?

    "LG gives user unpublished reset instructions" is more appropriate of a title.

    --
    My eyes reflect the stars and a smile lights up my face.
  3. Twitter by Fire_Wraith · · Score: 2

    Twitter seems to be a pretty effective place to take your complaints about a product/company in order to get satisfaction. It's far more likely to get a response, it seems, than other methods like contacting them directly. I suppose the lesson is that companies are eager to quickly (or more quickly) react to potential bad publicity than they are about the complaints of one specific customer.

  4. Android bootloader by Anonymous Coward · · Score: 5, Interesting

    FTA: "With the TV powered off, place one finger on the settings symbol then another finger on the channel down symbol. Remove finger from settings, then from channel down, and navigate using volume keys to the wipe data/ factory reset option."

    It sounds like the common procedure to enter the Android boot loader. Anybody wants to "fastboot oem unlock" that TV?

  5. Don't buy a smart TV by Viol8 · · Score: 4, Insightful

    They have no purpose. Most people now simply use TVs as monitors for a set top box and if you need any more functionality simply plug your computer or tablet into a normal TV. Why anyone would pay a significant extra amount of cash for an oversized underpowered android tablet I have no idea.

    1. Re:Don't buy a smart TV by nasch · · Score: 3, Insightful

      It will probably get harder and harder to find a TV without these "smart" features. If you don't want them, just don't give the TV your wifi password.

    2. Re:Don't buy a smart TV by vux984 · · Score: 5, Insightful

      It will probably get harder and harder to find a TV without these "smart" features. If you don't want them, just don't give the TV your wifi password.

      We are fast approaching a time where the TV will come with built in cellular data, and lifetime subscription (for specific uses). I've already seen several devices that have this scheme... for example a 'cloud punch clock'.

      You might have to enter your wifi password to stream 4k from netflix, but it might send its telemetry, get advertising updates, firmware updates, and its cloud 'siri/cortana/google voice recognition stuff' via a separate always-on cellular network connection.

      The price of the chipset itself is small in a $2000+ TV; and the cost of prepaid data measured at likely less than 500MB per years for 10 years, bought at wholesale for a million TVs at once... well... that's also going to be pretty small.

      Right now the IoT is at least theoretically constrained to our wifi and runs through our firewalls. But we're fast approaching the time where it's just directly connected to the carrier bypassing our home networks entirely.

      Indeed, our home networks themselves may become a nerd relic, the way home servers are. Your computer connects to the cloud, your printer connects to the cloud, your TV connects to the cloud... who needs a LAN? Sure a LAN would be faster... but once its good enough the average user will be happy to forgo having to maintain a home network in exchange for 'it just connects to the cloud'.

    3. Re:Don't buy a smart TV by dgatwood · · Score: 2

      We are fast approaching a time where the TV will come with built in cellular data, and lifetime subscription (for specific uses). I've already seen several devices that have this scheme... for example a 'cloud punch clock'.

      The best part, of course, is that "lifetime" will mean "for the expected lifetime of the device", which means that after a few years, they can stop paying for the cellular service and brick the device, forcing you to buy a new one. And even if they don't, the carriers will drop support for the device after three or four standards shifts renders it impractical to support the legacy device because the frequency band it uses is getting freed up to make room for 7G or whatever. (See also: OnStar)

      "Free" cellular service is the ultimate in planned obsolescence—particularly if the device doesn't work without cellular service.

      --

      Check out my sci-fi/humor trilogy at PatriotsBooks.

    4. Re:Don't buy a smart TV by peragrin · · Score: 5, Interesting

      Also if you do give the smart tv your wifi password be prepared to block its MAC address at the router if you want it to not connect anymore.

      My samsung tv I gave it the wifi password and ten switched inputs to wired network connections to prevent the tv from getting online. That I thought worked until I checked the router logs one day and noticed the tv was still trying to and sending data via wifi even though it was disabled.

      So I blocked the MAC address of the wifi adapter and no more hidden data to be sent

      --
      i thought once I was found, but it was only a dream.
    5. Re:Don't buy a smart TV by myowntrueself · · Score: 3, Interesting

      They have no purpose. Most people now simply use TVs as monitors for a set top box and if you need any more functionality simply plug your computer or tablet into a normal TV. Why anyone would pay a significant extra amount of cash for an oversized underpowered android tablet I have no idea.

      Yet a 50+" monitor costs a LOT more than a 50" TV. Even more than a smart TV. A 55" monitor costs about $1400, at the low end. A 55" smart TV costs about $450 (going by Amazon).

      --
      In the free world the media isn't government run; the government is media run.
  6. "Programmer finds" by Gaygirlie · · Score: 4, Informative

    No, programmer didn't find shit. He was given the instructions, it's that fucking simple.

    1. Re:"Programmer finds" by Oswald+McWeany · · Score: 4, Funny

      He found them in his e-mail inbox.

      --
      "That's the way to do it" - Punch
  7. FBI has an image problem by mi · · Score: 5, Interesting

    ransomware purporting to be a FBI message a notice that suspicious files were found and the user has been fined.

    That people believe such "warnings" in large enough numbers to make it worthwhile for the crooks to make them, is a sign, that FBI has an image problem.

    It is an organization we fear, rather than one we trust (such as to hunt the scammers down). And they had this image problem for so long now, one can begin suspecting, it is not just a perception...

    --
    In Soviet Washington the swamp drains you.
    1. Re:FBI has an image problem by c · · Score: 2

      That people believe such "warnings" in large enough numbers to make it worthwhile for the crooks to make them, is a sign, that FBI has an image problem.

      Ironically, the same people that fall for these scams usually think nothing of ignoring the FBI warnings that play at the beginning of movies...

      --
      Log in or piss off.
    2. Re:FBI has an image problem by zifn4b · · Score: 2

      It is an organization we fear, rather than one we trust (such as to hunt the scammers down). And they had this image problem for so long now, one can begin suspecting, it is not just a perception...

      You're veering off-topic but if you do a relatively small amount of research into the topic including Gallup polls, you find that social trust in the United States has plummeted for many years and the latest generation, the Millennials, have the lowest social trust. It's been gradually declining: Silent > Boomers > Gen X > Millenials. If you really care about this issue do your research because it's going to take a monumental effort to change the course of our culture. We're essentially devolving back into a more tribal society.

      --
      We'll make great pets
  8. Re:programmers wife!... by TWX · · Score: 4, Insightful

    Well, a programmer is probably technical enough to understand that the device might have a factory reset function, and if it turns out that the wife is being scapegoated, a programmer is also likely in a position to know enough to be dangerous.

    One of the biggest problems in IT and CIS is the assumption that if one is capable on one's particular field, that one is capable in all fields. This simply isn't true in most examples; most people are jack-of-all-trades or are master of a single discipline, and some are jack-of-all-trades and maybe master of one or two in particular. No one is master of all trades.

    I will agree that the bulk off the summary is crap. It goes off onto a tangent but doesn't adequately flesh-out that tangent.

    --
    Do not look into laser with remaining eye.
  9. Not Simple by freeze128 · · Score: 3, Informative

    I have an LG smartphone, and I can tell you that the procedure for getting into the recovery is not as simple as other brands of phones (e.g., HTC). Usually, you would just hold down a button while the device powers on and boots up. With the LG device, you have to hold the button down until it STARTS to boot, then release the button, and then press it again. The timing is critical, and it doesn't often work the first time.

    With the television, you have even more buttons to worry about, so trial and error would take a very long time.

  10. What's the alternative? by mi · · Score: 4, Insightful

    Don't buy a smart TV. They have no purpose.

    They offer, what the manufacturer believes you want in one package.

    I too would rather just buy a nice 65" monitor — because I have a capable set-top box running my IPTV apps and a nice surround-sound setup already — but there aren't any good ones for sale. Or, rather, there are, but they all have the "smart TV" built into them — and I am as annoyed about paying for the "smart" features and the extra hardware they require (USB-readers and WiFi), as people used to be about paying the "Microsoft Tax".

    But there is no alternative at the moment. Which means, people like me (and you) are a tiny minority... I guess, it would cost the manufacturers more to make and ship the separate models without these add-ons, than to simply bundle it all in.

    --
    In Soviet Washington the swamp drains you.
  11. Reset pinhole required by DigiShaman · · Score: 2

    How hard would it be to engineer a reset pinhole into the next model for user factory resets?? Id be fine with clearing all memory and loading from a static ROM. It's not that difficult to load the upgraded OS/Apps from online again.

    --
    Life is not for the lazy.
    1. Re:Reset pinhole required by Gilgaron · · Score: 2

      It probably isn't malice, it probably just didn't occur to them. My in-laws were showing me their new WiFi thermostat/security camera system. It would not surprise me if there is no clear way to reset it if it were to be compromised by malware... I look at all that stuff and feel like Adama from Battlestar Galatica refusing to network his computers...

  12. Re:programmers wife!... by gnick · · Score: 2

    A programmer is much, much more likely to pirate.

    A programmer is more likely to pirate "properly." A non-programmer (e.g. a programmer's wife) is more likely to screw things up by blindly installing Free Warez.

    --
    He's getting rather old, but he's a good mouse.
  13. that reset info should be public knowledge by FudRucker · · Score: 4, Insightful

    customers should be allowed to do factory resets on their televisions, WTF is wrong with LG, that info should be in the documentation that comes with every new television sold!!!

    --
    Politics is Treachery, Religion is Brainwashing