Slashdot Mirror

← Back to Stories (view on slashdot.org)

Programmer Finds Way To Liberate Ransomware Affected Smart TV, Thanks To LG (theregister.co.uk)

Posted by msmash on from the power-of-social-media dept.

Television production factory LG has saved Darren Cauthon's new year by providing hidden reset instructions to liberate his Google TV from ransomware. From a report on The Register: The company initially demanded more money than the idiot box was worth to repair the TV and relented offering instructions for resetting the telly after Cauthon took to Twitter to express his displeasure. The infection came after the programmer's wife downloaded an app to the TV promising free movies. Instead, it installed the ransomware, with a demand of US$500 to have the menace removed. Cauthon said LG offered factory reset steps which are not publicly revealed nor known to its customer support technicians. He says a family member showed him the TV over Christmas laden with ransomware purporting to be a FBI message bearing a notice that suspicious files were found and the user has been fined.

19 of 161 comments (clear)

  1. Welcome by burtosis · · Score: 5, Insightful

    Welcome all to a world where you don't own nor are allowed to alter the software on items you purchased outright. Be glad that you can still begrudgingly get the information you need on some products to restore an item to factory condition. Remember, only criminals want to tamper with the perfection companies provide. Want to modify something? Be prepared for jail time.

    1. Re:Welcome by Anonymous Coward · · Score: 5, Interesting

      >It cost the manufacturer millions just to develop that software. Do you think by you get the right to own it just by paying a few hundred bucks?

      There's a right to repair movement and I agree with them. If I can't repair it myself, I don't buy it. Simple. They can rationalize it however they want, I don't care. The argument "but it is so expensive to the manufacturers" doesn't really work. So are cars. So what?

    2. Re:Welcome by Lord+Kano · · Score: 3, Insightful

      That's like saying you ate at a restaurant, so you're now partial owner of that restaurant and demand access to their secret recipes.

      It's more like saying that since you paid for the food, you have the right to add salt, pepper or any other seasoning of your choosing in order to enjoy the food, that you purchased, in the manner that you choose.

      LK

      --
      "Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
    3. Re:Welcome by Aaden42 · · Score: 4, Insightful

      Show me where in the terms is said, "While this television is an Android-based computer and reasonably accepted industry standards include a way of reloading fresh operating software from scratch on such computers, this computer has no such function."

      The "everything's a computer" IoT industry has a LONG way to go in terms of disclosing limitations of the devices they're producing. Both sides of the techy and non-techy world have expectations for these devices that are generally agreed upon for other devices of their type in either the consumer electronics or computing device camps. Non-techies have a reasonable expectation that a TV is a box that shows pictures and can't be infected by malware. Techies understand that smart TV's are actually computer that might have malware vulnerabilities and further presume that like all other computers they should have some way to reset them and completely erase any infection.

      Manufacturers are falling short of both camp's expectations, and they're also failing to disclose the true nature of the devices to consumers. They're producing devices that are simultaneously unprecedentedly vulnerable by TV standards and unrepairable by computer standards. The only way for a consumer to find these things out is to buy it and find out the hard way. That's not acceptable.

    4. Re:Welcome by budgenator · · Score: 5, Informative

      It cost the manufacturer millions just to develop that software. Do you think by you get the right to own it just by paying a few hundred bucks?

      Well since it runs on Android, which is a version of Linux, which is distributed under the GPL, for free, the short answer is basically yes, costing the manufacturer $Millions is unlikely, $10's of thousands is probably stretching it.

      The manufacture won't hand you the source code, because that will compromise his trade secrets and therefore, harm his business.

      The kernel portions are distributed under V2 of the GPL and they must absolutely be available, the Android portions distributed by Google/Android have source code available. My guess is that since the factory reset occurs during the device being in a switched off mode, it hooks into the linux kernel and is either GPL'ed or Google/Android source code.

      --
      Apocalypse Cancelled, Sorry, No Ticket Refunds
  2. Re:programmers wife!... by The-Ixian · · Score: 5, Insightful

    I am still trying to figure out why the person's profession or skill set even matters in this story?

    "LG gives user unpublished reset instructions" is more appropriate of a title.

    --
    My eyes reflect the stars and a smile lights up my face.
  3. Android bootloader by Anonymous Coward · · Score: 5, Interesting

    FTA: "With the TV powered off, place one finger on the settings symbol then another finger on the channel down symbol. Remove finger from settings, then from channel down, and navigate using volume keys to the wipe data/ factory reset option."

    It sounds like the common procedure to enter the Android boot loader. Anybody wants to "fastboot oem unlock" that TV?

  4. Don't buy a smart TV by Viol8 · · Score: 4, Insightful

    They have no purpose. Most people now simply use TVs as monitors for a set top box and if you need any more functionality simply plug your computer or tablet into a normal TV. Why anyone would pay a significant extra amount of cash for an oversized underpowered android tablet I have no idea.

    1. Re:Don't buy a smart TV by nasch · · Score: 3, Insightful

      It will probably get harder and harder to find a TV without these "smart" features. If you don't want them, just don't give the TV your wifi password.

    2. Re:Don't buy a smart TV by vux984 · · Score: 5, Insightful

      It will probably get harder and harder to find a TV without these "smart" features. If you don't want them, just don't give the TV your wifi password.

      We are fast approaching a time where the TV will come with built in cellular data, and lifetime subscription (for specific uses). I've already seen several devices that have this scheme... for example a 'cloud punch clock'.

      You might have to enter your wifi password to stream 4k from netflix, but it might send its telemetry, get advertising updates, firmware updates, and its cloud 'siri/cortana/google voice recognition stuff' via a separate always-on cellular network connection.

      The price of the chipset itself is small in a $2000+ TV; and the cost of prepaid data measured at likely less than 500MB per years for 10 years, bought at wholesale for a million TVs at once... well... that's also going to be pretty small.

      Right now the IoT is at least theoretically constrained to our wifi and runs through our firewalls. But we're fast approaching the time where it's just directly connected to the carrier bypassing our home networks entirely.

      Indeed, our home networks themselves may become a nerd relic, the way home servers are. Your computer connects to the cloud, your printer connects to the cloud, your TV connects to the cloud... who needs a LAN? Sure a LAN would be faster... but once its good enough the average user will be happy to forgo having to maintain a home network in exchange for 'it just connects to the cloud'.

    3. Re:Don't buy a smart TV by peragrin · · Score: 5, Interesting

      Also if you do give the smart tv your wifi password be prepared to block its MAC address at the router if you want it to not connect anymore.

      My samsung tv I gave it the wifi password and ten switched inputs to wired network connections to prevent the tv from getting online. That I thought worked until I checked the router logs one day and noticed the tv was still trying to and sending data via wifi even though it was disabled.

      So I blocked the MAC address of the wifi adapter and no more hidden data to be sent

      --
      i thought once I was found, but it was only a dream.
    4. Re:Don't buy a smart TV by myowntrueself · · Score: 3, Interesting

      They have no purpose. Most people now simply use TVs as monitors for a set top box and if you need any more functionality simply plug your computer or tablet into a normal TV. Why anyone would pay a significant extra amount of cash for an oversized underpowered android tablet I have no idea.

      Yet a 50+" monitor costs a LOT more than a 50" TV. Even more than a smart TV. A 55" monitor costs about $1400, at the low end. A 55" smart TV costs about $450 (going by Amazon).

      --
      In the free world the media isn't government run; the government is media run.
  5. "Programmer finds" by Gaygirlie · · Score: 4, Informative

    No, programmer didn't find shit. He was given the instructions, it's that fucking simple.

    1. Re:"Programmer finds" by Oswald+McWeany · · Score: 4, Funny

      He found them in his e-mail inbox.

      --
      "That's the way to do it" - Punch
  6. FBI has an image problem by mi · · Score: 5, Interesting

    ransomware purporting to be a FBI message a notice that suspicious files were found and the user has been fined.

    That people believe such "warnings" in large enough numbers to make it worthwhile for the crooks to make them, is a sign, that FBI has an image problem.

    It is an organization we fear, rather than one we trust (such as to hunt the scammers down). And they had this image problem for so long now, one can begin suspecting, it is not just a perception...

    --
    In Soviet Washington the swamp drains you.
  7. Re:programmers wife!... by TWX · · Score: 4, Insightful

    Well, a programmer is probably technical enough to understand that the device might have a factory reset function, and if it turns out that the wife is being scapegoated, a programmer is also likely in a position to know enough to be dangerous.

    One of the biggest problems in IT and CIS is the assumption that if one is capable on one's particular field, that one is capable in all fields. This simply isn't true in most examples; most people are jack-of-all-trades or are master of a single discipline, and some are jack-of-all-trades and maybe master of one or two in particular. No one is master of all trades.

    I will agree that the bulk off the summary is crap. It goes off onto a tangent but doesn't adequately flesh-out that tangent.

    --
    Do not look into laser with remaining eye.
  8. Not Simple by freeze128 · · Score: 3, Informative

    I have an LG smartphone, and I can tell you that the procedure for getting into the recovery is not as simple as other brands of phones (e.g., HTC). Usually, you would just hold down a button while the device powers on and boots up. With the LG device, you have to hold the button down until it STARTS to boot, then release the button, and then press it again. The timing is critical, and it doesn't often work the first time.

    With the television, you have even more buttons to worry about, so trial and error would take a very long time.

  9. What's the alternative? by mi · · Score: 4, Insightful

    Don't buy a smart TV. They have no purpose.

    They offer, what the manufacturer believes you want in one package.

    I too would rather just buy a nice 65" monitor — because I have a capable set-top box running my IPTV apps and a nice surround-sound setup already — but there aren't any good ones for sale. Or, rather, there are, but they all have the "smart TV" built into them — and I am as annoyed about paying for the "smart" features and the extra hardware they require (USB-readers and WiFi), as people used to be about paying the "Microsoft Tax".

    But there is no alternative at the moment. Which means, people like me (and you) are a tiny minority... I guess, it would cost the manufacturers more to make and ship the separate models without these add-ons, than to simply bundle it all in.

    --
    In Soviet Washington the swamp drains you.
  10. that reset info should be public knowledge by FudRucker · · Score: 4, Insightful

    customers should be allowed to do factory resets on their televisions, WTF is wrong with LG, that info should be in the documentation that comes with every new television sold!!!

    --
    Politics is Treachery, Religion is Brainwashing