Programmer Finds Way To Liberate Ransomware Affected Smart TV, Thanks To LG

Television production factory LG has saved Darren Cauthon's new year by providing hidden reset instructions to liberate his Google TV from ransomware. From a report on The Register: The company initially demanded more money than the idiot box was worth to repair the TV and relented offering instructions for resetting the telly after Cauthon took to Twitter to express his displeasure. The infection came after the programmer's wife downloaded an app to the TV promising free movies. Instead, it installed the ransomware, with a demand of US$500 to have the menace removed. Cauthon said LG offered factory reset steps which are not publicly revealed nor known to its customer support technicians. He says a family member showed him the TV over Christmas laden with ransomware purporting to be a FBI message bearing a notice that suspicious files were found and the user has been fined.

Welcome

[burtosis]

Welcome all to a world where you don't own nor are allowed to alter the software on items you purchased outright. Be glad that you can still begrudgingly get the information you need on some products to restore an item to factory condition. Remember, only criminals want to tamper with the perfection companies provide. Want to modify something? Be prepared for jail time.

Re:Welcome

>It cost the manufacturer millions just to develop that software. Do you think by you get the right to own it just by paying a few hundred bucks?

There's a right to repair movement and I agree with them. If I can't repair it myself, I don't buy it. Simple. They can rationalize it however they want, I don't care. The argument "but it is so expensive to the manufacturers" doesn't really work. So are cars. So what?

Re:Welcome

[budgenator]

It cost the manufacturer millions just to develop that software. Do you think by you get the right to own it just by paying a few hundred bucks?

Well since it runs on Android, which is a version of Linux, which is distributed under the GPL, for free, the short answer is basically yes, costing the manufacturer $Millions is unlikely, $10's of thousands is probably stretching it.

The manufacture won't hand you the source code, because that will compromise his trade secrets and therefore, harm his business.

The kernel portions are distributed under V2 of the GPL and they must absolutely be available, the Android portions distributed by Google/Android have source code available. My guess is that since the factory reset occurs during the device being in a switched off mode, it hooks into the linux kernel and is either GPL'ed or Google/Android source code.

Re:programmers wife!...

[The-Ixian]

I am still trying to figure out why the person's profession or skill set even matters in this story?

"LG gives user unpublished reset instructions" is more appropriate of a title.

Android bootloader

FTA: "With the TV powered off, place one finger on the settings symbol then another finger on the channel down symbol. Remove finger from settings, then from channel down, and navigate using volume keys to the wipe data/ factory reset option."

It sounds like the common procedure to enter the Android boot loader. Anybody wants to "fastboot oem unlock" that TV?

FBI has an image problem

[mi]

ransomware purporting to be a FBI message a notice that suspicious files were found and the user has been fined.

That people believe such "warnings" in large enough numbers to make it worthwhile for the crooks to make them, is a sign, that FBI has an image problem.

It is an organization we fear, rather than one we trust (such as to hunt the scammers down). And they had this image problem for so long now, one can begin suspecting, it is not just a perception...

Re:Don't buy a smart TV

[vux984]

It will probably get harder and harder to find a TV without these "smart" features. If you don't want them, just don't give the TV your wifi password.

We are fast approaching a time where the TV will come with built in cellular data, and lifetime subscription (for specific uses). I've already seen several devices that have this scheme... for example a 'cloud punch clock'.

You might have to enter your wifi password to stream 4k from netflix, but it might send its telemetry, get advertising updates, firmware updates, and its cloud 'siri/cortana/google voice recognition stuff' via a separate always-on cellular network connection.

The price of the chipset itself is small in a $2000+ TV; and the cost of prepaid data measured at likely less than 500MB per years for 10 years, bought at wholesale for a million TVs at once... well... that's also going to be pretty small.

Right now the IoT is at least theoretically constrained to our wifi and runs through our firewalls. But we're fast approaching the time where it's just directly connected to the carrier bypassing our home networks entirely.

Indeed, our home networks themselves may become a nerd relic, the way home servers are. Your computer connects to the cloud, your printer connects to the cloud, your TV connects to the cloud... who needs a LAN? Sure a LAN would be faster... but once its good enough the average user will be happy to forgo having to maintain a home network in exchange for 'it just connects to the cloud'.

Re:Don't buy a smart TV

[peragrin]

Also if you do give the smart tv your wifi password be prepared to block its MAC address at the router if you want it to not connect anymore.

My samsung tv I gave it the wifi password and ten switched inputs to wired network connections to prevent the tv from getting online. That I thought worked until I checked the router logs one day and noticed the tv was still trying to and sending data via wifi even though it was disabled.

So I blocked the MAC address of the wifi adapter and no more hidden data to be sent