Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Android Privacy Security

Android Ransomware Hits Smart TVs (trendmicro.com) 112

Reader Trailrunner7 writes: Security researchers have discovered a variant of the FLocker Android ransomware that not only infects mobile devices, but also can infect smart TVs running certain versions of the operating system. FLocker ransomware has been active for more than a year now, and it is many ways a typical piece of mobile ransomware. It is designed to scare victims into paying a ransom -- $200 in this case -- by locking the infected device and throwing up a screen that accuses the victim of some fictitious crime. The ransomware doesn't appear to encrypt files on an infected device, but it locks the screen so the user can't open any other apps or take any other actions until paying the ransom.

Researchers at Trend Micro said they have seen various versions of FLocker over the last year and the activity level of the ransomware has varied. The newest version of the malware, however, includes the ability to infect art TVs, many of which run Android.

This discussion has been archived. No new comments can be posted.

Android Ransomware Hits Smart TVs

Comments Filter:
  • by Joe_Dragon ( 2206452 ) on Monday June 13, 2016 @01:57PM (#52309217)

    Why can't someone hack the cable box & unlock free hbo? holding the cable co / hbo and get a nice ransom from them?

  • Sorry sir, we no longer support that model (or your warranty doesn't cover software). We can service it for 90% of the cost of a new TV, or recommend some of our newer models.
  • always have a throwaway box first, like for instance, an antenna switch for rabbit ears or rooftop.

    • Re: (Score:2, Interesting)

      by Grishnakh ( 216268 )

      That's not an option with many new TVs: they require network connectivity or else they won't even work as a TV or display monitor.

      This is probably a good reason to buy your TV from Walmart actually: it's trivially easy to throw stuff back in the box (poorly) and get a full refund at your local Walmart. With Amazon, they'll probably require you to pay for return shipping costs.

      • Just don't fucking buy a TV with networking. Are you having difficulties understanding that?

        • Is there still one offered without?

          • I still have a "dumb" TV. It's not big screen, only 32", but good enough, and a better fit for my not-so-big living room anyway. And no ransomware worries.

            • by Anonymous Coward

              He was asking if you can buy one (in the present tense), not whether or not you already bought one in the past perfect tense. This is about 2016, not 2008.

              Now, if you wanna tell us that you recently bought your dumb TV, and also mention its manufacturer's name and its model, great! You'll be contributing to the conversation. (Otherwise: WTF, dude? We care as much about your old TV as your old coffee-maker or your favorite brand of toothpaste.)

          • Not really. You can buy computer monitors, but they don't get much above 32".

          • by Lumpy ( 12016 )

            Yep, it's called a commercial set. and contrary to the videophiles, they have an awesome picture.

        • by TroII ( 4484479 )

          In 5 years you may not be able to buy a dumb TV anymore, as manufacturers are shifting away from them. It's rather onerous to buy a dumb TV now, unless you want to order one online and deal with returning the first couple that show up broken. Go to any big box store and look at the big screen display televisions they have hooked up. Almost every one of them is internet enabled and some of them are internet required. As in, if you turn on your TV and it can't phone home to the mother ship, you aren't watchin

      • by tlhIngan ( 30335 )

        That's not an option with many new TVs: they require network connectivity or else they won't even work as a TV or display monitor.

        This is probably a good reason to buy your TV from Walmart actually: it's trivially easy to throw stuff back in the box (poorly) and get a full refund at your local Walmart. With Amazon, they'll probably require you to pay for return shipping costs.

        I would be extremely surprised if a tv did this, as its a good way to get returns. Because there are many reasons why a network conne

      • by fnj ( 64210 ) on Monday June 13, 2016 @04:34PM (#52310445)

        That's not an option with many new TVs: they require network connectivity or else they won't even work as a TV or display monitor.

        Proof or you made that up. I'm going to block everything outside my LAN to the TV at the router.

        • Get your router tables ready, you're going to be setting up some new rules real soon!
          I'm to lazy to go look up the articles for other people. Today, I'm not even doing it for myself. :P
      • by Pascoea ( 968200 )

        I guess my biggest question is if you aren't using the "smart" features of the TV, installing apps, browsing the internet, etc, how is it getting infected with malware? From what I'm reading (in the sparsely detailed linked article) this isn't something that gets brought in from outside the device (bringing it in on an infected phone or pc), you have to install the offending app on the TV.

        It seems to me that the only people that are affected by this are the people that want to use the "smart" features of t

        • Yeah, that's a good question. I really don't know, but you're probably right: if you don't mind being spied on by the TV maker (which is why it needs to be connected to the internet ultimately, for the phone-home "feature"), but don't mess around with any of the other "smart" features, and especially if you're behind any typical NAT router, I don't see how you'd get infected with anything unless the TV maker's own service gets compromised.

    • How about Ethernet/WiFI===>cheap smart tv box===>good quality non-smart tv? The boxes are small enough now to simply mount to the back of your set or hide somewhere and if the box gets bricked/turned into a storage device for illicit material that a bot net uses, you simply replace the box and throw away/grind it down.
  • For local content, an RPi2 works flawlessly ($35). For streaming, a first generation Chromecast works flawlessly ($35). For anything else, a laptop and a long HDMI cable does the trick.

    If my Chromecast gets infected, that would be a bummer but I'd be out $35. If my RPi2 gets infected, I'll wipe it and start over again.
    • That may be right, and certainly is for 1080p H.264 playback. I think (but can't recall for sure) that it wasn't fast enough to handle 1080p HEVC (H.265) playback, which is how I get most my content these days. That said, an ODROID-C1+ is quite capable, and just as easy to set up as the RPi, and about the same price.

      I actually use my Sony Android TV these days, now that after a few patches it can actually play back the 1080p HEVC content (and 4K content, it was shit at doing this on release).

      Hopefully, very

      • Yeah, pretty sure you're right about h265 on the RPi -- it does h264, VC1 and MPEG2 with hardware decode. (I think the RPi2 is fast enough to do MPEG2 in software, not sure though.)

        I have an Odroid C1 (not C1+), but I never got it working as smoothly as I wanted. I think h265 worked, IIRC, but I had problems with audio passthrough, MPEG2 stuttering, and I think some of my BD rips (either h264 or VC1, can't recall) likewise had some jitter. Plus, the HDMI-CEC support never worked for me...though maybe I s
  • by Anonymous Coward

    For too long, LUDDITES have been writing LUDDITE software disguised as apps like this ransomware "app", taking away jobs from hard-working app appers. Vote for Appald Trump, and he will MAKE APPS APPY AGAIN! All LUDDITES will be deported to LUDDITE Mexico, and American companies will be forced to app apps that app other apps!

    Apps!

  • by H3lldr0p ( 40304 ) on Monday June 13, 2016 @02:17PM (#52309409) Homepage

    where /. was asking why people wanted or avoided "Smart" televisions?

    Consider this exhibit A in the Not column.

  • by rhysweatherley ( 193588 ) on Monday June 13, 2016 @02:28PM (#52309479)
    This is why I only use "science TVs"!
    • by SeaFox ( 739806 )

      Maybe they are referring to a large-screen version of those LCD picture frames that play a slideshow from off a SD card.

  • The only "smart" in "smart" TVs is the marketing effort behind them which convinces the sheep they want one.

    • Quite right, only the marketing...that and the general purpose CPU chips, often ARM based that run a variant of Linux / Android and are able to perform general purpose computing tasks. As a programmer that's quite an interesting proposition as I could run my own code on the TV set.

      Most of the mid-high end TV sets are smart TVs, so if you want a decent 4K set with high colour depth, frame dimming, a selection of display modes, high fidelity rendering of scenes, etc...you're going to have to get a smart TV. I

  • Multiple function devices always give up some functionality. "Flying cars" are expensive, poor cars and expensive, poor planes. Swiss army knives are great, but never as nice a blade as a good hunting knife.

    TV/VCR Combo are stupid know. Ten years from now, the smart TV will also be stupid. Better to get a huge monitor and connect it to a good computer - that you can update in 5 years, keeping the monitor for another 10

    Smart TV's etc. are not worth it.

    • TV/VCR Combo are stupid

      Heh, my combo set (which I didn't pay a dime for, and whose VCR broke long ago) can't play DVDs through the video input. The video passes through the VCR's AGC circuit whether I am using it or not, and Macrovision signal corruption creates brightness flicker as is its pathological intent. I use my xdimax Grex time-base corrector on it when I must.

      I always recommend against "smart" TVs myself. To describe it succinctly, the upgrade life-cycle of a TV is much longer than the upgra

    • I think people are learning the wrong lesson here. This story is why you want your computer (whether it's in a separate box or inside of the monitor) to be maintainable.

      Boot your computer from rescue/install image and either remove the malware or re-install (preferably a newer version of the OS, which doesn't contain whatever bug enabled the installation of the malware in the first place). If you can't do that, then it's a shitty computer no matter how big the bundled monitor is.

      It doesn't matter that the m

      • That's not my take away. Computers are by definition generic machines. They have to do everything - be a spreadsheet, be a word processer, be a video player, connect to the internet, be a phone, etc.

        That is what I object to - putting all that EXTRA tech in my dedicated Video viewing device. When you make something do too much, it DECREASES it's life expectancy and tremendously decreases the chance something will go wrong.

        Basically, you can NEVER get a good SmartTV, no matter how much you try because it g

  • Not during the football Euro Championship! How can you!

  • Sweet (Score:5, Interesting)

    by argStyopa ( 232550 ) on Monday June 13, 2016 @02:53PM (#52309709) Journal

    And if you can imagine implementing the whole "internet of things" you could wake up every morning to find out something like this about all sorts of critical systems on your house!

    The "internet of things" is a COMPLETELY stupid concept; I'm not sure why people seem to keep promoting it.

    • by HornWumpus ( 783565 ) on Monday June 13, 2016 @03:13PM (#52309849)

      Switching powers supplies, reactance and the electric grid.

      Old school power supplies are resistive, they draw a little less power when the line voltage drops,

      Switching power supplies have complex reactance. When the voltage drops, they draw higher current.

      When the grids reactance as a whole stops being mostly resistive, the grid goes unstable. The higher current draw further pulls down voltage, which pulls more current...

      The choices are smart devices that know not to draw higher current (sometimes) or maintaining 51% of the load as resistive.

      • "The choices are smart devices that know not to draw higher current (sometimes) or maintaining 51% of the load as resistive."

        Thank you, my universal 100-240 V AC laptop adapter won't work anymore in the US and your US one will go up in smoke and flames in Europe. Or your tv will black out when the freezer/airco switches on...

  • As someone who doesn't use any features of a "Smart TV", I'm curious what the attack vector is?
    • Usually a browser exploit coming from a pr0n or gambling site, but also from malicious apps that utilize exploits.

    • by jetkust ( 596906 )
      The attack vector is going to the FLocker web site, clicking on the "How to install ransomware on my TV" link, and following the installation instructions.
  • That disconnecting your smart TV from the Internet is the smartest thing of all. I want a screen, not another marketing / malware opportunity.

  • Security researchers have discovered a variant of the FLocker Android ransomware that not only infects mobile devices, but also can infect smart TVs running certain versions of the operating system.

    Oh so you mean the malware doesn't inspect the screen resolution and block itself from running if it's a large screen? Fascinating.

    • by eth1 ( 94901 )

      Security researchers have discovered a variant of the FLocker Android ransomware that not only infects mobile devices, but also can infect smart TVs running certain versions of the operating system.

      Oh so you mean the malware doesn't inspect the screen resolution and block itself from running if it's a large screen? Fascinating.

      If it did that, it would be locking the TVs and not the phones :P
      HDTV: 1920 x 1080
      Galaxy S7: 2560 x 1440

  • by Sadsfae ( 242195 ) on Monday June 13, 2016 @04:11PM (#52310291) Homepage

    I've been unfortunate enough to garner a few IoT devices, including a Samsung Smart TV. With a little bit of effort and a decent Asus Router with Tomato firmware I've placed any questionable devices on isolated VLANs [hobo.house] so they don't affect the rest of of my trusted network. I can also block or whitelist their outbound traffic if needed.

    • For now, your only concern is that your Samsung Smart TV isn't infecting your other IoT devices? You'll still be mighty pissed off when a "legitimate" ad network lets some ransomware masquerading as an ad come across one of the extra ads Samsung wants to display on your TV... But hey, it's only $200--until you realize that Samsung has no fix or security update... So, nothing prevents you from getting the same ransomware over and over...

      And even then, it's only a matter of time before someone figures out
    • Comment removed based on user account deletion
  • And you still thought connecting your TV to the Internet was a pretty neat idea.

    I told you so.

  • The root problem is this: The Android system does not allow you to back up images of your device (via USB to a PC or Mac) and restore the device from a PC or Mac when something goes wrong. With Desktops and Laptops, I save images of C: and Macintosh HD (using Paragon software for PCs, the built in Disk Utility for the Macs). I also save my data on other partitions than C: or Macintosh HD where allowed. When something goes badly wrong I don't even try to figure it out; I just restore the last good image

You know you've landed gear-up when it takes full power to taxi.

Working...