Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Security Android

Android Ransomware Infects LG Smart TV, Company 'Refuses' To Help (bleepingcomputer.com) 295

Security firms have been warning us for more than a year about the possibility of Android malware jumping from phones and tablets to other Android-powered devices, such smart TVs. The latest incident involving ransomware on a smart TV involves software engineer Darren Cauthon, who revealed that the LG smart TV of one of his family members was infected with ransomware right on Christmas day. What's worse? He claims LG wouldn't help him with perform factory reset of the device. From a report: Based on a screenshot Cauthon posted online, the smart TV appears to be infected with a version of the Cyber. Police ransomware, also known as FLocker, Frantic Locker, or Dogspectus. The infected TV is one of the last generations of LG smart TVs that ran Google TV, a smart TV platform developed by Google together with Intel, Sony, and Logitech. Google TV launched in 2010, but Google discontinued the project in June 2014. In the meantime, LG has moved on from Google TV, and the company's TVs now run WebOS. Cauthon says he tried to reset the TV to factory settings, but the reset procedure available online didn't work. When the software engineer contacted LG, the company told him to visit one of their service centers, where one of its employees could reset his TV.
This discussion has been archived. No new comments can be posted.

Android Ransomware Infects LG Smart TV, Company 'Refuses' To Help

Comments Filter:
  • LS? (Score:2, Funny)

    by Mikkeles ( 698461 )

    So, will they be renaming the company to "Life Sucks"?

    • Re:LS? (Score:5, Informative)

      by phorm ( 591458 ) on Wednesday December 28, 2016 @12:02PM (#53565981) Journal

      While they do seem to be using that as a motto right now, LG doesn't really even stand for "Life's Good" but rather "Lucky-Goldstar", which is a combination of two brands which merged to form the company. Amusingly, while Goldstar sold electronics, Lucky was more commonly associated with detergents and hygiene products.

      • Amusingly, while Goldstar sold electronics, Lucky was more commonly associated with detergents and hygiene products.

        I hope the implied irony is how the company is now refusing to help sanitize their electronic devices. :-)

      • I bought an LG TV recently, but I'm smart enough not to buy a smart TV. It works great, no frills, no nonsense, I love my Goldstar! In the 90s I had a goldstar CRT monitor and it sucked, they've come a long way.

      • Amusingly, while Goldstar sold electronics, Lucky was more commonly associated with detergents and hygiene products.

        Why is that amusing? http://www.lgchem.com/global/m... [lgchem.com]

        It seems to be quite consistent:
        Toshiba: http://www.toshiba-tmat.co.jp/... [toshiba-tmat.co.jp]
        Samsung only sold to Lotte less than a year ago: http://www.samsungchemical.com... [samsungchemical.com]
        who were a bit behind Sony which spun of it's chemical division 4 years ago: http://www.dexerials.jp/en/ [dexerials.jp]

        Electronics companies have a VERY long history which includes a lot of chemical manufacture.

    • by Lead Butthead ( 321013 ) on Wednesday December 28, 2016 @12:15PM (#53566057) Journal

      Remember this company used to be called GoldStar, best known for substandard product and nonexistent customer service in the 90s. The brand name was so thoroughly trashed they renamed themselves LG.

      • The brand name was so thoroughly trashed they renamed themselves LG.

        What the heck are you talking about. LG is Lucky-Goldstar, the merger of the Chemical company Lucky and the electronics manufacturer Goldstar. This happened in the 60s. It was the most obvious renaming and the natural product of a merger, not an attempt to kill the Goldstar name. They fully traded as Lucky-Goldstar only changing to LG when they entered the western market whereas everywhere else they were still sold as Lucky-Goldstar until well in to the 00s.

        Hell they didn't even own the www.lg.com domain na

    • by swschrad ( 312009 ) on Wednesday December 28, 2016 @12:20PM (#53566091) Homepage Journal

      but after the factory guys pull the lithium cell, or hook it to a tesla coil, or replace a module, or whatever to hard-reset the set, it's still vulnerable.

      "Smart TV" is bogus. never hook an ethernet cable to one. use a Roku or Chromecast or something else cheap, easily replaceable, and disposeable if you feel the need for direct streaming.

      • but after the factory guys pull the lithium cell, or hook it to a tesla coil, or replace a module, or whatever to hard-reset the set, it's still vulnerable.

        It's more likely to be some masonic handshake like holding down certain buttons for exactly 2 pi seconds while standing on one leg with a pencil in your ear - which they could have read out over the phone.

      • but after the factory guys pull the lithium cell, or hook it to a tesla coil, or replace a module, or whatever to hard-reset the set, it's still vulnerable.

        The circuit to pull/replace is the flux-capacitor and the TV will be fine once you get it up to 88 mph.

      • by TWX ( 665546 ) on Wednesday December 28, 2016 @01:19PM (#53566427)

        "Smart TV" is bogus. never hook an ethernet cable to one. use a Roku or Chromecast or something else cheap, easily replaceable, and disposeable if you feel the need for direct streaming.

        Unfortunately the TV manufacturers are making it harder and harder to avoid some kind of network connection. Our Vizio comes with a really terrible and over-simple remote that doesn't do anything, to configure the TV you must at least use your smartphone and a crappy application.

        At least in our TV's case, they are only one step from the conventional TV and remote so I can order an older TV's remote and get most of the functionality, but it's still annoying as hell.

        But you're right, I doubt I will ever hook the TV to the Ethernet or the Wifi. Bad enough that I couldn't avoid doing that with the Blu-ray player, otherwise I'd just let the computer that I've put into the entertainment center supply whatever I need.

        • I made sure to test them out in the store first. Not only will I not buy a "smart" TV, it has to have an intuitive physical interface that I can operate without a remote if needed. I was skeptical of the LG at first because it used a miniature joystick that's out of sight on the bottom surface. However, as soon as I moved it, a menu popped up, and it was easy and intuitive to find and select options without having to learn some nifty interface paradigm.

          Some of the other brands had traditional buttons, but t

          • by Locke2005 ( 849178 ) on Wednesday December 28, 2016 @04:32PM (#53567537)
            My new Samsung fails the "intuitive physical interface" test. Their designers pulled a Dilbert and decided to ship with a sleek new remote control with only 5 black-on-black buttons, meaning doing something as simple as switching input sources now requires pushing the Home button to bring up a menu, Left or Right buttons to select the source menu, pushing the Up button, then pushing the Left or Right button to select the new source, then pushing the Enter button... oh yeah, that's much easier than just pushing the Input button to cycle through sources like I do on the LG remote!
  • "the smart TV appears to be infected..."

    I guess the TV ain't so smart now...

    • by Dutch Gun ( 899105 ) on Wednesday December 28, 2016 @12:46PM (#53566229)

      Asked to detail how he got infected with the ransomware, Cauthon said "They [the relatives] said they downloaded an app to watch a movie. Halfway thru movie, tv froze. Now boots to this."

      10-to-1 odds his relatives downloaded some shady app promising "free movies" (aka pirated movies), and was downloaded from a shady source. This generally doesn't happen by itself, and it's pretty rare to get infected by stuff from the official store. Yes, it happens, but the *vast* majority of Android malware is on 3rd party sites.

      The general public needs to learn that downloading stuff from unverified 3rd party sources is going to get you infected sooner or later. To be perfectly honest, this is why Apple's walled garden with locked-down devices may be better for your typical user. Most people certainly can't handle the responsibility of keeping a modern PC clean, and it appears they can't even keep a smart TV malware free. Remember the saying "a little knowledge is a dangerous thing"? Well, time and time again we see that users seem to have just enough knowledge to thoroughly screw themselves and their devices.

      I feel for them having to shell out a few hundred to learn this lesson, but its a lesson worth learning before they get infected with a banking trojan on their PC. Of course, we don't really know the whole story, so I'm sort of reading between the lines and could certainly be wrong about this. But I doubt it.

      • Comment removed (Score:5, Informative)

        by account_deleted ( 4530225 ) on Wednesday December 28, 2016 @12:53PM (#53566273)
        Comment removed based on user account deletion
      • by TWX ( 665546 )
        The problem is that there are so many ways to spread an infection, and that those that write malware use multiple vectors to infect, that it doesn't really matter if the user tried to do something shady and got bitten or not. Infections that the user brings down on themselves, infections brought down by ad servers, infections brought down by compromised content servers, infections that make use of network vulnerabilities in the device, infections that the users are tricked into bringing down, all very comm
      • The general public needs to learn that downloading stuff from unverified 3rd party sources is going to get you infected sooner or later.

        My younger brother recently infected a tablet I had let him borrow with this malware. I wanted to smack him in the head when he called me saying that there was some FBI warning that he couldn't get rid of, and asked if it was really the FBI.

        You would think that something would go off in their head telling them not to follow instructions to disable security settings, but I suppose most people are used to being sheep and doing what they're told instead of engaging their brains and doing some critical thinki

        • It's the Windows UAC curse. It didn't teach them that there are certain things where you should think before you act, all it taught them is that you have to click "yes" or it doesn't work.

      • Re: (Score:3, Insightful)

        by DarkOx ( 621550 )

        The general public needs to learn that downloading stuff from unverified 3rd party sources is going to get you infected sooner or later.

        Why because situations like a TV where proper sandboxing should basically be a trivial to do isn't. Sure there will be sandbox escapes and such due to bugs in the VM but that should be THE ONLY way on a smart TV. There is no good reasons 'apps' should be allowed to run unmanned code, and there is not reason they need to share data with any other apps on a TV. Its not like my phone where I need to be able to copy a number from an e-mail to my address book app. The unsafe data inputs vector should be al

        • No its not better for the user. Its better for the large manufacturers and software shops. Its about the most anti freedom thing you could possibly do. Here we are in 2016 where the opportunity for anyone to learn program (books were expensive and knowledgeable mentors were hard to come by) etc is a reality, and the tools are available (buying a decent compiler used to cost both your arms and a leg, now great ones are free), except were are taking away the ability to execute a program once you write it, unl

        • re is no good reasons 'apps' should be allowed to run unmanned code

          What is unmanned code?

  • Just wait for best buy to up sell geek squad for smart tvs

  • by Anonymous Coward

    I can't think any better demonstration of why smart TVs are such a bad idea than this. I hope this story gets as much chatter as possible.

    • I can't think any better demonstration of why smart TVs are such a bad idea than this. I hope this story gets as much chatter as possible.

      Especially with NUCs and similar becoming so cheap... All I want is a dumb display!

      • Comment removed based on user account deletion
        • All I want is a dumb display!

          Amen to that. Is hooking up a cheap media box via HDMI so difficult to do these days?

          To a lot of people, unfortunately yes. You go to your elder relative or cousin and rattle off that sentence above, they throw up their hands and exclaim "Hey! Whoa! I ain't one of those computer geniuses!!"

          It is literally rocket surgery to them... :(

          • All I want is a dumb display!

            Amen to that. Is hooking up a cheap media box via HDMI so difficult to do these days?

            To a lot of people, unfortunately yes. You go to your elder relative or cousin and rattle off that sentence above, they throw up their hands and exclaim "Hey! Whoa! I ain't one of those computer geniuses!!"

            It is literally rocket surgery to them... :(

            And you answer, "It is just a computer like on your desk, but smaller so you can stick it behind the TV." Then watch the lightbulb come on.

            • by porges ( 58715 )

              I tried to get my mother (in her 80s but, for all that, pretty tech-friendly) Netflix for her birthday, which with her 8-year-old not-Smart flatscreen would have meant a Roku box. After I explained it (for the 5th time in my life, I think), she finally announced "I don't want that stuff on my TV. It's too much." Calling it "just a computer" would not have helped. In this case, I think if it didn't require a change of HDMI input when using it she might have gone for it.

              Also, even with the Chromecast, you

            • I wish that happened, but it does not. Mainly because only gamers, businesses, and power users have any computer on any desk.

      • by Holi ( 250190 )
        Dumb displays are expensive. Look at what Samsung charges for their commercial displays (no tuners no speakers). http://www.staples.com/Samsung... [staples.com]
  • "Refuses?" (Score:5, Insightful)

    by Anonymous Coward on Wednesday December 28, 2016 @11:48AM (#53565885)

    "The company told him to visit one of their service centers, where one of its employees could reset his TV."

    funny, that seems like a legit offer of help.

    • "The company told him to visit one of their service centers, where one of its employees could reset his TV."

      funny, that seems like a legit offer of help.

      At $340... When new 4k 55 inch TVs are $400. Sounds more like a hell of a business plan!

    • "The company told him to visit one of their service centers, where one of its employees could reset his TV."

      funny, that seems like a legit offer of help.

      That's my take on it, especially with a tv that is old, no longer being produced, and with on-line instructions (probably completely standard) tried that didn't work. A support person on the phone would only walk him thru the same procedure. It's infected with ransomware. If a reboot solved that problem, it wouldn't be a problem.

    • by dhaen ( 892570 )
      Two things come to mind: 1. The LG service centre probably wanted to see the infection for themselves so they could learn how to help other customers who may have the same problem, and 2. After giving the TV a "first birthday" reset, there may be settings that they have to apply to make it customer-ready.
      • by Kagato ( 116051 )

        LG doesn't own most of it's service centers. Most of them are independent repair centers that service several brands. Having been a warranty tech in the past I can attest we don't get reimbursed for "research" work. If LG wants to see what's going on then they would ask us to replace the control board and send them broken part. Most likely they'll just force a wipe and firmware flash. OP should have bought a TV with an onsite warranty.

    • by sjames ( 1099 )

      If it didn't cost $340 it might be legit. Also, if there was a service center within any reasonable distance of anything. I went to the service center locator and entered a few valid U.S. zip codes for well populated areas and it couldn't find a single service center within 50 miles of any of them.

      So that sounds more like being blown off than offered help.

      Why not just give him the instructions for how to actually do a factory reset?

  • by PopeRatzo ( 965947 ) on Wednesday December 28, 2016 @11:49AM (#53565893) Journal

    I bought one of them Smart TVs, but it still had all the same dumb shows on it, so we put it up on a pair of sawhorses and are now using it as a dining table. Assholes at Best Buy didn't want to give me a refund.

  • when I was buying tv's a few years ago, the only models in the size I wanted were 'smart'.

    ok, no big deal. just don't give it a wifi access and don't ever let it on the net.

    simple. mine is still using factory firmware (which has bugs but the cure is worse, I'm told) and it won't ever be upgraded.

    it just runs hdmi from my htpc and that's that. I don't have cable/etc - I download what I want and watch it on the pc. bonus that the vizio sets would support 1080p@120hz and my intel skylake chip also supports

    • by SumDog ( 466607 )

      You should see if you can find an attack vector just over HDMI. That would totally get you a speaking slot at a security conference.

    • Yeah, this is one problem with so-called "smart" TVs - the whole concept ignores how people buy televisions. TV owners tend to hold onto their sets for many years, while companies (understandably) generally aren't interested in maintaining the software for a device for more than two or three years. We bought an LG smart TV back in 2011; and after the first couple years passed, the only software updates which have been available all *removed* features (Amazon, Pandora, other "features" I don't recall).

      I assu

    • by Pascoea ( 968200 ) on Wednesday December 28, 2016 @01:05PM (#53566341)

      just don't give it a wifi access and don't ever let it on the net.

      Vizio has this fun new trick. You literally can't configure the TV without their smartphone app and a wifi connection.

  • by wvmarle ( 1070040 ) on Wednesday December 28, 2016 @12:00PM (#53565965)

    "He claims LG wouldn't help him with perform factory reset of the device."

    "[...] the company told him to visit one of their service centers, where one of its employees could reset his TV."

    How's that "wouldn't help"? He obviously gets help offered. Maybe not what he hopes to get, but it's a clear offer of help getting the TV working again.

    • by HiThere ( 15173 )

      Wouldn't tell him how and wanted to charge $320...not exactly "refused", but certainly far from assisted.

      If that happened to me I might well characterize them as having refused to help me. A fuller explanation would be more accurate, but would also be so long most people wouldn't listen.

  • Do not connect the TV to the net ever or buy a commercial display with no 'SMART' features that will cease to be supported. Hook in the trusted device of your choice via HDMI. Roku, Chromecast, Pi with Kodi, PC, fire stick, you name it. Your source device will typically be much cheaper than the entire TV, faster, and better supported. Also very easy to replace if the manufacturer screws you over, while keeping the same display.
  • I want my display to be a dumb panel. Nothing good has ever come from combining two unrelated items into one package. Buy a printer/scanner/fax? Now you can't scan if you're out of toner. Good tools do one thing and do it well.

    We bought a nice Vizio with a good display. I played with the builtin apps long enough to verify that they were ancient junk that would never not suck. About that time it came out that Vizio was monitoring your content for advertising purposes [extremetech.com]

    so that completely ended the experiment.

    • by wbr1 ( 2538558 )
      Try a factory reset. Then it is off the network entirely. Never set it up for that again.
  • This case highlights a more general problem with most(not quite all, Nexus devices and a few others aren't affected) Android hardware:

    Vendors just don't supply system images. If they are in a good mood, you might get some OTA updates; and there will be some key combo that allows you to initiate a 'system restore', which may do the trick if nothing has tampered with or corrupted the 'system' side of things and just wiping the user-writeable data is good enough; but if you want to reflash the entire device
  • The efforts of TV manufacturers are half-baked or an afterthought. I have yet to find a smart tv that works better than a dedicated device. Even something as cheap as a Fire/Roku stick is a better experience.

  • by zifn4b ( 1040588 ) on Wednesday December 28, 2016 @12:10PM (#53566029)

    ...it probably is. Don't try to find some app to watch movies for free as an alternative to paying for them via approved, signed applications and you most likely will not get ransomware. If you try to find "free" stuff, you're playing the malware equivalent of Russian Roulette.

    On the note of resetting firmware, for most TV's you normally do this via the remote and the menu. However, in this particular case that won't work. There should be a way to physically hard-reset any consumer device to factory defaults without requiring an OSD. The reasons you might need to do this go beyond malware such as a power outage during a firmware upgrade or maybe (gasp) the consumer device manufacturer pushed a bad software update, bricking your consumer device.

    There is actually a way to reset your LG firmware without using the OSD though. Go to LG's website: http://www.lg.com/us/support/s... [lg.com], search for your TV model, then click on your TV's model number (found on the back of the TV). You will see modal dialog that has two links, one to the firmware and one to the software upgrade guide. The software upgrade guide walks you through the steps to put the firmware on a USB drive and upgrade it without needing to use the OSD. I found this youtube video that walks you through the whole process as well: https://www.youtube.com/watch?... [youtube.com]

    Don't go drama on tech support which in a lot of cases is outsourced to call centers full of low income incompetent idiots. If you want something done right, figure it out and do it yourself. Be your own tech support.

  • by Doke ( 23992 ) on Wednesday December 28, 2016 @12:20PM (#53566089) Homepage

    His relatives installed malware on his TV, without his permission or knowledge. He should bill them for the repair cost.

  • what if it is possible to unplug something inside, or snip a few wires, or cut a circuit board trace to turn off the internet/computer part of the TV basically disabling it so it is no longer an internet aware TV and a basic dumb TV that only handles cable/satellite or over the air broadcast TV???
  • I understand (if I do not share) the "business is business" rationale, maximizing profit regardless or morality, etc. However, I fail to understand the behavior of companies like LG, Samsung, Comcast, Verizon, etc. when they seem to act obnoxiously just because they can - i.e. they are in control, and because they can screw you, the customer, they will screw you, just because they can. Not that I was buying a lot of stuff from LG but, after this, it has definitely gained a slot in my list of companies from
  • .. was lobotomize it..
    When I first booted the TV it asked me if it was going to be used as a TV or as a monitor and I chose monitor and plugged a ROKU into it.
  • When he couldn't perform a factory reset, they told him to have it serviced. That seems like the right response to me.

    What else are they supposed to do? Step him through disassembling it over the phone? Do any consumer support lines ever go that far?

    Maybe the crypto malware tampered with just the right thing, or maybe there is a physical defect preventing the reset. At the service center, I assume they can replace whatever is necessary to resolve the problem.

    I'd be more pissed off at a company that wasted m

Fast, cheap, good: pick two.

Working...