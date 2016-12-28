Android Ransomware Infects LG Smart TV, Company 'Refuses' To Help (bleepingcomputer.com) 85
Security firms have been warning us for more than a year about the possibility of Android malware jumping from phones and tablets to other Android-powered devices, such smart TVs. The latest incident involving ransomware on a smart TV involves software engineer Darren Cauthon, who revealed that the LG smart TV of one of his family members was infected with ransomware right on Christmas day. What's worse? He claims LG wouldn't help him with perform factory reset of the device. From a report: Based on a screenshot Cauthon posted online, the smart TV appears to be infected with a version of the Cyber. Police ransomware, also known as FLocker, Frantic Locker, or Dogspectus. The infected TV is one of the last generations of LG smart TVs that ran Google TV, a smart TV platform developed by Google together with Intel, Sony, and Logitech. Google TV launched in 2010, but Google discontinued the project in June 2014. In the meantime, LG has moved on from Google TV, and the company's TVs now run WebOS. Cauthon says he tried to reset the TV to factory settings, but the reset procedure available online didn't work. When the software engineer contacted LG, the company told him to visit one of their service centers, where one of its employees could reset his TV.
LS? (Score:2, Funny)
So, will they be renaming the company to "Life Sucks"?
Re:LS? (Score:4, Informative)
While they do seem to be using that as a motto right now, LG doesn't really even stand for "Life's Good" but rather "Lucky-Goldstar", which is a combination of two brands which merged to form the company. Amusingly, while Goldstar sold electronics, Lucky was more commonly associated with detergents and hygiene products.
Re: (Score:2)
Amusingly, while Goldstar sold electronics, Lucky was more commonly associated with detergents and hygiene products.
I hope the implied irony is how the company is now refusing to help sanitize their electronic devices.
:-)
I expected no less (Score:5, Informative)
Remember this company used to be called GoldStar, best known for substandard product and nonexistent customer service in the 90s. The brand name was so thoroughly trashed they renamed themselves LG.
not a rejection, a redirection (Score:2)
but after the factory guys pull the lithium cell, or hook it to a tesla coil, or replace a module, or whatever to hard-reset the set, it's still vulnerable.
"Smart TV" is bogus. never hook an ethernet cable to one. use a Roku or Chromecast or something else cheap, easily replaceable, and disposeable if you feel the need for direct streaming.
Re: (Score:2)
It's more likely to be some masonic handshake like holding down certain buttons for exactly 2 pi seconds while standing on one leg with a pencil in your ear - which they could have read out over the phone.
Re: (Score:2)
but after the factory guys pull the lithium cell, or hook it to a tesla coil, or replace a module, or whatever to hard-reset the set, it's still vulnerable.
The circuit to pull/replace is the flux-capacitor and the TV will be fine once you get it up to 88 mph.
"the smart TV appears to be infected..." (Score:2)
"the smart TV appears to be infected..."
I guess the TV ain't so smart now...
Re: (Score:3)
Asked to detail how he got infected with the ransomware, Cauthon said "They [the relatives] said they downloaded an app to watch a movie. Halfway thru movie, tv froze. Now boots to this."
10-to-1 odds his relatives downloaded some shady app promising "free movies" (aka pirated movies), and was downloaded from a shady source. This generally doesn't happen by itself, and it's pretty rare to get infected by stuff from the official store. Yes, it happens, but the *vast* majority of Android malware is on 3rd party sites.
The general public needs to learn that downloading stuff from unverified 3rd party sources is going to get you infected sooner or later. To be perfectly honest, this is why App
Re: (Score:2)
The various branded flavours of Android on phones, tablets, and TVs are often locked into only downloading and installing apps from Google Play and/or their own branded app stores. Installing apps from 3rd parties, i.e. download the package and install it manually, is beyond most users knowledge and capabilities. It's more likely that the malware was installed from Google Play or the branded app store. Their verification and malware screening processes will always be at least a step behind the criminals.
Just wait for best buy to upsell geek squad for tv (Score:2)
Just wait for best buy to up sell geek squad for smart tvs
Re: (Score:1)
"You are not Geek Squad, you are Suicide Squad!"
Squad: "We merged."
A Perfect Illustrationk (Score:1)
I can't think any better demonstration of why smart TVs are such a bad idea than this. I hope this story gets as much chatter as possible.
Re: (Score:2)
I can't think any better demonstration of why smart TVs are such a bad idea than this. I hope this story gets as much chatter as possible.
Especially with NUCs and similar becoming so cheap... All I want is a dumb display!
Re: (Score:2)
All I want is a dumb display!
Amen to that. Is hooking up a cheap media box via HDMI so difficult to do these days?
Re: fake news (Score:1)
I think the account is probably largely accurate, what I think IS BS is this claim that the company is "refusing" to help. Sending them to a service centre and even potentially charging them for service is fine when it seems likely that this resulted from user error (downloading shady app to watch film for free).
Yeah, somebody is trying to make this story bigger than it really is.
"Refuses?" (Score:5, Insightful)
"The company told him to visit one of their service centers, where one of its employees could reset his TV."
funny, that seems like a legit offer of help.
Re: "Refuses?" (Score:1)
Re: "Refuses?" (Score:4, Insightful)
an untrustworthy user whose relative installed a trojan malware to play a pirated movie.
He's lucky LG gave him the time of day. He richly deserves the trouble he's having.
Re: "Refuses?" (Score:1)
Re: (Score:2)
I suppose you don't think newbies who get duped into the same problem deserve Microsoft's help reinstalling Windows either
They deserve MS's help, but I would expect them to pay for it. The issue at hand isn't that the guy COULDN'T take it to a service center, as requested by LG, is that he didn't feel as though he should have to pay for it. If I screw up my computer by installing a 3rd party application it would be ridiculous to expect MS to fix it for free.
Re: (Score:2)
Re: (Score:2)
...just like guns "can be exploited" to shoot people, and vehicles "can be exploited" to run over them.
It's a very dangerous argument you're making, that liability is derived from the end condition, rather than the initial effort. As long as LG put forth a reasonable effort to ensure that their products are free from defects, which seems likely considering the product timeline, LG is very unlikely to be at fault here.
I'll also note a bit from TFA:
It is unclear at this moment if Cauthon's relative downloaded an app from the official Play Store, or from a third-party source.
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
Re: (Score:3)
Re: (Score:1)
Read the article they want $340 for the service
Re: "Refuses?" (Score:1)
Re: (Score:2)
It is totally reasonable to expect a customer to hop a plane to the nearest service center. Absolutely.
Can you stick a TV in carry on?
Re: "Refuses?" (Score:1)
Re: (Score:2)
"The company told him to visit one of their service centers, where one of its employees could reset his TV."
funny, that seems like a legit offer of help.
At $340... When new 4k 55 inch TVs are $400. Sounds more like a hell of a business plan!
Re: (Score:2)
Ever notice that when a sentence starts off, "I like how
...," the rest of it is a sophomoric diatribe about how the author doesn't actually, " ... like how ...?"
Re: (Score:2)
"The company told him to visit one of their service centers, where one of its employees could reset his TV."
funny, that seems like a legit offer of help.
That's my take on it, especially with a tv that is old, no longer being produced, and with on-line instructions (probably completely standard) tried that didn't work. A support person on the phone would only walk him thru the same procedure. It's infected with ransomware. If a reboot solved that problem, it wouldn't be a problem.
Re: (Score:2)
And that would be the locally available service center. And a fee.
One of the big lies about modern electronics is that they are repairable. Sort of, often. TVs are particularly difficult, with the lack of data the biggest problem. And service data is too precious to be let out of the system, so we no longer can even hope to repair a modern TV ourselves. Even for this issue, a reset.
Not good.
Re: (Score:2)
The big lie about modern electronics is that they're easily repairable.
Yes, the TV in question can be repaired. Mr. Cauthon can disassemble the thing, remove the boards, desolder the flash memory, attach it to a reader/programmer, change bits to match a known-good unit, then rebuild the entire thing to see if it works. It's not going to be easy, but it will work... Of course doing it that way would cost a lot more than just replacing the board with a spare and resetting the memory, so that's what the servic
Re: (Score:2)
they'll be wiping its memory and re flashing it entirely. hence send it to a service center.
And the $340 to do so is no big deal...
Re: (Score:2)
Only $340 to have a qualified technician disassemble a large electronic device, connect specialized repair equipment, and perform the repair, then reassemble the device again to meet original specifications, perform a functionality test, and recertify the device?
$30/hour for 10 hours (plus about 10% overhead) sounds pretty cheap, actually... or would you prefer that the cost of such repairs just already be worked into the cost of the initial product, which was sold several years ago and was perfectly suitab
So-called Smart TV (Score:3)
I bought one of them Smart TVs, but it still had all the same dumb shows on it, so we put it up on a pair of sawhorses and are now using it as a dining table. Assholes at Best Buy didn't want to give me a refund.
Re: (Score:2)
After the cutlery scratched it up, who can blame them for not taking it back?
4 Year Old TV (Score:1)
Trying to load some off the wall app and they get ransom-ware instead.
Who'd of thunk it!
Re: (Score:2)
Re: (Score:2)
TV's should be supported for at least 10 years, and should be in as much of a walled sandbox as possible. We have a TV that is now almost 9 years old, and thankfully it is not "smart". I actively avoid "smart" stuff, I just don't see any real upside for a "smart" toaster, fridge, oven thermometers, etc. Instead I see tons of downside.
Companies churn through new stuff on a yearly basis and rarely support any older stuff, so that "smart" stuff quickly stops shipping apps to support it, and it is only a mat
had to buy a smart tv, but don't have to IP it (Score:2)
when I was buying tv's a few years ago, the only models in the size I wanted were 'smart'.
ok, no big deal. just don't give it a wifi access and don't ever let it on the net.
simple. mine is still using factory firmware (which has bugs but the cure is worse, I'm told) and it won't ever be upgraded.
it just runs hdmi from my htpc and that's that. I don't have cable/etc - I download what I want and watch it on the pc. bonus that the vizio sets would support 1080p@120hz and my intel skylake chip also supports
Re: (Score:2)
You should see if you can find an attack vector just over HDMI. That would totally get you a speaking slot at a security conference.
Re: (Score:2)
Yeah, this is one problem with so-called "smart" TVs - the whole concept ignores how people buy televisions. TV owners tend to hold onto their sets for many years, while companies (understandably) generally aren't interested in maintaining the software for a device for more than two or three years. We bought an LG smart TV back in 2011; and after the first couple years passed, the only software updates which have been available all *removed* features (Amazon, Pandora, other "features" I don't recall).
I assu
Re: (Score:2)
just don't give it a wifi access and don't ever let it on the net.
Vizio has this fun new trick. You literally can't configure the TV without their smartphone app and a wifi connection.
Re: (Score:2)
By requesting a service fee that pretty much equals buying a new TV
Re: (Score:2)
Re: (Score:2)
LG "smart" TVs used to be based on Google TV, which was discontinued a couple years ago.
I know, I know, it's hard to believe a Google offering got discontinued...
What's the problem, really? (Score:2)
"He claims LG wouldn't help him with perform factory reset of the device."
"[...] the company told him to visit one of their service centers, where one of its employees could reset his TV."
How's that "wouldn't help"? He obviously gets help offered. Maybe not what he hopes to get, but it's a clear offer of help getting the TV working again.
Re: (Score:2)
RTFA. The cost of that "help" is more than the TV was worth.
Re: (Score:2)
"Refuses to help" and "refuses to help for free" aren't the same thing.
Re: (Score:2)
Wouldn't tell him how and wanted to charge $320...not exactly "refused", but certainly far from assisted.
If that happened to me I might well characterize them as having refused to help me. A fuller explanation would be more accurate, but would also be so long most people wouldn't listen.
Easy solution... (Score:2)
I hate smart TVs, and so should you (Score:2)
I want my display to be a dumb panel. Nothing good has ever come from combining two unrelated items into one package. Buy a printer/scanner/fax? Now you can't scan if you're out of toner. Good tools do one thing and do it well.
We bought a nice Vizio with a good display. I played with the builtin apps long enough to verify that they were ancient junk that would never not suck. About that time it came out that Vizio was monitoring your content for advertising purposes [extremetech.com]
so that completely ended the experiment.
Re: (Score:2)
A more general problem... (Score:2)
Vendors just don't supply system images. If they are in a good mood, you might get some OTA updates; and there will be some key combo that allows you to initiate a 'system restore', which may do the trick if nothing has tampered with or corrupted the 'system' side of things and just wiping the user-writeable data is good enough; but if you want to reflash the entire device
Smart is an after thought (Score:2)
The efforts of TV manufacturers are half-baked or an afterthought. I have yet to find a smart tv that works better than a dedicated device. Even something as cheap as a Fire/Roku stick is a better experience.
If it sounds too good to be true... (Score:2)
...it probably is. Don't try to find some app to watch movies for free as an alternative to paying for them via approved, signed applications and you most likely will not get ransomware. If you try to find "free" stuff, you're playing the malware equivalent of Russian Roulette.
On the note of resetting firmware, for most TV's you normally do this via the remote and the menu. However, in this particular case that won't work. There should be a way to physically hard-reset any consumer device to factory def
Just bill the relatives for the repair (Score:2)
His relatives installed malware on his TV, without his permission or knowledge. He should bill them for the repair cost.
i wonder how those things are wired (Score:2)
Why do companies have to be that obnoxious? (Score:2)
Who's responsible for ransomware ... (Score:2)
... and getting rid of it when the fucking TV didn't ship with it?
It could be within the scope of the app store or a side load, but it's not the goddam hardware.
Malware through HDMI Cable (Score:1)
I guess it is possible to infect a TV through the HDMI cable if it acts as an Ethernet cable, but can it infect it through the other bits that flows through it? Maybe something in CEC or a video/sound that causes an buffer overflow.
Just wondering what else that HDMI cable can transport. There are devices that filter out stuff like HDCP, maybe need device to filter CEC.