EFF urges FTC to sanction Amazon for selling malware-loaded Android TV boxes

DragonSlayer101

Posts: 367   +2
Staff
What just happened? The Electronic Frontier Foundation (EFF) has urged the Federal Trade Commission to act against resellers of Chinese-made Android TV set-top boxes and mobile devices on platforms like Amazon and AliExpress. In a letter to the FTC commissioners, the EFF claimed that devices manufactured by companies like AllWinner and RockChip often ship with pre-installed malware that could expose buyers to "unfair risk."

The letter claims that every time these infected set-top boxes are switched on and connected to the internet, they immediately start communicating with botnet servers and click-fraud networks that are extensively used by cybercriminals to make advertising money by producing bogus ad clicks. Additionally, the malware lets the criminals use the buyers' internet connections as proxies for their illegal activities, possibly exposing them to "significant legal risk."

According to the EFF, the fraudulent activity happens in the background without the knowledge of the users, who remain incapable of doing anything about it, especially if they don't have extensive technical know-how. To curb the menace of malware-infested Android TV boxes, the EFF wants the FTC to issue sanctions against Amazon and other retailers, which it says will provide a "powerful incentive" for them to pull these products from the market to protect innocent customers.

According to a Human Security report cited by the EFF, the malware found in the set-top boxes is a variant of the Triada trojan, which is said to be installed by third-party resellers after the boxes are shipped from the factory. This, according to the EFF, constitutes a "supply-chain attack on consumer-based Internet of Things devices," so it also sent a letter to Cybersecurity and Infrastructure Security Agency Director Jen Easterly.

Android TV boxes can be used to watch live TV and OTT services, such as Netflix, Amazon Prime Video, Disney+, Hulu, and more. They not only help transform 'dumb' televisions into smart TVs, but are also helpful in bringing the latest content to older smart TVs no longer supported by their manufacturer.

Jailbroken Android TV boxes are popular on Amazon, AliExpress and other online retailers, as they allow buyers to watch content that they otherwise might not be able to. However, the notion that they could be infested with malware is a scary reminder that people should stick to buying electronic devices from trusted sellers so that they do not compromise their privacy and digital security.

Permalink to story.

 
Unafir risk lol
describe 'fair risk' plz

The risking is business, and the business is good
 
Allwinner and Rockchip do not create those set top boxes. They make ARM SOCs so it's unlikely they have any say in the manufacture of those malware devices. Targeting them would be pointless.
Unless allwinner/rockchip are making and selling devices using their own chips which contain malware.
 
Allwinner and Rockchip do not create those set top boxes. They make ARM SOCs so it's unlikely they have any say in the manufacture of those malware devices. Targeting them would be pointless.
This is correct.

Unless allwinner/rockchip are making and selling devices using their own chips which contain malware.
Chips don't contain malware. Firmware can, but the fabs of the SOCs don't write the firmware.
 
Back