Smart TVs aren't immune to ransomware as one user recently found out

Shawn Knight

Posts: 12,316   +120
Staff member

Security experts for years have been warning consumers that smart TVs are a prime target for hackers. Aside from the fact that sets with microphones and cameras can serve as excellent eavesdropping devices, we’re now seeing connected TVs being hit with ransomware.

As Bleeping Computer highlights, software engineer Darren Cauthon recently posted a photo on Twitter of a family member’s LG smart TV (model 50GA6400) that had been bricked by Android malware. Based on the image, the publication believes the set was infected with a version of the Cyber.Police ransomware, sometimes referred to as FLocker, Frantic Locker or Dogspectus.

The set in question is said to be one of the last models running Google TV before LG switched to webOS. Cauthon said he originally purchased the set for himself before passing it along to a family member.

The hacker demanded $500 to unlock the set but Cauthon wasn’t going to pay. Instead, he attempted to reset the TV to its factory condition but was unable to do so. He then reached out to LG for help.

Rather than instruct him on how to perform the factory reset, LG told him to take the set to a local service center where he would be charged a whopping $340. At that price, it’d probably be cheaper to buy a new TV outright.

LG ultimately had a change of heart (likely due to the attention the story generated on social media) and provided Cauthon with instructions on how to perform a factory reset – a process he recorded and posted on YouTube.

Permalink to story.

 

yRaz

Posts: 3,320   +2,773
Why does everything have to be smart? Can't I just have a TV and add functionality to it if I so choose? Those Korean "monitors" are looking better and better every single day. My set top box has the same smart features as my smart TV.
 

Skidmarksdeluxe

Posts: 8,645   +3,281
What a ripoff. Why does that poor sucker have to be saddled with the bill for LG's p!ss poor software security? Had it been me, I would've just tossed the TV away and bought another one from another manufacturer (probably with the same poor security implemented). IoT??? Good luck early adopting, overcharged guinea pigs but I guess somebody has to do it.
 

Evernessince

Posts: 5,102   +5,346
Why does everything have to be smart? Can't I just have a TV and add functionality to it if I so choose? Those Korean "monitors" are looking better and better every single day. My set top box has the same smart features as my smart TV.
Exactly. There are so many devices on the cheap I can get to add or far exceed the functionality that smart TVs have. All these TV manufacturers are doing is collecting data, introducing more security issues, and bloating the complexity and cost of TVs.
 
If that TV really was infected then the user caused it. The .apk to install it was not downloaded from the google store. That would be a much bigger story. I've been known to root anything running android since Éclair came out and have bricked some tablets myself by accident. Chances are they tried a sideload or unauthorized method of installation if this did in fact happen. There were smart tvs running jellybean in 2013 but now LG uses WebOS. The first generation smart tvs didn't have a sideload or 3rd party app option. He said the TV is 4 years old which makes sense but the option to install malware was not there and google apps is a clean ecosystem so that app wouldn't be published and released on google apps. Either way I work in IT Security and saw this story in an email years ago
 

mcborge

Posts: 599   +486
This is why I haven't connected my smart tv or smart blu-ray player... What ever I cant get through my tivo, I get through my nuc... which does have full security.
 
LG is a garbage product and company. I've had 2 tvs under 2 years old blow out (Reading Amazon reviews, this is not a fluke), plus my 4 yr Fridge has had it's panel replace once already, and I still get an error code.

I even went to shut my fridge door, and a piece of plastic came shooting out. Now the door hangs and doesn't shut right.

I finally went with Samsung tvs. I'll never buy an LG product again.
 
LG is a garbage product and company. I've had 2 tvs under 2 years old blow out (Reading Amazon reviews, this is not a fluke), plus my 4 yr Fridge has had it's panel replace once already, and I still get an error code.

I even went to shut my fridge door, and a piece of plastic came shooting out. Now the door hangs and doesn't shut right.

I finally went with Samsung tvs. I'll never buy an LG product again.
Samsung TV are the worst. All kinds of Tech problems and with the release of a new series they no longer update your system. Customer service sucks too. Get a Visio. Great product and customer service.
 

risc32

Posts: 209   +96
LG is a garbage product and company. I've had 2 tvs under 2 years old blow out (Reading Amazon reviews, this is not a fluke), plus my 4 yr Fridge has had it's panel replace once already, and I still get an error code.

I even went to shut my fridge door, and a piece of plastic came shooting out. Now the door hangs and doesn't shut right.

I finally went with Samsung tvs. I'll never buy an LG product again.
I had a samsung dishwasher. if it wasn't for me being mcgyver everytime there was a fault, I would have used it to see just how far I could throw a dishwasher in anger. but google your favorite brand for complaints, you won't like what you find.
 

Jennax1985

Posts: 16   +5
This is the number one reason why I don't bother using nor connect my smart devices to the internet. I always download software updates through my PC in an OS within a WM so that I can check the integrity of the file and not risk my home network. It's getting harder to trust files from the Internet since this stupid ransomware first started showing up. AI's will be useful combating this type of threat... it's just an ethical debate from that point on though. I also don't bother using any smart features of my TV when I have my gaming PC connected to my 65 inch LG OLED TV and I can better monitor the overall integrity of the PC than the far less secure smart TV OS.
 
  • Like
Reactions: mcborge

Roush60

Posts: 23   +13
That is one of the reasons my "smart" TV is not connected to my wi-fi network, nor is my DTV receiver. One of the other reasons is that I have DSL level speeds, 1.5 Mb download, so it is fruitless to try to use any of the apps on the TV or use the download feature on the DTV receiver to try and watch shows we might have missed by accident.
 

Roush60

Posts: 23   +13
This is the number one reason why I don't bother using nor connect my smart devices to the internet. I always download software updates through my PC in an OS within a WM so that I can check the integrity of the file and not risk my home network. It's getting harder to trust files from the Internet since this stupid ransomware first started showing up. AI's will be useful combating this type of threat... it's just an ethical debate from that point on though. I also don't bother using any smart features of my TV when I have my gaming PC connected to my 65 inch LG OLED TV and I can better monitor the overall integrity of the PC than the far less secure smart TV OS.
AMEN. The only things connected to my home wi-fi is my son's computer and smart phone. The primary home computer is hard wired.
 

wiyosaya

Posts: 5,265   +3,365
Even if the TV is "smart" does not mean that it needs to be connected to the internet. In my case, I only use my "TV" as a monitor for my HTPC.
 

EClyde

Posts: 2,220   +869
LG is a garbage product and company. I've had 2 tvs under 2 years old blow out (Reading Amazon reviews, this is not a fluke), plus my 4 yr Fridge has had it's panel replace once already, and I still get an error code.

I even went to shut my fridge door, and a piece of plastic came shooting out. Now the door hangs and doesn't shut right.

I finally went with Samsung tvs. I'll never buy an LG product again.
I bought an LG BluRay and it works well for about 5 years now. They won't update the firmware so I can continue to watch Youtube with it. I won't buy LG if I can help it
 

Kenrick

Posts: 631   +401
I can't find any information about how the malware was installed. Were they side-loading apps? There has to be more to the story.
Probably a user who wants free and dont want to pay in play store found an apk online and turned off "trusted sources" only. Then post it in the internet if something bad happen, will gain people's sympathy, and the manufacturer will do the right thing because their image is at stake.
 

Trillionsin

Posts: 1,871   +457
I like how we didn't get to see if the fix even worked... -.-
or that he didnt wipe the cache.

(...I mean, it still could have been okay and cleared everything out, but in my experience sometimes you also have to wipe the cache. )
 

Abraka

Posts: 176   +54
What's funny is that those really are government hackers. The organization standing behind those attacks are related to FBI and NSA. They are doing those hacks for years, and nobody can catch them. In all other cases, hackers are quickly caught and punished. But in this case, "nobody can catch them" and they have earned hundreds of millions of dollars. Because they work for the spying agencies. They are protected by the government to extort the illegal tax from their citizens (and not just the US citizens, but all over the world).