TechSpot giveaway: Win a DJI Spark drone & a Star Wars BB-8 droid

Smart TVs aren't immune to ransomware as one user recently found out

By Shawn Knight · 27 replies
Dec 29, 2016
Post New Reply
  1. Security experts for years have been warning consumers that smart TVs are a prime target for hackers. Aside from the fact that sets with microphones and cameras can serve as excellent eavesdropping devices, we’re now seeing connected TVs being hit with ransomware.

    As Bleeping Computer highlights, software engineer Darren Cauthon recently posted a photo on Twitter of a family member’s LG smart TV (model 50GA6400) that had been bricked by Android malware. Based on the image, the publication believes the set was infected with a version of the Cyber.Police ransomware, sometimes referred to as FLocker, Frantic Locker or Dogspectus.

    The set in question is said to be one of the last models running Google TV before LG switched to webOS. Cauthon said he originally purchased the set for himself before passing it along to a family member.

    The hacker demanded $500 to unlock the set but Cauthon wasn’t going to pay. Instead, he attempted to reset the TV to its factory condition but was unable to do so. He then reached out to LG for help.

    Rather than instruct him on how to perform the factory reset, LG told him to take the set to a local service center where he would be charged a whopping $340. At that price, it’d probably be cheaper to buy a new TV outright.

    LG ultimately had a change of heart (likely due to the attention the story generated on social media) and provided Cauthon with instructions on how to perform a factory reset – a process he recorded and posted on YouTube.

    Permalink to story.

     
  2. yRaz

    yRaz Nigerian Prince Posts: 2,216   +1,292

    Why does everything have to be smart? Can't I just have a TV and add functionality to it if I so choose? Those Korean "monitors" are looking better and better every single day. My set top box has the same smart features as my smart TV.
     
    lripplinger and Evernessince like this.
  3. Theinsanegamer

    Theinsanegamer TS Evangelist Posts: 734   +727

    And this is why you never, ever connect IoT or "smart" tech to the internet. Just use a set top box FFS!.
     
  4. Skidmarksdeluxe

    Skidmarksdeluxe TS Evangelist Posts: 8,461   +3,180

    What a ripoff. Why does that poor sucker have to be saddled with the bill for LG's p!ss poor software security? Had it been me, I would've just tossed the TV away and bought another one from another manufacturer (probably with the same poor security implemented). IoT??? Good luck early adopting, overcharged guinea pigs but I guess somebody has to do it.
     
  5. Evernessince

    Evernessince TS Evangelist Posts: 1,861   +1,064

    Exactly. There are so many devices on the cheap I can get to add or far exceed the functionality that smart TVs have. All these TV manufacturers are doing is collecting data, introducing more security issues, and bloating the complexity and cost of TVs.
     
  6. Skyyy

    Skyyy TS Rookie Posts: 18

    I can't find any information about how the malware was installed. Were they side-loading apps? There has to be more to the story.
     
    Kenrick and hahahanoobs like this.
  7. Kibaruk

    Kibaruk TechSpot Paladin Posts: 3,220   +856

    But almost every model you see nowadays is "smart".
     
  8. Tim Cook

    Tim Cook TS Rookie

    If that TV really was infected then the user caused it. The .apk to install it was not downloaded from the google store. That would be a much bigger story. I've been known to root anything running android since Éclair came out and have bricked some tablets myself by accident. Chances are they tried a sideload or unauthorized method of installation if this did in fact happen. There were smart tvs running jellybean in 2013 but now LG uses WebOS. The first generation smart tvs didn't have a sideload or 3rd party app option. He said the TV is 4 years old which makes sense but the option to install malware was not there and google apps is a clean ecosystem so that app wouldn't be published and released on google apps. Either way I work in IT Security and saw this story in an email years ago
     
  9. davislane1

    davislane1 Inquisitor Posts: 4,677   +3,703

    No.
     
  10. mcborge

    mcborge TS Guru Posts: 415   +268

    This is why I haven't connected my smart tv or smart blu-ray player... What ever I cant get through my tivo, I get through my nuc... which does have full security.
     
  11. treetops

    treetops TS Evangelist Posts: 2,038   +201

    your stb can be infected too....
     
  12. EClyde

    EClyde TS Evangelist Posts: 1,151   +364

    I watch the girl next door.
     
    wastedkill likes this.
  13. TYPE O NEGATIVE

    TYPE O NEGATIVE TS Rookie

    LG is a garbage product and company. I've had 2 tvs under 2 years old blow out (Reading Amazon reviews, this is not a fluke), plus my 4 yr Fridge has had it's panel replace once already, and I still get an error code.

    I even went to shut my fridge door, and a piece of plastic came shooting out. Now the door hangs and doesn't shut right.

    I finally went with Samsung tvs. I'll never buy an LG product again.
     
  14. Dustyn

    Dustyn TS Enthusiast Posts: 51   +12

    I like how we didn't get to see if the fix even worked... -.-
     
  15. mysqueaks

    mysqueaks TS Rookie

    Samsung TV are the worst. All kinds of Tech problems and with the release of a new series they no longer update your system. Customer service sucks too. Get a Visio. Great product and customer service.
     
  16. risc32

    risc32 TS Addict Posts: 209   +96

    I had a samsung dishwasher. if it wasn't for me being mcgyver everytime there was a fault, I would have used it to see just how far I could throw a dishwasher in anger. but google your favorite brand for complaints, you won't like what you find.
     
  17. Theinsanegamer

    Theinsanegamer TS Evangelist Posts: 734   +727

    The STB is far, FAR more likely to be receiving security updates from the manufacturer then any "smart" TV. And as a result, is far less likely to be pwned like this.
     
  18. Jennax1985

    Jennax1985 TS Rookie

    This is the number one reason why I don't bother using nor connect my smart devices to the internet. I always download software updates through my PC in an OS within a WM so that I can check the integrity of the file and not risk my home network. It's getting harder to trust files from the Internet since this stupid ransomware first started showing up. AI's will be useful combating this type of threat... it's just an ethical debate from that point on though. I also don't bother using any smart features of my TV when I have my gaming PC connected to my 65 inch LG OLED TV and I can better monitor the overall integrity of the PC than the far less secure smart TV OS.
     
    mcborge likes this.
  19. Roush60

    Roush60 TS Rookie

    That is one of the reasons my "smart" TV is not connected to my wi-fi network, nor is my DTV receiver. One of the other reasons is that I have DSL level speeds, 1.5 Mb download, so it is fruitless to try to use any of the apps on the TV or use the download feature on the DTV receiver to try and watch shows we might have missed by accident.
     
  20. Roush60

    Roush60 TS Rookie

    AMEN. The only things connected to my home wi-fi is my son's computer and smart phone. The primary home computer is hard wired.
     
  21. wiyosaya

    wiyosaya TS Evangelist Posts: 1,643   +575

    Even if the TV is "smart" does not mean that it needs to be connected to the internet. In my case, I only use my "TV" as a monitor for my HTPC.
     
  22. EClyde

    EClyde TS Evangelist Posts: 1,151   +364

    I bought an LG BluRay and it works well for about 5 years now. They won't update the firmware so I can continue to watch Youtube with it. I won't buy LG if I can help it
     
  23. Kenrick

    Kenrick TS Evangelist Posts: 476   +303

    Probably a user who wants free and dont want to pay in play store found an apk online and turned off "trusted sources" only. Then post it in the internet if something bad happen, will gain people's sympathy, and the manufacturer will do the right thing because their image is at stake.
     
  24. Trillionsin

    Trillionsin TS Evangelist Posts: 1,563   +241

    or that he didnt wipe the cache.

    (...I mean, it still could have been okay and cleared everything out, but in my experience sometimes you also have to wipe the cache. )
     
  25. Abraka

    Abraka TS Rookie Posts: 16   +8

    What's funny is that those really are government hackers. The organization standing behind those attacks are related to FBI and NSA. They are doing those hacks for years, and nobody can catch them. In all other cases, hackers are quickly caught and punished. But in this case, "nobody can catch them" and they have earned hundreds of millions of dollars. Because they work for the spying agencies. They are protected by the government to extort the illegal tax from their citizens (and not just the US citizens, but all over the world).
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...