What just happened? The Electronic Frontier Foundation (EFF) has urged the Federal Trade Commission to act against resellers of Chinese-made Android TV set-top boxes and mobile devices on platforms like Amazon and AliExpress. In a letter to the FTC commissioners, the EFF claimed that devices manufactured by companies like AllWinner and RockChip often ship with pre-installed malware that could expose buyers to "unfair risk."
The letter claims that every time these infected set-top boxes are switched on and connected to the internet, they immediately start communicating with botnet servers and click-fraud networks that are extensively used by cybercriminals to make advertising money by producing bogus ad clicks. Additionally, the malware lets the criminals use the buyers' internet connections as proxies for their illegal activities, possibly exposing them to "significant legal risk."
According to the EFF, the fraudulent activity happens in the background without the knowledge of the users, who remain incapable of doing anything about it, especially if they don't have extensive technical know-how. To curb the menace of malware-infested Android TV boxes, the EFF wants the FTC to issue sanctions against Amazon and other retailers, which it says will provide a "powerful incentive" for them to pull these products from the market to protect innocent customers.
According to a Human Security report cited by the EFF, the malware found in the set-top boxes is a variant of the Triada trojan, which is said to be installed by third-party resellers after the boxes are shipped from the factory. This, according to the EFF, constitutes a "supply-chain attack on consumer-based Internet of Things devices," so it also sent a letter to Cybersecurity and Infrastructure Security Agency Director Jen Easterly.
Android TV boxes can be used to watch live TV and OTT services, such as Netflix, Amazon Prime Video, Disney+, Hulu, and more. They not only help transform 'dumb' televisions into smart TVs, but are also helpful in bringing the latest content to older smart TVs no longer supported by their manufacturer.
Jailbroken Android TV boxes are popular on Amazon, AliExpress and other online retailers, as they allow buyers to watch content that they otherwise might not be able to. However, the notion that they could be infested with malware is a scary reminder that people should stick to buying electronic devices from trusted sellers so that they do not compromise their privacy and digital security.