UPDATE [December 29, 2016]: LG has stepped in and helped Cauthon unlock his TV, who also recorded a video of the TV factory reset procedure and uploaded on YouTube. The original article is available below.
Security firms have been warning us for more than a year about the possibility of Android malware jumping from phones and tablets to other Android-powered devices, such smart TVs.
The latest incident involving ransomware on a smart TV involves software engineer Darren Cauthon, who revealed that the LG smart TV of one of his family members was infected with ransomware right on Christmas day.
Based on a screenshot Cauthon posted online, the smart TV appears to be infected with a version of the Cyber.Police ransomware, also known as FLocker, Frantic Locker, or Dogspectus.
The infected TV is one of the last generations of LG smart TVs that ran Google TV, a smart TV platform developed by Google together with Intel, Sony, and Logitech. Google TV launched in 2010, but Google discontinued the project in June 2014.
In the meantime, LG has moved on from Google TV, and the company's TVs now run WebOS, an open-source Linux kernel-based multitask operating system.
Ransomware asks for $500 to unlock device, LG asks for $340 to help
Cauthon says he tried to reset the TV to factory settings, but the reset procedure available online didn't work. When the software engineer contacted LG, the company told him to visit one of their service centers, where one of its employees could reset his TV.
This angered Cauthon because factory reset procedures shouldn't be secret, but also because the service center visit implied a $340 bill. The ransomware asked Cauthon to pay $500 to unlock his TV.
As one commenter on Twitter pointed out, it would be cheaper to buy a new TV. "Avoid these 'smart tvs' like the plague," Cauthon added following his discussion with LG.
TV infected by installing mysterious app
Asked to detail how he got infected with the ransomware, Cauthon said "They [the relatives] said they downloaded an app to watch a movie. Halfway thru movie, tv froze. Now boots to this."
It is unclear at this moment if Cauthon's relative downloaded an app from the official Play Store, or from a third-party source.
Twitter users didn't wait for this confirmation, and one user was quick to answer Cauthon: "Someone downloaded an app on an ancient tv to watch pirated movies. Suddenly all SmartTVs are bad?"
Ransomware on smart TVs is going to be a big problem
In November 2015, Symantec researchers conducted a test and installed ransomware on a smart TV. Even if the researcher who conducted the test was an expert on Android malware and was a very skilled professional, he found it very difficult to remove the malware from the infected TV, a task he said would be extremely difficult and nearly impossible for a non-technical user.
The same test was repeated three months later by researchers from Trend Micro, who arrived at the same conclusion.
Malware targeting smart TVs is not that common, but when it hits it's usually extremely difficult to deal with. For example, in January 2016, a user had a hard time removing a basic browser scareware (tech support scam). The infected TV was also an LG TV.
In June 2016, Trend Micro reported that smart TVs were regularly targeted by ransomware, with the most active threat being Cyber.Police (FLocker).
In the meantime, Google has started working on Android TV, an Android-based smart TV platform, similar to Google TV, meaning that Android malware remains a valid threat for a large chunk of the smart TV market.
Comments
inkoalawetrust - 7 years ago
thats what you get for wasting hundrends on some "smart" TV when you can just buy a traditional one
timcook8 - 7 years ago
This is being contested as a hoax by one of my followers. Need some input. There were smart tvs running jellybean in 2013 but now LG uses WebOS. The first generation smart tvs didn't have a sideload or 3rd party app option. He said the TV is 4 years old which makes sense but the option to install malware was not there and google apps is a clean ecosystem so that app wouldn't be published and released on google apps. Either way I work in IT Security and saw this story in an email years ago
timcook8 - 7 years ago
If that TV really was infected then the user caused it. The .apk to install it was not downloaded from the google store. That would be a much bigger story. I've been known to root anything running android since Éclair came out and have bricked some tablets myself by accident. Chances are they tried a sideload or unauthorized method of installation if this did in fact happen.
rcarbone - 7 years ago
Whether or not this story is current or dated, is there any recommended protection to help prevent attacks?
jdlee - 7 years ago
either the user rooted their tv's android version and installed an unauthorized app which voids LG's warranty or they are lying about it being infected.
woody188 - 7 years ago
If GoogleTV included a version of Chrome (seems it did) it could be possible to side load an app from the web via a Chrome sploit or plugin. There have been quite a few remote code vulns in Chrome lately. Could these vulns also be in the defunct GoogleTV? Yup.
The lure of free movies and shows gets the best of people.
DodoIso - 7 years ago
rcarbone, the best protection is to disconnect all devices from any network, if not possible, at least off the Internet to better manage the risks.
Warthog-Fan - 6 years ago
I don't get it. Android has been proven to be an OS that is full of holes as far as security goes. Why would anyone want to continue to push this OS on users, knowing that it is going to be exploited. One more reason that I will not use any device that has Android for an OS.