TVs Now 'Smart' Enough To Get Hijacked, Pick Up Malware
from the what-a-time-to-be-alive! dept
Hook a "smart" TV up to a "dumb" pipe and this is the inevitable result.
In a comment on Reddit this week, user “moeburn” raised the possibility of new malware circulating for Smart TVs:
My sister got a virus on her TV. A VIRUS ON HER GODDAMN TV.
It was an LG Smart TV with a built in web browser, and she managed to get a DNS Hijacker that would say “Your computer is infected please send us money to fix it” any time she tried to do anything on the TV.
The Reddit post included this image:
If a TV can surf the web, it can be hijacked or pick up malware. It's a little tougher to make malware stick to smart TV browsers, but while the commenter's outrage might be warranted, shock isn't.
SecureList dug into this hijacker and has both good news and bad news. The good news is this particular version was only live for a few days and disappeared more than four months ago. The bad news is that there's nothing particularly unique about the attempted hijacking. Multiple domains served as hosts for the malware, including a handful at Amazon's cloud services.
It's not a new threat, but spotting it on a smart TV is rather novel. SecureList chased down other versions of the same scammy Javascript -- which prompts people to call a phone number to "protect" their TV from malware -- including this fantastic bit of non-native English that both impersonates a Chrome warning page and suggests your TV is now a portal to a vast selection of retail outlets.
Fortunately, it appears this hijacking can be easily dodged. Even though the code prevents browsers from closing the dialog box (it will just pop up again), the threat can be nullified in other ways.
We also ran the file on a Samsung Smart TV and got the same result. It was possible to close the browser, but it did not change any browser or DNS settings. Turning it off and on again solved the problem as well. It is possible that other malware was involved in the case reported on Reddit, that changed the browser or network settings.As SecureList points out, it's not a smart TV-directed threat. It's just something that will attack any browser on any device. Other variants may change browser settings or attempt to dump a malware payload, but this one appears incapable of doing so. And while it's only a matter of time before this becomes more widespread, there are a number of factors limiting attacks on smart TVs.
But this is coupled with more bad news: if it has a browser, it can be attacked. Someone's going to end up with a "ransomed" TV at some point… or a fridge… or anything else a manufacturer has decided would be more attractive to consumers with added connectivity.
- Smart TVs are not often used to surf the web and users seldom install any app from web pages other than the vendor’s App Store – as it is the case with mobile devices
- Vendors are using different operating systems: Android TV, Firefox OS, Tizen, WebOS.
- Hardware and OS may even change from series to series, causing malware to be incompatible.
- There are by far fewer users surfing the web or reading email on the TV compared to PCs or mobile devices.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
Missed one
You left out a rather large reason why the attackers might be interested in targeting 'smart' devices like tvs:
The built in security is often laughable, if it exists at all.
Combine pathetic security with the makers of the 'smart' devices trying to grab as much data as they can for advertising purposes, not to mention the 'convenience' of having multiple devices linked together allowing the weakest link to act as a security hole for other devices that would otherwise be more secure, and while 'smart' devices may present problems for attackers, they also offer some very tempting targets.
[ link to this | view in chronology ]
Re: Missed one
Smart TVs suffer from the corporate blinders of nothing bad came come from this.
We have an awesome idea and everything will be perfect.
Budget for security? Why would we waste money on that?
Nothing bad will happen and even if bad things happen it'll be down the road while we are making money today.
Stick a computer in everything!!! We can charge 3 times the price, it'll be great! As more of these enter the market, there will be more targeted attacks...
[ link to this | view in chronology ]
Re: Missed one
Nothing like checking out a place you'd like to burgle from the inside.
[ link to this | view in chronology ]
Re: Missed one
[ link to this | view in chronology ]
It was only extensive study that I realized
a) that my lightbulb was blinking in morse code, and
b) that I had a long lost relative in Nigeria who had left me a significant sum, needing only a modest fee to release.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
Stupidest comment ever. Please don't ever do that again. How could you possibly imagine anyone else would want to read that? There is nothing of value there.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
No excuses will ever be accepted as to justify any reason to hook a television to the internet.
These consumers get everything they deserve being this fucking stupid.
Next, they'll want to hook a teapot, light bulb, toaster, refrigerator, oven, or any other electrical device to the internet because "IT'S SO KEWL!"
Poetic justice, dispensed.
[ link to this | view in chronology ]
Re:
TV on demand?
[ link to this | view in chronology ]
Re: Re:
"This is an issue about consumer stupidity being so damn problematic as to hook a fucking television to the internet."
Way to blame the victim. This is absolutely about TV security and trust. What are people going to do when TVs ship with their own cellular chips, and don't even bother asking for your wifi password? Will you be wrapping your TV in aluminium foil?
[ link to this | view in chronology ]
Re:
Nice try TV industry.
I have a hard time with this "blame the victim" mentality, is there a particular reason you dislike ignorant consumers more than you dislike greedy manufacturers?
I doubt many consumers are demanding the "Internet Of Things", no - it is the manufacturers who are trying to convince the consumers they need this shit.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
I guess we should be saying 'monitor' or 'display' at this point, though. I'd assume that TVs will disappear, since I doubt that very many people use 'em as tuners anymore.
[ link to this | view in chronology ]
Re:
Actually my TV probably has the least amount of (personal) data of any of the devices I hook up to the Internet.
[ link to this | view in chronology ]
Re:
The fact that it exists and is selling TVs disproves that. As for the reason, of course it's money, for selling their customers' personal information to "business partners." I'd expect customers to run away screaming from it, but most customers aren't "tech-savvy" and tend to believe marketing pitches which boast consumer benefits of a connected experience.
[ link to this | view in chronology ]
What's the market?
People who want to watch Netflix, but DON'T have a game console, roku/slingbox/etc, blu-ray player, or even an HDMI cable long enough to stretch from a computer?
Are the TV manufacturers getting kickbacks from the OTT service providers for including their apps? There's got to be some reason they are putting so much effort into doing something so badly.
[ link to this | view in chronology ]
Re: What's the market?
That would be people looking for the elegant solution, one screen with no attached boxes. The simplicity of it, the clean lines. Give me an Xbox that's an app that I download to my television rather than an ugly clunky box that sits beside it.
[ link to this | view in chronology ]
Re: What's the market?
Doing something badly takes a lot less effort than doing it well or right.
[ link to this | view in chronology ]
Scary
[ link to this | view in chronology ]
Why do I even have to buy a smart tv?!?
[ link to this | view in chronology ]
Re: Why do I even have to buy a smart tv?!?
[ link to this | view in chronology ]
Do not connect things to the internet unless absolutely necessary, and when you do - do so very cautiously.
[ link to this | view in chronology ]
Devil's Advocate Question: Any Wi-Fi on "Smart TVs"?
[ link to this | view in chronology ]
Re: Devil's Advocate Question: Any Wi-Fi on "Smart TVs"?
[ link to this | view in chronology ]
Re: Re: Devil's Advocate Question: Any Wi-Fi on "Smart TVs"?
[ link to this | view in chronology ]
what means "disappeared"?
The article states:
At a glance, one might think that "disappeared" = "gone", yet the TV that is the subject of the article managed to catch it (even though it "disappeared").
So does "disappeared" mean it went into stealth mode or something? Or does "good news" mean Good News™? Or.. ?
[ link to this | view in chronology ]
Re: what means "disappeared"?
[ link to this | view in chronology ]
Reopening dialog
[ link to this | view in chronology ]
Re: Reopening dialog
[ link to this | view in chronology ]
Your vehicle, the traffic lights, your electricity provider, your water provider, grocery stores you buy your food from, your clothes from, nearly every business now has a presence on the internet.
Hackers will always go to the easiest and weakest point to get into money access. The two together spell some serious problems that are just beginning to show up but are the future.
I want nothing connected to the internet with the exception of my computer, which I can turn off. No wifi is allowed in this house. The tablet is not going to phone home. No internet connected devices that require the internet will be allowed in this household.
Even that does not prevent future problems. We are today in the same position as we were with MADD for nuclear war. That is the citizens are vulnerable totally with all this spying creating access points that have or will be discovered in the future. At some point someone is going to take advantage of it and when you go to the store you're going to find people piled up in car wrecks at intersections, no food at the stores, no water at home, no electricity either, and it will all come to a head by such short sighted applications as you are seeing with these tvs.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Too much corporate push down
In my day (boomer), I could fix my cars, motorcycles, and lawnmowers. Basic stuff a man or woman could sort, and the engine was designed to be fixed. Guess what 21st century men and women, your daily transportation tool (car, motorcycle) can no longer be fixed on the road or at home unless you have a computer and mechanical engineering degree :) So, young folks are now dependent on folks with the magic of medical doctors of the "old days" to fix a d*** car. Lucky, thanks to the post ww2 japan and german auto builders, modern cars and motorcycles last lots longer than old american cars. Finally american builders got the hint and are catching up. But f***, I just spent 3000 on a rebuilt ford transmission on a 125k explorer. Guess transmissions haven't caught up to ford engines. I wish my motorcycle had an auto trans as the manual shifter crap leaks oil. Motorcycles seem always 10-20 years behind cars these days, even tho scooters now have auto transmissions. No modern motorcycle manufactures make a real "automatic transmission", just a double clutch clunky lump, that no way compares to to real auto transmission or even scooter CVT.
Americans see so much new technology these days. Europe and far east are also catching up, and surpassing new american ideas and tech (IP theft). WTF? VR, wtf is VR useful for except for maybe flight simulation, maybe gaming? But its a big thing apparently in tech these days. Corporate push down. Typical humans, computer users, aren't into VR gaming or aviation training (unless you have a military job flying drones, and those guys and gals are quitting that gig.
If I were a venture capitalist, I wouldn't spend a cent on VR. There's no daily use for VR. Except, "VR is a thing".
If "smart tvs" become the only way I can consume "content" thru my cable tv provider, I'll quit cable tv. I can get movies over the net on my computer. I can better control malware over a computer than a d** tv.
[ link to this | view in chronology ]
Re: Too much corporate push down
[ link to this | view in chronology ]
"Jack in! Megaman.EXE transmit!"
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
And arguably orders of magnitude more serious than TVs that spy on you.
[ link to this | view in chronology ]
Re: Re:
Despite the laws' attempts to lower the age of culpability, I still consider teenagers younger than age of majority (eighteen or twenty-one dependent on jurisdiction) are "kids." Are you afraid to allow your soon-to-be-grownups alone in your house unsupervised? If so, how are they ever going to grow up?
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
what?
[ link to this | view in chronology ]