Man Has To Beg LG To Uncripple His 'Smart' TV After Ransomware Attack

from the dumb-is-the-new-smart dept

We've noted repeatedly how "smart" television sets have the same security issues plaguing the rest of the internet of broken things: namely there often isn't any security to speak of. The net result has been TVs that spy on you by recording in-home audio, and in some cases transmitting that data unencrypted around the internet. But we've also noted how these TVs -- like the rest of the Internet of Things -- can be compromised in a matter of moments by some rather rudimentary hacking, then incorporated into the historically unprecedented DDoS attacks we're now seeing around the world.

As an added bonus, your smart TV can now be infected by ransomware, too. Software engineer Darren Cauthon found this out the hard way when he awoke on Christmas Day to find that his family's LG 50GA6400 had been infected with a version of the Cyber.Police ransomware -- aka FLocker, Dogspectus, or Frantic Locker. That particular ransomware posts an image to the screen of the television pretending to originate with the FBI, and claiming that users must pay a $500 penalty to return full functionality to the television.

Cauthon quickly headed to Twitter to not only complain that his television was now demanding a payment just to function -- but that LG's online factory reset instructions for the TV in question didn't work:
Worse, perhaps, Cauthon stated that when he contacted LG, he was shuffled around several support departments before being told that he might have to bring the TV in to be serviced by a technician (for a $340 surcharge):
"Cauthon says he tried to reset the TV to factory settings, but the reset procedure available online didn't work. When the software engineer contacted LG, the company told him to visit one of their service centers, where one of its employees could reset his TV.

This angered Cauthon because factory reset procedures shouldn't be secret, but also because the service center visit implied a $340 bill. The ransomware asked Cauthon to pay $500 to unlock his TV.

As one commenter on Twitter pointed out, it would be cheaper to buy a new TV. "Avoid these 'smart tvs' like the plague," Cauthon added following his discussion with LG."
Ultimately LG reached out to Cauthon to help by providing the correct factory reset sequence, though the infection should have never been possible to begin with. While it's possible that the infection could have come via a dubious download from the Google app store, the design of the television should never allow an application to take complete control of the device in the first place. While these infections are rare, other LG users have complained about similar attacks, and found removal of the offending malware to be difficult -- especially given the lack of control users often have over devices they purportedly "own."

Of course, security firms like Symantec have been warning about the rise of TV infections since 2015, noting that while in some instances a factory reset will solve the issue, in many instances removing the malware can be borderline impossible for a less technical user. And like so many internet of broken things devices, these TVs often fail to include basic functionality allowing users to determine what traffic the television is sending over the network, or settings allowing users to protect their security. It's just one more example of how "smart" devices are frequently dumber than the technology they're replacing.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: factory reset, ransomware, smart tv
Companies: lg


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Anonymous Coward, 4 Jan 2017 @ 6:33am

    Not sure what they mean by "Smart" when describing their product. If said product were smart, it would not allow drive by downloads, worms, viruses, malware.

    Does anyone sell an "Ethical" tv?

    link to this | view in thread ]

  2. icon
    Ninja (profile), 4 Jan 2017 @ 6:36am

    Silly question maybe but why we need TVs smarter than "display good quality image and that's it" when there are much better devices that can do everything the smartness can do with added security, comfort and reliability?

    I'd gladly skip $100 or more to get a stripped down TV...

    link to this | view in thread ]

  3. icon
    That Anonymous Coward (profile), 4 Jan 2017 @ 6:43am

    $340 for them to press & hold a series of keys, then type in a code.
    Gee you'd think that the data they suck out of the smart tv's that gets them paid would offset the cost of just keeping a plain web page up with the instructions.

    Of course this was one of the older abandoned Google Smart TV's where the 'don't be evil' corporation could have forced this magical sequence be available to consumers, but that would have made LG sad.

    There seems to be little actual benefit for having a smart tv - you pay a premium price, you get spied on, you get special advertising, you get zero support unless you pay a huge fee....

    Just because you can, doesn't mean you should. It really is high time people start voting with their wallets & avoiding corps that insist they have to spy so they can make more off of you.

    link to this | view in thread ]

  4. icon
    PaulT (profile), 4 Jan 2017 @ 6:49am

    Nice to see an accurate headline. Most places I've read this either implied or outright stated that the programmer had developed his own fix, rather than simply having to beg LG to waive their massive charge they'd want to enter the reset code themselves.

    link to this | view in thread ]

  5. identicon
    Michael, 4 Jan 2017 @ 6:52am

    Re:

    I, for one, am pretty happy with my smart tv's.

    I get all of my programming from the web and OTA (no cable).
    I have a single remote control that actually controls everything rather than a table covered in them and a 4 step procedure to turn on the TV, select a channel, and hear sound.
    My TV is updated and working every day (it updates automatically in the early hours of the day).
    News is available any time (including Facebook and Twitter).
    Internet Radio is available when I want music.

    I am not a huge fan of everything being connected to the internet, but a smart TV is actually one of the things that really has made things more convenient and better for me.

    link to this | view in thread ]

  6. identicon
    mister give me my cheese, 4 Jan 2017 @ 6:59am

    class action suit - negligence and fraud

    they are defrauding him and /or negligent in providing a proper product

    link to this | view in thread ]

  7. icon
    Matt (profile), 4 Jan 2017 @ 6:59am

    Re:

    In my recent TV shopping there a lot of non-smart TVs were more than their equivalent "smart" versions (and this wasn't during black friday sales)

    link to this | view in thread ]

  8. identicon
    mister the cheese is strong with this one, 4 Jan 2017 @ 7:01am

    reason they dont want that reset out there

    ....oh its also hackable as in , if you alter that onboard it will be brickable forever....

    haha smart indeed making it flashable

    link to this | view in thread ]

  9. identicon
    TripMN, 4 Jan 2017 @ 7:02am

    Leak coming

    In an upcoming 'leak from the Russians', LG is shown to be infecting its own TVs with Ransomware.

    "Either we get the $500 from the ransom or we get just over $300 at one of our service departments to fix the problem. Either way it is win-win and our stock is at an all time high." -leaked internal LG memo

    link to this | view in thread ]

  10. identicon
    Anonymous Coward, 4 Jan 2017 @ 7:12am

    More consumer education is necessary. Those informed would not connect their smart TV's to the net. Smart features should be handled by an external computer that gets prompt security updates.

    link to this | view in thread ]

  11. icon
    Roger Strong (profile), 4 Jan 2017 @ 7:38am

    Re:

    Maybe it decided it was so smart that it didn't have to listen to security briefings.

    link to this | view in thread ]

  12. identicon
    Anonymous Coward, 4 Jan 2017 @ 7:41am

    not connect to the net

    can you truly not connect to the 'net? is there wireless capability that can bypass your efforts?

    you say your home router is password-protected and so are your neighbors'? hah.

    link to this | view in thread ]

  13. identicon
    Anonymous Coward, 4 Jan 2017 @ 7:46am

    Re:

    Yes you can truly not connect to the net.

    You simply just do not plug up the patch cable or configure WIFI. TV stays dumb that way.

    link to this | view in thread ]

  14. identicon
    JustShutUpAndObey, 4 Jan 2017 @ 7:46am

    Re: Extra $$$ for Samsung

    An extra $340? Samsung is partnering with the Ransomware folks after the fact. Isn't profiting from criminals after the crime also a crime?

    link to this | view in thread ]

  15. identicon
    Anonymous Coward, 4 Jan 2017 @ 8:02am

    and yet

    some still want self driving cars...idiotic

    Unfortunately these "smart" tv's REQUIRE network access in order to enable/configure their highest picture quality settings (i.e. download the latest HDR patch which fixes some HDR video gameplay or 4K BluRay video flaw).

    Look! Someone wrote the word "Gullible" on the ceiling!

    link to this | view in thread ]

  16. identicon
    Anonymous Coward, 4 Jan 2017 @ 8:04am

    Re: Re:

    That works until the TV or other smart device has to phone home before doing anything, and then the corp[orations own you.

    link to this | view in thread ]

  17. identicon
    Anonymous Coward, 4 Jan 2017 @ 8:10am

    Re: Re:

    I have a 40 inch smart tv that I got for $250 on Black Friday. I dont really use the "smart" features though, its just attached to my laptop via hdmi. This reminds me, I should turn off the internet connectivity.

    link to this | view in thread ]

  18. identicon
    Anonymous Coward, 4 Jan 2017 @ 8:13am

    This angered Cauthon because factory reset procedures shouldn't be secret, but also because the service center visit implied a $340 bill.

    What if he decided to sell it and wanted to make sure his personal information was off the set? Would LG expect this guy to take it to a service center, pay $340 for them to reset it, only to sell it for say, $250?

    Fuck you LG.

    Fuck you very much.

    link to this | view in thread ]

  19. identicon
    Rekrul, 4 Jan 2017 @ 8:40am

    All "smart" devices should come with a recessed button that you press with the tip of a pen for 10 seconds to reset it to the factory defaults.

    link to this | view in thread ]

  20. icon
    Roger Strong (profile), 4 Jan 2017 @ 8:52am

    Re:

    10 seconds to reset to factory defaults, and then 10 hours to reinstall all the patches and updates released since it left the factory.

    link to this | view in thread ]

  21. identicon
    Anon, 4 Jan 2017 @ 9:05am

    I hope...

    Since he eventually got the correct reset procedure, I hope it gets published on the Internet.

    link to this | view in thread ]

  22. identicon
    Anonymous Coward, 4 Jan 2017 @ 9:35am

    Re: Re: Re:

    Too late.

    I would not be surprised to find out there are hidden undisclosed wifi transmitters in many everyday devices which are used to spy on you.

    link to this | view in thread ]

  23. identicon
    Anonymous Coward, 4 Jan 2017 @ 9:41am

    The idea that LG thought he should go to a service center and pay $340 is so ridiculous. I wonder if that fixed the vulnerability too. Otherwise he could just get hit again and need to pay another $340.

    link to this | view in thread ]

  24. identicon
    RIRedinPA, 4 Jan 2017 @ 9:42am

    Re:

    A cynical person might think they actually unleashed the malware themselves.

    link to this | view in thread ]

  25. identicon
    Anonymous Coward, 4 Jan 2017 @ 9:45am

    Re: I hope...

    "With the TV powered off, place one finger on the settings symbol then another finger on the channel down symbol. Remove finger from settings, then from channel down, and navigate using volume keys to the wipe data/ factory reset option."

    link to this | view in thread ]

  26. identicon
    Anonymous Coward, 4 Jan 2017 @ 9:53am

    Worth noting - media attention was required

    Anyone want to bet how much time and/or money it would have cost him if he had not made a public stink about how poorly LG was treating him? Once again, the only thing that got LG to address the problem was negative publicity sufficient to convince an LG manager that the publicity was hurting the company's future profits.

    link to this | view in thread ]

  27. identicon
    David, 4 Jan 2017 @ 9:56am

    Re: Re:

    Depends on how long they support the platform. I have a "Smart" TV and can't use the Amazon Prime app to view movies since it's no longer supported. So I have to buy a box for that. Which also does all the other streaming platforms, so the "smart" functions are no longer used.

    Give me a "dumb" TV and an HDMI port to plug in my smart app box of choice.

    link to this | view in thread ]

  28. identicon
    Anonymous Coward, 4 Jan 2017 @ 10:09am

    Where can we buy those dumb displays they use above the counter in fast food restaurants?

    link to this | view in thread ]

  29. icon
    Not an Electronic Rodent (profile), 4 Jan 2017 @ 10:15am

    Re:

    Silly question maybe but why we need TVs smarter than "display good quality image and that's it" when there are much better devices that can do everything the smartness can do with added security, comfort and reliability?

    I'd gladly skip $100 or more to get a stripped down TV...

    Yeah, not a silly question all att, but unfortunately if you want a large screen, an equivalent "dumb" TV is not +$100, it's more likely twice-or-more the price.

    This, though, is exactly my "smart" TV has been dumbed-down since purchase to being just a screen for rather smarter devices.

    link to this | view in thread ]

  30. identicon
    Anonymous Coward, 4 Jan 2017 @ 10:33am

    It's almost impossible these days to buy a TV without the so called smart crap in it. I big problem is, they add this crap with no real intention in supporting it in the future. TV's have such a slim profit margin, it's not in their interest to do anything with it after the sale.

    The problem is, when it comes to TV's you tend to hold onto them for many years. Hell I have a couple 50" Panasonic Plasma's that I love and have no plans to replace anytime soon and I've already owned them quite a few years already. They're dumb TV's. Just how I like them. I think it's much better to just buy a nice AppleTV, or a ROKU box or something like that to get the so called SMART stuff. It'll be faster, far better supported, and if you want to upgrade, it's simple to swap out a box to something else. Maybe put the old box to some other older TV you may happen to have.

    This crap built into your TV doesn't get supported and so it gets laggy, and app's slowly stop working because they don't get updated. Security is a joke. It really doesn't make much sense and if I had a choice, I would get a DUMB TV. Just give me something with a nice picture and I'll hook up what I need to it to display what I want. The TV should just work!!!

    link to this | view in thread ]

  31. identicon
    Anonymous Coward, 4 Jan 2017 @ 10:53am

    Re: Re: Re: Re:

    *tin foil hat*
    *popcorn*

    Please, go on...

    link to this | view in thread ]

  32. identicon
    Michael, 4 Jan 2017 @ 11:07am

    Re:

    You cannot resell this TV because you only licensed the software that is included. If you would like to sell it, you will need to pay an additional license fee.

    - LG

    link to this | view in thread ]

  33. identicon
    Anonymous Coward, 4 Jan 2017 @ 11:10am

    Re:

    I wouldn't know since I haven't owned one, but I always assumed you can choose not to use the smart functionality.

    link to this | view in thread ]

  34. identicon
    Anonymous Coward, 4 Jan 2017 @ 11:25am

    Re: Re: Re: Re: Re:

    You're saying it can not happen?

    link to this | view in thread ]

  35. identicon
    Anonymous Coward, 4 Jan 2017 @ 11:26am

    Re: and yet

    Necessity is the mother of all invention.

    Look on the bright side, after enough people die, real security will become a reality.

    I hate to be there bearer of bad news, but humanity kinda requires massive death and destruction to get motivated to do the right things. Or have you not looked at history and its many wars?

    link to this | view in thread ]

  36. identicon
    Anonymous Coward, 4 Jan 2017 @ 11:31am

    Re: Re: Re: Re: Re: Re:

    well umm... they ARE disclosed.
    got a smart phone?

    link to this | view in thread ]

  37. identicon
    Anonymous Coward, 4 Jan 2017 @ 12:39pm

    Re:

    Does anyone sell an "Ethical" tv?

    Their called dumb TVs. Or a DIY Linux media box if you want smart and ethical.

    link to this | view in thread ]

  38. identicon
    Anonymous Coward, 4 Jan 2017 @ 12:43pm

    Re: Re:

    > then 10 hours to reinstall all the patches and updates released since it left the factory.

    During which time it gets pwned again.

    link to this | view in thread ]

  39. identicon
    Anonymous Coward, 4 Jan 2017 @ 12:51pm

    Re:

    > It's almost impossible these days to buy a TV without the so called smart crap in it.

    That's because the TV manufacturers get paid by the streaming services to include their crappy apps on the the TV. Like the ways PC manufacturers get paid to pre-load crapware on new PC's. So the price of the TV is subsidized by the crapware and that's why it can cost more to get a TV without it.

    link to this | view in thread ]

  40. icon
    Teamchaos (profile), 4 Jan 2017 @ 1:22pm

    Re: Re:

    Maybe the security briefings were a worthless as the factory reset code that didn't work.

    Maybe the security briefings were politically biased so as to delegitimize the rightful owner who won the TV fair and square.

    link to this | view in thread ]

  41. icon
    Teamchaos (profile), 4 Jan 2017 @ 1:30pm

    Re: Re: Re:

    The Smart features on my Sony (with Android TV) are pretty worthless. The ARC will not pass Dolby Digital+ (only Dolby Digital) so I bought a Roku. They could also do away with the worthless TV speakers as far as I'm concerned.

    Anyone know how this guy got infected? What features did he use? Email? Browser? Google store?

    link to this | view in thread ]

  42. icon
    Teamchaos (profile), 4 Jan 2017 @ 1:41pm

    Re: Re: Re: Re:

    Found the answer to my question on kim komando's site:

    Frantic Locker was first reported to spread via spam text messages and malicious web links. To avoid getting your Google TV infected, be careful when visiting websites using the built-in TV web browser. Additionally, checking email and clicking unknown links through your TV can also put it at risk. However, in Cauthon's case, it appears that his TV was infected by a rogue app. It goes without saying, please refrain from downloading and installing apps from unofficial and unknown app sources.

    Don't install 3rd party apps, don't browse the web, don't check your email on your 'smart' TV. In short - don't do stupid stuff.

    link to this | view in thread ]

  43. identicon
    Anonymous Coward, 4 Jan 2017 @ 2:02pm

    Re: Re: Extra $$$ for Samsung

    Um... Unless you're implying that Samsung owns LG, how would they get $340 for a repair on an LG TV?

    link to this | view in thread ]

  44. icon
    David (profile), 4 Jan 2017 @ 2:45pm

    This is just the Internet of Shit

    Any device manufacturer that sees a competitor try something these days immediately tries to improve/copy/hit the checkbox to they have the same or better feature.

    Few companies have the expertise to do this. In particular when it comes to security and, as mentioned above, have no incentive at all to provide support for a product where there is no ongoing profit. With their well known razor thin profits these devices can add the feature(sic) with an out of date SoC which might well be lacking the necessary hardware to provide modern protection.

    There is no possibility of solving this. The smart TV is now the default for many. The OS of choice is Android, which supports their store. That is where the mighty malware lives.

    Don't buy smart TVs.

    link to this | view in thread ]

  45. identicon
    Anonymous Coward, 4 Jan 2017 @ 7:07pm

    Re: Re:

    There are 55" "dumb" tv's out there for cheap if you look.

    link to this | view in thread ]

  46. icon
    Eldakka (profile), 4 Jan 2017 @ 9:04pm

    Re: Re:

    I also have one remote control to control everything, and while I do have a smart TV, it has no data connectivity outside HDMI cables.

    My one remote control controls a HTPC that does everything except displaying the actual image. It plays movies on the HTPC out to the TV, music, free-to-air TV, it records that TV if I want to time-shift it. If I want to surf the net using my TV as my display, I do, but the surfing occurs on the HTPC using a wireless (or wired if i feel like it) keyboard, mouse, or the remote control which is a wireless pointer as well. I can play games without switching devices (Civ, Battlefield and whatnot). I can update video and audio codecs on the HTPC whenever I need to to play the latest and greatest format, without having to worry about the TV vendor refusing to update its codec set in the hopes I'll buy a complete new TV just to get the latest codecs. I can use the latest software, browsers, and whatever else I want.

    The only time I need to replace the TV is when either the screen breaks, or there have been significant changes in dislay hardware technology. E.g. CRT -> 720p/1080p Plasma -> 1080p LED backlit LCD -> 4k OLED HDR. Not every time there is a minor software technology or hardware change like xVid -> x264 -> x265. USB 2 -> 3 -> 3.1 (Type A or C) gen2, or 100Mb -> 1Gb (hopefully soon! -> 2.5Gb -> 5Gb), or wireless A/G -> N -> AC , and so on.

    link to this | view in thread ]

  47. icon
    Eldakka (profile), 4 Jan 2017 @ 9:09pm

    Re:

    So that there is more reason to force upgrades on consumers.

    When I was a kid, a TV was like a fridge or washing machine - you'd buy a new one every decade or so. Maybe have a 2nd smaller one for the kids, which is most likely a hand-me-down from when the main TV was upgraded to an OMG 68cm so the 48cm it was replacing was moved off to the kids room.

    But by incorporating many unnecessary technologies in the TV - media players, web browsers, players for specific eco-systems (netflix, amazon etc) that aren't upgradeable, or that they only support for a year or 2 with upgrades (like a mobile phone), there are more opportunities to foist upgrades on users.

    link to this | view in thread ]

  48. identicon
    Dingledore the Mildly Uncomfortable When Seated, 5 Jan 2017 @ 2:21am

    Re:

    "Smart" is the new stupid

    link to this | view in thread ]

  49. identicon
    Anonymous Coward, 5 Jan 2017 @ 2:56am

    Smart tv? Lipstick on a pig.
    More reason to call them idiot boxes.

    link to this | view in thread ]

  50. identicon
    Rekrul, 5 Jan 2017 @ 11:08am

    Re: Re: Re:

    During which time it gets pwned again.

    Just a crazy thought, but maybe they could spend a little more time testing the firmware and release something that isn't broken from the start?

    link to this | view in thread ]

  51. identicon
    Anonymous Coward, 9 Jan 2017 @ 3:24am

    Re: and yet

    I may be coming too late to this discussion, but how is a self-driving car worse than the current hackable cars?

    link to this | view in thread ]

  52. identicon
    Monica, 3 Jun 2020 @ 12:01am

    As an added bonus, your smart TV can now be infected by ransomware, too.
    https://8ball-pool.io

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.