Man Has To Beg LG To Uncripple His 'Smart' TV After Ransomware Attack
from the dumb-is-the-new-smart dept
We've noted repeatedly how "smart" television sets have the same security issues plaguing the rest of the internet of broken things: namely there often isn't any security to speak of. The net result has been TVs that spy on you by recording in-home audio, and in some cases transmitting that data unencrypted around the internet. But we've also noted how these TVs -- like the rest of the Internet of Things -- can be compromised in a matter of moments by some rather rudimentary hacking, then incorporated into the historically unprecedented DDoS attacks we're now seeing around the world.
As an added bonus, your smart TV can now be infected by ransomware, too. Software engineer Darren Cauthon found this out the hard way when he awoke on Christmas Day to find that his family's LG 50GA6400 had been infected with a version of the Cyber.Police ransomware -- aka FLocker, Dogspectus, or Frantic Locker. That particular ransomware posts an image to the screen of the television pretending to originate with the FBI, and claiming that users must pay a $500 penalty to return full functionality to the television.
Cauthon quickly headed to Twitter to not only complain that his television was now demanding a payment just to function -- but that LG's online factory reset instructions for the TV in question didn't work:
Of course, security firms like Symantec have been warning about the rise of TV infections since 2015, noting that while in some instances a factory reset will solve the issue, in many instances removing the malware can be borderline impossible for a less technical user. And like so many internet of broken things devices, these TVs often fail to include basic functionality allowing users to determine what traffic the television is sending over the network, or settings allowing users to protect their security. It's just one more example of how "smart" devices are frequently dumber than the technology they're replacing.
Worse, perhaps, Cauthon stated that when he contacted LG, he was shuffled around several support departments before being told that he might have to bring the TV in to be serviced by a technician (for a $340 surcharge):
Family member's tv is bricked by Android malware. #lg wont disclose factory reset. Avoid these "smart tvs" like the plague. pic.twitter.com/kNz9T1kA0p— Darren Cauthon (@darrencauthon) December 25, 2016
"Cauthon says he tried to reset the TV to factory settings, but the reset procedure available online didn't work. When the software engineer contacted LG, the company told him to visit one of their service centers, where one of its employees could reset his TV.Ultimately LG reached out to Cauthon to help by providing the correct factory reset sequence, though the infection should have never been possible to begin with. While it's possible that the infection could have come via a dubious download from the Google app store, the design of the television should never allow an application to take complete control of the device in the first place. While these infections are rare, other LG users have complained about similar attacks, and found removal of the offending malware to be difficult -- especially given the lack of control users often have over devices they purportedly "own."
This angered Cauthon because factory reset procedures shouldn't be secret, but also because the service center visit implied a $340 bill. The ransomware asked Cauthon to pay $500 to unlock his TV.
As one commenter on Twitter pointed out, it would be cheaper to buy a new TV. "Avoid these 'smart tvs' like the plague," Cauthon added following his discussion with LG."
Reader Comments
Does anyone sell an "Ethical" tv?
Re:
I'd gladly skip $100 or more to get a stripped down TV...
Re:
I get all of my programming from the web and OTA (no cable).
I have a single remote control that actually controls everything rather than a table covered in them and a 4 step procedure to turn on the TV, select a channel, and hear sound.
My TV is updated and working every day (it updates automatically in the early hours of the day).
News is available any time (including Facebook and Twitter).
Internet Radio is available when I want music.
I am not a huge fan of everything being connected to the internet, but a smart TV is actually one of the things that really has made things more convenient and better for me.
Gee you'd think that the data they suck out of the smart tv's that gets them paid would offset the cost of just keeping a plain web page up with the instructions.
Of course this was one of the older abandoned Google Smart TV's where the 'don't be evil' corporation could have forced this magical sequence be available to consumers, but that would have made LG sad.
There seems to be little actual benefit for having a smart tv - you pay a premium price, you get spied on, you get special advertising, you get zero support unless you pay a huge fee....
Just because you can, doesn't mean you should. It really is high time people start voting with their wallets & avoiding corps that insist they have to spy so they can make more off of you.
Re:
Re: Re:
Re: Extra $$$ for Samsung
class action suit - negligence and fraud
reason they dont want that reset out there
haha smart indeed making it flashable
Leak coming
In an upcoming 'leak from the Russians', LG is shown to be infecting its own TVs with Ransomware.
"Either we get the $500 from the ransom or we get just over $300 at one of our service departments to fix the problem. Either way it is win-win and our stock is at an all time high." -leaked internal LG memo
not connect to the net
can you truly not connect to the 'net? is there wireless capability that can bypass your efforts?
you say your home router is password-protected and so are your neighbors'? hah.
Re:
You simply just do not plug up the patch cable or configure WIFI. TV stays dumb that way.
Re: Re:
and yet
Unfortunately these "smart" tv's REQUIRE network access in order to enable/configure their highest picture quality settings (i.e. download the latest HDR patch which fixes some HDR video gameplay or 4K BluRay video flaw).
Look! Someone wrote the word "Gullible" on the ceiling!
This angered Cauthon because factory reset procedures shouldn't be secret, but also because the service center visit implied a $340 bill.
What if he decided to sell it and wanted to make sure his personal information was off the set? Would LG expect this guy to take it to a service center, pay $340 for them to reset it, only to sell it for say, $250?
Fuck you LG.
Fuck you very much.
