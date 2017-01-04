Confirmed Horrible Person James Woods... >>
<< Aussie Productivity Commission Doubles Down On...
 tdicon 

(Mis)Uses of Technology

by Karl Bode

Wed, Jan 4th 2017 6:26am


Filed Under:
factory reset, ransomware, smart tv

Companies:
lg



Man Has To Beg LG To Uncripple His 'Smart' TV After Ransomware Attack

from the dumb-is-the-new-smart dept

We've noted repeatedly how "smart" television sets have the same security issues plaguing the rest of the internet of broken things: namely there often isn't any security to speak of. The net result has been TVs that spy on you by recording in-home audio, and in some cases transmitting that data unencrypted around the internet. But we've also noted how these TVs -- like the rest of the Internet of Things -- can be compromised in a matter of moments by some rather rudimentary hacking, then incorporated into the historically unprecedented DDoS attacks we're now seeing around the world.

As an added bonus, your smart TV can now be infected by ransomware, too. Software engineer Darren Cauthon found this out the hard way when he awoke on Christmas Day to find that his family's LG 50GA6400 had been infected with a version of the Cyber.Police ransomware -- aka FLocker, Dogspectus, or Frantic Locker. That particular ransomware posts an image to the screen of the television pretending to originate with the FBI, and claiming that users must pay a $500 penalty to return full functionality to the television.

Cauthon quickly headed to Twitter to not only complain that his television was now demanding a payment just to function -- but that LG's online factory reset instructions for the TV in question didn't work:
Worse, perhaps, Cauthon stated that when he contacted LG, he was shuffled around several support departments before being told that he might have to bring the TV in to be serviced by a technician (for a $340 surcharge):
"Cauthon says he tried to reset the TV to factory settings, but the reset procedure available online didn't work. When the software engineer contacted LG, the company told him to visit one of their service centers, where one of its employees could reset his TV.

This angered Cauthon because factory reset procedures shouldn't be secret, but also because the service center visit implied a $340 bill. The ransomware asked Cauthon to pay $500 to unlock his TV.

As one commenter on Twitter pointed out, it would be cheaper to buy a new TV. "Avoid these 'smart tvs' like the plague," Cauthon added following his discussion with LG."
Ultimately LG reached out to Cauthon to help by providing the correct factory reset sequence, though the infection should have never been possible to begin with. While it's possible that the infection could have come via a dubious download from the Google app store, the design of the television should never allow an application to take complete control of the device in the first place. While these infections are rare, other LG users have complained about similar attacks, and found removal of the offending malware to be difficult -- especially given the lack of control users often have over devices they purportedly "own."

Of course, security firms like Symantec have been warning about the rise of TV infections since 2015, noting that while in some instances a factory reset will solve the issue, in many instances removing the malware can be borderline impossible for a less technical user. And like so many internet of broken things devices, these TVs often fail to include basic functionality allowing users to determine what traffic the television is sending over the network, or settings allowing users to protect their security. It's just one more example of how "smart" devices are frequently dumber than the technology they're replacing.
19 Comments | Leave a Comment
Get a free 1-year subscription to the Techdirt Crystal Ball when you sign up for VPN service from Private Internet Access.

If you liked this post, you may also be interested in...

Reader Comments

 
Maybe it decided it was so smart that it didn't have to listen to security briefings.
—Roger Strong

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 4 Jan 2017 @ 6:33am

    Not sure what they mean by "Smart" when describing their product. If said product were smart, it would not allow drive by downloads, worms, viruses, malware.

    Does anyone sell an "Ethical" tv?

    reply to this | link to this | view in chronology ]

  • icon
    Ninja (profile), 4 Jan 2017 @ 6:36am

    Silly question maybe but why we need TVs smarter than "display good quality image and that's it" when there are much better devices that can do everything the smartness can do with added security, comfort and reliability?

    I'd gladly skip $100 or more to get a stripped down TV...

    reply to this | link to this | view in chronology ]

    • identicon
      Michael, 4 Jan 2017 @ 6:52am

      Re:

      I, for one, am pretty happy with my smart tv's.

      I get all of my programming from the web and OTA (no cable).
      I have a single remote control that actually controls everything rather than a table covered in them and a 4 step procedure to turn on the TV, select a channel, and hear sound.
      My TV is updated and working every day (it updates automatically in the early hours of the day).
      News is available any time (including Facebook and Twitter).
      Internet Radio is available when I want music.

      I am not a huge fan of everything being connected to the internet, but a smart TV is actually one of the things that really has made things more convenient and better for me.

      reply to this | link to this | view in chronology ]

  • icon
    That Anonymous Coward (profile), 4 Jan 2017 @ 6:43am

    $340 for them to press & hold a series of keys, then type in a code.
    Gee you'd think that the data they suck out of the smart tv's that gets them paid would offset the cost of just keeping a plain web page up with the instructions.

    Of course this was one of the older abandoned Google Smart TV's where the 'don't be evil' corporation could have forced this magical sequence be available to consumers, but that would have made LG sad.

    There seems to be little actual benefit for having a smart tv - you pay a premium price, you get spied on, you get special advertising, you get zero support unless you pay a huge fee....

    Just because you can, doesn't mean you should. It really is high time people start voting with their wallets & avoiding corps that insist they have to spy so they can make more off of you.

    reply to this | link to this | view in chronology ]

    • icon
      Matt (profile), 4 Jan 2017 @ 6:59am

      Re:

      In my recent TV shopping there a lot of non-smart TVs were more than their equivalent "smart" versions (and this wasn't during black friday sales)

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 4 Jan 2017 @ 8:10am

        Re: Re:

        I have a 40 inch smart tv that I got for $250 on Black Friday. I dont really use the "smart" features though, its just attached to my laptop via hdmi. This reminds me, I should turn off the internet connectivity.

        reply to this | link to this | view in chronology ]

    • identicon
      JustShutUpAndObey, 4 Jan 2017 @ 7:46am

      Re: Extra $$$ for Samsung

      An extra $340? Samsung is partnering with the Ransomware folks after the fact. Isn't profiting from criminals after the crime also a crime?

      reply to this | link to this | view in chronology ]

  • icon
    PaulT (profile), 4 Jan 2017 @ 6:49am

    Nice to see an accurate headline. Most places I've read this either implied or outright stated that the programmer had developed his own fix, rather than simply having to beg LG to waive their massive charge they'd want to enter the reset code themselves.

    reply to this | link to this | view in chronology ]

  • identicon
    mister give me my cheese, 4 Jan 2017 @ 6:59am

    class action suit - negligence and fraud

    they are defrauding him and /or negligent in providing a proper product

    reply to this | link to this | view in chronology ]

  • identicon
    mister the cheese is strong with this one, 4 Jan 2017 @ 7:01am

    reason they dont want that reset out there

    ....oh its also hackable as in , if you alter that onboard it will be brickable forever....

    haha smart indeed making it flashable

    reply to this | link to this | view in chronology ]

  • identicon
    TripMN, 4 Jan 2017 @ 7:02am

    Leak coming

    In an upcoming 'leak from the Russians', LG is shown to be infecting its own TVs with Ransomware.

    "Either we get the $500 from the ransom or we get just over $300 at one of our service departments to fix the problem. Either way it is win-win and our stock is at an all time high." -leaked internal LG memo

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 Jan 2017 @ 7:12am

    More consumer education is necessary. Those informed would not connect their smart TV's to the net. Smart features should be handled by an external computer that gets prompt security updates.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 4 Jan 2017 @ 7:41am

      not connect to the net

      can you truly not connect to the 'net? is there wireless capability that can bypass your efforts?

      you say your home router is password-protected and so are your neighbors'? hah.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 4 Jan 2017 @ 7:46am

        Re:

        Yes you can truly not connect to the net.

        You simply just do not plug up the patch cable or configure WIFI. TV stays dumb that way.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 4 Jan 2017 @ 8:04am

          Re: Re:

          That works until the TV or other smart device has to phone home before doing anything, and then the corp[orations own you.

          reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 Jan 2017 @ 8:02am

    and yet

    some still want self driving cars...idiotic

    Unfortunately these "smart" tv's REQUIRE network access in order to enable/configure their highest picture quality settings (i.e. download the latest HDR patch which fixes some HDR video gameplay or 4K BluRay video flaw).

    Look! Someone wrote the word "Gullible" on the ceiling!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 Jan 2017 @ 8:13am

    This angered Cauthon because factory reset procedures shouldn't be secret, but also because the service center visit implied a $340 bill.

    What if he decided to sell it and wanted to make sure his personal information was off the set? Would LG expect this guy to take it to a service center, pay $340 for them to reset it, only to sell it for say, $250?

    Fuck you LG.

    Fuck you very much.

    reply to this | link to this | view in chronology ]

  • identicon
    Rekrul, 4 Jan 2017 @ 8:40am

    All "smart" devices should come with a recessed button that you press with the tip of a pen for 10 seconds to reset it to the factory defaults.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Confirmed Horrible Person James Woods... >>
<< Aussie Productivity Commission Doubles Down On...
 tdicon 
Follow Techdirt
Insider Shop - Show Your Support!

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories

Wednesday

08:30 Confirmed Horrible Person James Woods Continues Being Horrible In 'Winning' Awful Lawsuit To Unmask Deceased Online Critic (1)
06:26 Man Has To Beg LG To Uncripple His 'Smart' TV After Ransomware Attack (19)
03:23 Aussie Productivity Commission Doubles Down On Fair Use And Serious Copyright & Patent Reform (13)

Tuesday

17:42 Rightscorp Rings In The New Year By Vowing To Find New Ways To Lose Money In 2017 (10)
14:44 Tesla Gave Up Its Patents, But People Are Freaked Out That Faraday Future Put Its Own Into A Separate Company (20)
13:07 Our Unfortunate Annual Tradition: A Look At What Should Have Entered The Public Domain, But Didn't (30)
11:45 Malcolm Gladwell's Ridiculous Attack On Ed Snowden Based On Weird Prejudice About How A Whistleblower Should Look (32)
10:45 Washington Post Falsely Claims Russia Hacked Vermont Utility, Because OMG RUSSIANS! (44)
10:40 Daily Deal: The Complete Computer Science Bundle (0)
09:37 Congressman Goodlatte Decides To Refill The Swamp By Gutting Congressional Ethics Office... But Drops It After Bad Publicity (29)
More arrow
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.