This is why I refuse to connect my "smart TV" to the internet. IoT = Worse than an unpatched XP without SPx.
LOL, in a way ! I posted on here several years ago, about the potential dangers of such device connections to the www etc. I said that they would also need AntiVirus/Malware etc. Well it's proved to be true. Won't be that last either, i'm certain
Here are the 'secret' instructions that do not appear in the original article ... With the TV powered off, place one finger on the settings symbol then another finger on the channel down symbol. Remove finger from settings, then from channel down, and navigate using volume keys to the wipe data/ factory reset option. Seems a bit Monty Python, but apparently it gets rid of the ransomware and returns the TV to working order. IOT: idiots online thingy
I tried this with my LG 43UH6100 which I bought a couple of weeks ago and updated it with firmware version 04.30.70 dated 2016-12-01. The 'secret' instructions didn't work... With the TV powered off, using the Remote: - press and hold the Settings button (looks like a gear) - press and hold the Channel Down rocker control - release the Settings button, - release the Channel Down rocker control TV turned on ready to play HDMI input which is where it was when I turned ot OFF. so the following didn't come into play: - use the Volume rocker control to select the option to wipe data/ factory reset and press the OK button - wait while the operation completes. - turn the TV ON and reapply your custom settings Now there may be a difference in models or firmware versions. Where did you get the information?
Here is the website I got the info from. The instructions are below the video... http://securityaffairs.co/wordpress/54991/malware/lg-smart-tv-ransomware.html According to the article the instructions were provided by LG (to remove the 'data' and reset the TV - which is a 2014 model).
That's the difference, mine is new, runs WebOS3 whereas Darren Cauthon’s LG smart TV runs Google TV, a project discontinued by Google in June 2014 so the "secret" isn't appropriate, although there may be a new secret method. I don't have mine configured to connect to the internet anyway so I'm safe.
Not an issue for me, but it does get me thinking. I am wondering if anyone here is running a vpn natively on their router (especially ddwrt)? Just thinking a solid tunnel lock may avoid some of this getting to the device on your LAN. Remember your TV would sit behind the VPN in this configuration. I know that my using vpns, tor, and VM's has made it so long since I have seen malware damage that I almost don't believe its out there. I know it is of course. Maybe I am just lucky, but with the time I spend on the DW if there is "junk" out there I should be picking it up. Likely due to daily snapshots to clean, which would blow away hiding cooties. Just a thought for those TV's.
I think the problem is primarily in the firmware not the OS. When TVs became IOT devices they entered the market with firmware that lacked all manner of appropriate security. Considering the case at hand, it was the firmware that was locked. The manufacturer has the obligation to secure the firmware or more owners of smart devices will find companies all too willing to charge exorbitant repair charges to reset the device to the factory settings after a successful malware lock down ( which is what LG initially did with Darren Cauthon). If this had not received the twitter outrage treatment, he would have been out a lot of moola or looking at a bricked TV.
What I am doing is connecting IOT devices like TVs, DVD players, Receivers, and the like to their own router (multiple routers actually). My tablets, phones, and PCs are all connected to their own router(s). Call that paranoid if you like, but I sleep better at night.