LG Smart TV Infected with Android Ransomware

Discussion in 'malware problems & news' started by ronjor, Dec 29, 2016.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    59,552
    Location:
    Texas
    December 28, 2016 22:42 by Paul
     
  2. new2security

    new2security Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    497
    This is why I refuse to connect my "smart TV" to the internet. IoT = Worse than an unpatched XP without SPx.
     
  3. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,876
    LOL, in a way ! I posted on here several years ago, about the potential dangers of such device connections to the www etc. I said that they would also need AntiVirus/Malware etc. Well it's proved to be true. Won't be that last either, i'm certain
     
  4. emmjay

    emmjay Registered Member

    Joined:
    Jan 26, 2010
    Posts:
    1,033
    Location:
    Triassic
    Here are the 'secret' instructions that do not appear in the original article ...

    With the TV powered off, place one finger on the settings symbol then another finger on the channel down symbol. Remove finger from settings, then from channel down, and navigate using volume keys to the wipe data/ factory reset option.

    Seems a bit Monty Python, but apparently it gets rid of the ransomware and returns the TV to working order.

    IOT: idiots online thingy
     
  5. daman1

    daman1 Registered Member

    Joined:
    Mar 27, 2009
    Posts:
    1,021
    Location:
    USA, MICHIGAN
    Anyone running smart TV AV? lol :D
     
  6. jwcca

    jwcca Registered Member

    Joined:
    Dec 6, 2003
    Posts:
    748
    Location:
    Toronto
    I tried this with my LG 43UH6100 which I bought a couple of weeks ago and updated it with firmware version 04.30.70 dated 2016-12-01.



    The 'secret' instructions didn't work...

    With the TV powered off,

    using the Remote:

    - press and hold the Settings button (looks like a gear)

    - press and hold the Channel Down rocker control

    - release the Settings button,

    - release the Channel Down rocker control

    TV turned on ready to play HDMI input which is where it was when I turned ot OFF.

    so the following didn't come into play:

    - use the Volume rocker control to select the option to wipe data/ factory reset and press the OK button

    - wait while the operation completes.

    - turn the TV ON and reapply your custom settings



    Now there may be a difference in models or firmware versions.

    Where did you get the information?
     
  7. emmjay

    emmjay Registered Member

    Joined:
    Jan 26, 2010
    Posts:
    1,033
    Location:
    Triassic
  8. jwcca

    jwcca Registered Member

    Joined:
    Dec 6, 2003
    Posts:
    748
    Location:
    Toronto
    That's the difference, mine is new, runs WebOS3 whereas Darren Cauthon’s LG smart TV runs Google TV, a project discontinued by Google in June 2014 so the "secret" isn't appropriate, although there may be a new secret method.

    I don't have mine configured to connect to the internet anyway so I'm safe.
     
  9. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,778
    Not an issue for me, but it does get me thinking. I am wondering if anyone here is running a vpn natively on their router (especially ddwrt)? Just thinking a solid tunnel lock may avoid some of this getting to the device on your LAN. Remember your TV would sit behind the VPN in this configuration. I know that my using vpns, tor, and VM's has made it so long since I have seen malware damage that I almost don't believe its out there. I know it is of course. Maybe I am just lucky, but with the time I spend on the DW if there is "junk" out there I should be picking it up. Likely due to daily snapshots to clean, which would blow away hiding cooties.

    Just a thought for those TV's.
     
  10. emmjay

    emmjay Registered Member

    Joined:
    Jan 26, 2010
    Posts:
    1,033
    Location:
    Triassic
    I think the problem is primarily in the firmware not the OS. When TVs became IOT devices they entered the market with firmware that lacked all manner of appropriate security. Considering the case at hand, it was the firmware that was locked. The manufacturer has the obligation to secure the firmware or more owners of smart devices will find companies all too willing to charge exorbitant repair charges to reset the device to the factory settings after a successful malware lock down ( which is what LG initially did with Darren Cauthon). If this had not received the twitter outrage treatment, he would have been out a lot of moola or looking at a bricked TV.
     
  11. kdcdq

    kdcdq Registered Member

    Joined:
    Apr 19, 2002
    Posts:
    679
    Location:
    Southwestern Massachusetts
    What I am doing is connecting IOT devices like TVs, DVD players, Receivers, and the like to their own router (multiple routers actually). My tablets, phones, and PCs are all connected to their own router(s). Call that paranoid if you like, but I sleep better at night.
     
Loading...