And we'll be right back after these messages... and ransomware

Ransomware, as we know it, are pieces of malware that lock up a computer's files and then try to extort money from the victim in order to set their files free. As the malware's system evolves, there have been recorded instances already where Android phones even take part in the action. And today, these unwanted programs have traversed into the living room, infecting the television.

A mobile ransomware called "FLocker" has been active for well over a year now, infecting mobile devices and tricking victims into paying a certain amount. However, a recent research by Trend Micro has discovered that there is a new variant of the malware, which can now infect smart TVs that run the Android operating system.

The new variant pretends to be US Cyber Police or a similar law enforcement agency. With this, the ransomware accuses the victim of some crime they did not commit, then demands $200 worth of iTunes gift cards. "Based on our analysis, there are no major differences between a FLocker variant that can infect a mobile device and one that affects smart TVs," according to Trend Micro.

Once the malware is installed on a host device, it gains the ability to avoid static analysis. It will then ask for admin privileges as soon as it is executed. If a user rejects the prompt, the malware will freeze the television's screen. If administrative privileges are granted, FLocker will then connect to a command-and-control center (C&C).

The C&C will then drop a new payload called "misspelled.apk" as well as the “ransom” HTML file with a JavaScript (JS) interface enabled. The HTML file reportedly has the ability to initiate installation of the APK file, take photos of the victim using the JS interface, and then display these images on the ransom page.

"While the screen is locked, the C&C server collects data such as device information, phone number, contacts, real time location, and other information," Trend Micro states. "These data are encrypted with a hardcoded AES key and encoded in base64."

Trend Micro suggests victims to contact the maker of their TV if ever they are infected. Moreover, the company suggests enabling ADB debugging, by connecting their device to a PC and then launch the ADB shell, executing the command “PM clear %pkg%”. According to the firm, this unlocks the screen and grants victims access to the Android interface. They can then deactivate the admin privileges granted to FLocker, and finally uninstall the app, ridding the malware out of the tube.

Source: Trend Micro via On The Wire | Image via Trend Micro

Report a problem with article
windows-store-tiles-01
Next Article

The Windows Store is down for many Windows 10 users around the world [Update]

ck2ep8sukaa1zth
Previous Article

Besides 4K and HDR support, the Xbox One S might also bring better game performance [Update]

37 Comments - Add comment

Comments are closed

The comments on this article have been closed by our moderators. Further discussion about this article can be done so on our forums.

Visit our forums »

This is why I'm done with "smart" tech. It's stupid enough already that we have everyday tech that requires an OS, let alone requires an anti-virus. Welcome to the Internet of ****. Next up, ransomeware on your Samsung smart fridge.... 

Edited by Dot Matrix, Jun 14 2016, 8:15am :

This is why I'm done with "smart" tech. It's stupid enough already that we have everyday tech that requires an OS, let alone requires an anti-virus. Welcome to the Internet of ****. Next up, ransomeware on your Samsung smart fridge.... 

and washing machines that demand a ransom to free your washing :s

This is why I'm done with "smart" tech. It's stupid enough already that we have everyday tech that requires an OS, let alone requires an anti-virus. Welcome to the Internet of ****. Next up, ransomeware on your Samsung smart fridge.... 

At the time I was totally convinced I had to have one of these. In the cold day of light. I only use it for Netflix and on demand because my cable on demand is utter poo. And I am better off watching it on the TV. Although that is the only time that I use the Internet on the TV.

So it needs that the users to root the device and install an apps from outside of the store. It sounds pretty niche, and if you are even smart to do that, you are smart to not to install fishy apps from everywhere.

For me, its the typical FUD.

Quote

The HTML file reportedly has the ability to initiate installation of the APK file

well, certain it never learned the history from Microsoft IE4 (or was it IE5?) javascripts/vbscripts that able to tell the OS to start the execution of .EXE files....

Heh. It'll lock your laundry in the machine. " data-emoticon="" src="//neowin.s3.amazonaws.com/forum/uploads/emoticons/default_tongue.png" title=":p" />

Not a joke.

My Samsung (not internet connected) front loading washing machine locks the door when it's running. Once it did forget to unlock and needed a few power cycles before it released it.

Yeah I have a friend who got the 'Canadian' variant of that ransomware. It's decently easy to erase on an android tablet, but I assume a TV's interface'd be different...

How does one install this on a TV? Surely these televisions are locked down? I've got an Sony TV with Android integrated into it and aside from a handful of apps picked by Sony, I can't install anything from the play store. Unless there was a worm or something that looks for security vulnerabilities on said TVs. Sounds like you'd have to go pretty out of your way to get infected.

Who stores valuable files on their TV !!!

This time around, the ransomware only decides to lock up the device, out from a user's control. As it said, it only accused the user of some crime, which mostly likely is child pornography, and that's where the malware's system revolves. It doesn't encrypt any files.

Who stores valuable files on their TV !!!

Well the other thing it can do is take control of the TV and photograph the victim. The photos are then included on the ransom screen. Said photos might be embarrassing or incriminating, so that might be motivation for paying the ransom--not to free up stored files on the TV.

"the ransomware accuses the victim of some crime they did not commit, then demands $200 worth of iTunes gift cards."

That's hilarious, why would anyone pay that. How can someone be that stupid?

And this is a good reason to never buy smart devices... The manufactures wont keep them updated and patched and end users will find a way to get infections...

Then again from a sheer entertain aspect of watching people freak out from there smart microwaves refusing to stop cooking to smart toilets refusing to flush until the ransom is paid could be entertaining... lol

2 hours ago, Bamsebjørn said:

My washing machine decided to upgrade to Windows 10 while I was streaming a very important program. It said all my clothes would remain where they were, but after the upgrade I was missing several socks and gained a strangers underwear.

Left out that your wife/girlfriend found the stranger's underwear ... accused you of cheating ... left you ... thus Windows 10 ruined your life. :)

 

8 minutes ago, purrcher said:

And this is a good reason to never buy smart devices... The manufactures wont keep them updated and patched and end users will find a way to get infections...

Then again from a sheer entertain aspect of watching people freak out from there smart microwaves refusing to stop cooking to smart toilets refusing to flush until the ransom is paid could be entertaining... lol

Getting increasingly harder to not buy "smart" devices ... such as TVs.

Edited by jjkusaf, Jun 14 2016, 10:06am :

Getting increasingly harder to not buy "smart" devices ... such as TVs.

Not even close to "getting increasingly harder to not buy smart devices" especially a tv!

Just recently bought 3 tv's and none of them are smart. Store had a ton of non smart tv's in stock.

Never even considered a smart tv while shopping for the tv's I bought also.

It today's world, smart = dumb!!

Hopefully, there wasn't anyone that didn't see this kind of stuff coming?

5 minutes ago, jjkusaf said:

Left out that your wife/girlfriend found the stranger's underwear ... accused you of cheating ... left you ... so Windows 10 ruined your life. :)

 

Getting increasingly harder to not buy "smart" devices ... such as TVs.

Agreed. Good thing used is an option and so is not connecting the devices ( though that means if any patches are released they can't be installed unless they can be installed through usb port ).

5 hours ago, Dot Matrix said:

This is why I'm done with "smart" tech. It's stupid enough already that we have everyday tech that requires an OS, let alone requires an anti-virus. Welcome to the Internet of ****. Next up, ransomeware on your Samsung smart fridge.... 

Most of these depend on the end user being ignorant. 

14 minutes ago, frett said:

Well the other thing it can do is take control of the TV and photograph the victim. The photos are then included on the ransom screen. Said photos might be embarrassing or incriminating, so that might be motivation for paying the ransom--not to free up stored files on the TV.

Do they really have webcams on TVs now?

A lot of TVs that aren't branded "Smart" TVs also have an OS. For instance, my Sharp Aquos set uses BusyBox as its OS. BusyBox is used by a lot of routers but Sharp also uses it for their TVs. Well, I suppose some wouldn't consider it an OS, but it's basically a stripped down version of Linux. 

Edited by DeusProto, Jun 14 2016, 2:20pm :

Fridge, TV, thermometer, microwave, washing machine, phone, watch. More or less most of the household things you have that are digital and 'smart' can be affected with ransomeware. Inb4 my toilet won't flush or wash my butt if not regurgitate my fecal matter back at me if I don't give it Steam gift cards. Don't you just love the digital age?

Why even buy a smart TV? For the difference from the same size model without the smartphone/tablet guts, you could get a Roku, an Apple TV, a Nexus Player, or something similar, and have it be portable, and it gets updates (ostensibly), and it's just better overall. I've used smart TVs and I haven't been impressed by one yet. I've been happy with Chromecast (Gen.1) and Nexus Player. If you can get Kodi on it (like you can on the NP), you're pretty much good to go.

Can an iPhone get ransomware? Because I just switched to one (the 6s) a couple months ago. I know everything is sandboxed (which is good and bad) and that they get fast updates — I had iOS 9.3.2 within a couple hours of it being released. I still love Android and generally prefer to use it (any time my wife needs something done on her Droid Turbo 2, it's generally a joy to work with), but I don't think Google takes security very seriously, and I know they don't give a flip about privacy. For the latter, I think you have to know what Google is and how they make money if you choose an Android phone. And that's okay because they provide a good service, at least to some people (and certainly me for six years). But they really need to work on the security. "It's fixed in the next version, buy a new phone" should not be a valid answer. Of course, Google not profiting off the majority of Android phone sales (but rather, the app sales) and not having a hand in updating them, is why I'm in Apple's camp now. The same company makes the phone and the software, and as an added bonus they don't give the updates to China first, the rest of the world later, and the US months later like most Android OEMs. One update for anyone who wants it, seems like a better policy to me. I mean, if one iOS update can update, like, a dozen and a half phones, tablets, and iPods... and Windows updates can update hundreds of thousands of PC configurations (if not millions!) then why the bloody hell do Android updates start in California, but go out to the Chinese first, then the rest of the world, then other American carriers, then Big Red usually dead last? What kind of crap is that? Crap I decided I'm not going to put up with anymore, and maybe you shouldn't, either.

26 minutes ago, dragontology said:

Why even buy a smart TV? For the difference from the same size model without the smartphone/tablet guts, you could get a Roku, an Apple TV, a Nexus Player, or something similar, and have it be portable, and it gets updates (ostensibly), and it's just better overall. I've used smart TVs and I haven't been impressed by one yet. I've been happy with Chromecast (Gen.1) and Nexus Player. If you can get Kodi on it (like you can on the NP), you're pretty much good to go.

Can an iPhone get ransomware? Because I just switched to one (the 6s) a couple months ago. I know everything is sandboxed (which is good and bad) and that they get fast updates — I had iOS 9.3.2 within a couple hours of it being released. I still love Android and generally prefer to use it (any time my wife needs something done on her Droid Turbo 2, it's generally a joy to work with), but I don't think Google takes security very seriously, and I know they don't give a flip about privacy. For the latter, I think you have to know what Google is and how they make money if you choose an Android phone. And that's okay because they provide a good service, at least to some people (and certainly me for six years). But they really need to work on the security. "It's fixed in the next version, buy a new phone" should not be a valid answer. Of course, Google not profiting off the majority of Android phone sales (but rather, the app sales) and not having a hand in updating them, is why I'm in Apple's camp now. The same company makes the phone and the software, and as an added bonus they don't give the updates to China first, the rest of the world later, and the US months later like most Android OEMs. One update for anyone who wants it, seems like a better policy to me. I mean, if one iOS update can update, like, a dozen and a half phones, tablets, and iPods... and Windows updates can update hundreds of thousands of PC configurations (if not millions!) then why the bloody hell do Android updates start in California, but go out to the Chinese first, then the rest of the world, then other American carriers, then Big Red usually dead last? What kind of crap is that? Crap I decided I'm not going to put up with anymore, and maybe you shouldn't, either.

Why do all that when you can have one device that does all of those things without need for extra cords, components, etc? I find it far more appealing to have a single TV mounted to the wall than have to also worry about components connecting to it and where I will put them to make it look nice. 

 

14 hours ago, Rigby said:

"the ransomware accuses the victim of some crime they did not commit, then demands $200 worth of iTunes gift cards."

That's hilarious, why would anyone pay that. How can someone be that stupid?

Cheaper than a new television I guess.

 

I don't get what people do with "Smart" TVs.  A television's entire job is to display content from other connected devices and give you some basic options to adjust the quality of picture and sound, like a bigger/fancier computer monitor.  Having a full blown OS that is connected to the internet built right into your television stands to fragment the market because all of a sudden users of one brand of television are running an older version of Android than users of this other brand of television, and this brand of television comes pre-loaded with all sorts of unnecessary crapware and adware, when at the end of the day all I need is something to take input from my PS4 or my PC or whatever and display that to me.  If my PS4 or my PC gets bricked, I've got several other devices I can connect to this television and still enjoy my content.  If my television gets hacked, all the devices in the world won't do me any good because I have nothing to connect them to.  I'll let those other devices worry about my programming and connecting to the internet.  I wonder if there's a way to boot a Smart TV into recovery mode and reload the factory firmware, or if manufacturers have that ability disabled.

 

I dono, maybe it's bad habits that carry over from my few years as a network/system administrator, but I like to compartmentalize things.  If you rely too heavily on one thing to do too many tasks, then you are creating a single point of failure and when that one device fails, you've lost everything.

12 minutes ago, Gerowen said:

 

Cheaper than a new television I guess.

 

I don't get what people do with "Smart" TVs.  A television's entire job is to display content from other connected devices and give you some basic options to adjust the quality of picture and sound, like a bigger/fancier computer monitor.  Having a full blown OS that is connected to the internet built right into your television stands to fragment the market because all of a sudden users of one brand of television are running an older version of Android than users of this other brand of television, and this brand of television comes pre-loaded with all sorts of unnecessary crapware and adware, when at the end of the day all I need is something to take input from my PS4 or my PC or whatever and display that to me.  If my PS4 or my PC gets bricked, I've got several other devices I can connect to this television and still enjoy my content.  If my television gets hacked, all the devices in the world won't do me any good because I have nothing to connect them to.  I'll let those other devices worry about my programming and connecting to the internet.  I wonder if there's a way to boot a Smart TV into recovery mode and reload the factory firmware, or if manufacturers have that ability disabled.

 

I dono, maybe it's bad habits that carry over from my few years as a network/system administrator, but I like to compartmentalize things.  If you rely too heavily on one thing to do too many tasks, then you are creating a single point of failure and when that one device fails, you've lost everything.

That is your opinion. 

 

What do I do with mine?

 

Lets see. Netflix, Amazon, HBO Go, and StarzPlay and DLNA. Newer ones have more features.  Why have multiple devices if you don't have to?

Edited by adrynalyne, Jun 15 2016, 12:05am :

it comes off as no surprise that the machinery we use today will be able to interconnect with each other and in the Internet as well to the cloud in the future... no wonder if we plug a USB fridge or we hack the wireless iron:)

2 hours ago, cork1958 said:

Not even close to "getting increasingly harder to not buy smart devices" especially a tv!

Just recently bought 3 tv's and none of them are smart. Store had a ton of non smart tv's in stock.

Never even considered a smart tv while shopping for the tv's I bought also.

It today's world, smart = dumb!!

Hopefully, there wasn't anyone that didn't see this kind of stuff coming?

Increasingly harder doesn't mean nor did I intend for it mean that you can not obtain a "dumb" TV.  It purely meant that Smart TVs are starting to greatly outnumber dumb TVs (this is especially true in the newer 4K and OLED type) 

 

Take Samsung for example, 57 out of their 65 TVs are "Smart".  LG, 76 out of 95 are "Smart".  It appears that all 13 Sony TVs are "Smart".  Best Buy, if you want a 4K ... you'll have a choice of 112 TVs with 107 of them being "Smart"....and 162 out of a 216 TVs listed are Smart.  Please note, the Best Buy total removed 35 outdoor speciality TVs.  

 

I picked Best Buy/Samsung/LG/Sony because they were the easiest to filter ... so I wouldn't have to go through and count each one (looking at you Panasonic).

 

That is all I'm saying ... the number of Smart TVs, especially 4K/OLED, heavily outnumber "dumb" TVs.  I didn't say you couldn't buy "dumb" TVs...because you obviously can.  

Edited by jjkusaf, Jun 15 2016, 9:08am :
23 hours ago, adrynalyne said:

Why do all that when you can have one device that does all of those things without need for extra cords, components, etc? I find it far more appealing to have a single TV mounted to the wall than have to also worry about components connecting to it and where I will put them to make it look nice. 

I made that same argument on iMore yesterday in defense of phones with an IR blaster. Like, why should I have, you know, I'm in my recliner watching TV, and I have my wireless keyboard/trackpad (Logitech K400, they're really great), my phone, my water bottle, whatever I'm nomming on... why should I also have a remote when my phone has an IR blaster? Well, my last phone did — HTC One M8. My iPhone doesn't, but I kind of miss the feature. (Now I use Unified Remote which requires a program on the computer, but it doesn't help me change the volume of the TV.) So yeah, you got a point.

 

Well, as for me, I don't have a smart TV, and the cost of getting a smart TV on top of the cost of the TV I just bought makes the $40 I paid for the Nexus Player and the $35 for the Chromecast negligible. But if you already have a smart TV, I guess it depends upon how good it is. The one we used at the hotel was complete and utter crap. Like laughably bad. Now, I don't know if smart TVs running Android can get to the Play Store. Do the Netflix, Hulu, YouTube etc apps get updated? Can you add more apps? And obviously you can't upgrade things like the processor and the memory — your TV will probably outlast the smart component, and the external devices will seem better and better as the years go on. Or do you think the smart component will work just as well as it did when you bought the TV? (I'm not saying it won't. It could very well be, but that's not my experience with computers, smartphones, game consoles, and the like.)

20 minutes ago, dragontology said:

I made that same argument on iMore yesterday in defense of phones with an IR blaster. Like, why should I have, you know, I'm in my recliner watching TV, and I have my wireless keyboard/trackpad (Logitech K400, they're really great), my phone, my water bottle, whatever I'm nomming on... why should I also have a remote when my phone has an IR blaster? Well, my last phone did — HTC One M8. My iPhone doesn't, but I kind of miss the feature. (Now I use Unified Remote which requires a program on the computer, but it doesn't help me change the volume of the TV.) So yeah, you got a point.

 

Well, as for me, I don't have a smart TV, and the cost of getting a smart TV on top of the cost of the TV I just bought makes the $40 I paid for the Nexus Player and the $35 for the Chromecast negligible. But if you already have a smart TV, I guess it depends upon how good it is. The one we used at the hotel was complete and utter crap. Like laughably bad. Now, I don't know if smart TVs running Android can get to the Play Store. Do the Netflix, Hulu, YouTube etc apps get updated? Can you add more apps? And obviously you can't upgrade things like the processor and the memory — your TV will probably outlast the smart component, and the external devices will seem better and better as the years go on. Or do you think the smart component will work just as well as it did when you bought the TV? (I'm not saying it won't. It could very well be, but that's not my experience with computers, smartphones, game consoles, and the like.)

Well of course it was bad. Hotels pick bottom of the barrel. 

5 hours ago, adrynalyne said:

Well of course it was bad. Hotels pick bottom of the barrel. 

And so, invariably, will some consumers. Is anyone really reviewing smart TVs? I'd rather spend the $100 difference (if that's still what it is) on a bigger screen (because bigger is always better with TVs) and use that money for something modular, something portable.

 

Actually for me it's a completely moot point as I have my computer sitting right between my TV and my monitor, so the TV's the second monitor. Having an HDTV trumps any set-top box or smart TV, any day of the week. Literally all the options. Wins by default. Your smart TV can't play Fallout 4, now can it? Or whatever game you like.

 

Anyway, I'm not trying to sell you on a different solution. I just personally never thought smart TVs were a great idea. Probably because my TV's always been part of my computer, at least ever since the HDTV generation, and HDMI. Though even way back when, I never had a TV growing up as a kid. What I did have was a Commodore Amiga 1000, and the monitor for that had the red-white-yellow, I guess RCA inputs? So I had my Super NES hooked up and I could switch between the computer and the Nintendo with ease. Could have ran cable to it or a VCR; my father had done both when it was his computer. So for me, a television has always just been another display for my computer, or, at one point when I was between monitors, my first HDTV was my only monitor. (So why'd I get the Chromecast? Peer pressure, literally. The Nexus Player? I thought it would be cool. And it really is. And it was on sale. Put it on that old 32" in the bedroom. And it's neat.)

4 hours ago, dragontology said:

And so, invariably, will some consumers. Is anyone really reviewing smart TVs? I'd rather spend the $100 difference (if that's still what it is) on a bigger screen (because bigger is always better with TVs) and use that money for something modular, something portable.

 

Actually for me it's a completely moot point as I have my computer sitting right between my TV and my monitor, so the TV's the second monitor. Having an HDTV trumps any set-top box or smart TV, any day of the week. Literally all the options. Wins by default. Your smart TV can't play Fallout 4, now can it? Or whatever game you like.

 

Anyway, I'm not trying to sell you on a different solution. I just personally never thought smart TVs were a great idea. Probably because my TV's always been part of my computer, at least ever since the HDTV generation, and HDMI. Though even way back when, I never had a TV growing up as a kid. What I did have was a Commodore Amiga 1000, and the monitor for that had the red-white-yellow, I guess RCA inputs? So I had my Super NES hooked up and I could switch between the computer and the Nintendo with ease. Could have ran cable to it or a VCR; my father had done both when it was his computer. So for me, a television has always just been another display for my computer, or, at one point when I was between monitors, my first HDTV was my only monitor. (So why'd I get the Chromecast? Peer pressure, literally. The Nexus Player? I thought it would be cool. And it really is. And it was on sale. Put it on that old 32" in the bedroom. And it's neat.)

 

I I guess I could see your point if I was setup like a bachelor, but I am not. And your monitor cannot play fallout4 either. Your computer can, my ps4 hooked to my smart TV can. 

Edited by adrynalyne, Jun 16 2016, 10:18am :

Comments are closed

The comments on this article have been closed by our moderators. Further discussion about this article can be done so on our forums.

Visit our forums »

Advertisement