Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Google Security Television

Programmer Finds Way To Liberate Ransomware Affected Smart TV, Thanks To LG (theregister.co.uk) 161

Television production factory LG has saved Darren Cauthon's new year by providing hidden reset instructions to liberate his Google TV from ransomware. From a report on The Register: The company initially demanded more money than the idiot box was worth to repair the TV and relented offering instructions for resetting the telly after Cauthon took to Twitter to express his displeasure. The infection came after the programmer's wife downloaded an app to the TV promising free movies. Instead, it installed the ransomware, with a demand of US$500 to have the menace removed. Cauthon said LG offered factory reset steps which are not publicly revealed nor known to its customer support technicians. He says a family member showed him the TV over Christmas laden with ransomware purporting to be a FBI message bearing a notice that suspicious files were found and the user has been fined.
This discussion has been archived. No new comments can be posted.

Programmer Finds Way To Liberate Ransomware Affected Smart TV, Thanks To LG

Comments Filter:
    • by The-Ixian ( 168184 ) on Tuesday January 03, 2017 @11:08AM (#53597825)

      I am still trying to figure out why the person's profession or skill set even matters in this story?

      "LG gives user unpublished reset instructions" is more appropriate of a title.

      • by TWX ( 665546 ) on Tuesday January 03, 2017 @11:22AM (#53597925)
        Well, a programmer is probably technical enough to understand that the device might have a factory reset function, and if it turns out that the wife is being scapegoated, a programmer is also likely in a position to know enough to be dangerous.

        One of the biggest problems in IT and CIS is the assumption that if one is capable on one's particular field, that one is capable in all fields. This simply isn't true in most examples; most people are jack-of-all-trades or are master of a single discipline, and some are jack-of-all-trades and maybe master of one or two in particular. No one is master of all trades.

        I will agree that the bulk off the summary is crap. It goes off onto a tangent but doesn't adequately flesh-out that tangent.
  • Welcome (Score:5, Insightful)

    by burtosis ( 1124179 ) on Tuesday January 03, 2017 @11:07AM (#53597819)
    Welcome all to a world where you don't own nor are allowed to alter the software on items you purchased outright. Be glad that you can still begrudgingly get the information you need on some products to restore an item to factory condition. Remember, only criminals want to tamper with the perfection companies provide. Want to modify something? Be prepared for jail time.
  • by Fire_Wraith ( 1460385 ) on Tuesday January 03, 2017 @11:09AM (#53597831)
    Twitter seems to be a pretty effective place to take your complaints about a product/company in order to get satisfaction. It's far more likely to get a response, it seems, than other methods like contacting them directly. I suppose the lesson is that companies are eager to quickly (or more quickly) react to potential bad publicity than they are about the complaints of one specific customer.
  • Android bootloader (Score:5, Interesting)

    by Anonymous Coward on Tuesday January 03, 2017 @11:11AM (#53597849)

    FTA: "With the TV powered off, place one finger on the settings symbol then another finger on the channel down symbol. Remove finger from settings, then from channel down, and navigate using volume keys to the wipe data/ factory reset option."

    It sounds like the common procedure to enter the Android boot loader. Anybody wants to "fastboot oem unlock" that TV?

  • by Viol8 ( 599362 ) on Tuesday January 03, 2017 @11:11AM (#53597851) Homepage

    They have no purpose. Most people now simply use TVs as monitors for a set top box and if you need any more functionality simply plug your computer or tablet into a normal TV. Why anyone would pay a significant extra amount of cash for an oversized underpowered android tablet I have no idea.

    • by nasch ( 598556 ) on Tuesday January 03, 2017 @11:31AM (#53598019)

      It will probably get harder and harder to find a TV without these "smart" features. If you don't want them, just don't give the TV your wifi password.

      • by vux984 ( 928602 ) on Tuesday January 03, 2017 @11:45AM (#53598153)

        It will probably get harder and harder to find a TV without these "smart" features. If you don't want them, just don't give the TV your wifi password.

        We are fast approaching a time where the TV will come with built in cellular data, and lifetime subscription (for specific uses). I've already seen several devices that have this scheme... for example a 'cloud punch clock'.

        You might have to enter your wifi password to stream 4k from netflix, but it might send its telemetry, get advertising updates, firmware updates, and its cloud 'siri/cortana/google voice recognition stuff' via a separate always-on cellular network connection.

        The price of the chipset itself is small in a $2000+ TV; and the cost of prepaid data measured at likely less than 500MB per years for 10 years, bought at wholesale for a million TVs at once... well... that's also going to be pretty small.

        Right now the IoT is at least theoretically constrained to our wifi and runs through our firewalls. But we're fast approaching the time where it's just directly connected to the carrier bypassing our home networks entirely.

        Indeed, our home networks themselves may become a nerd relic, the way home servers are. Your computer connects to the cloud, your printer connects to the cloud, your TV connects to the cloud... who needs a LAN? Sure a LAN would be faster... but once its good enough the average user will be happy to forgo having to maintain a home network in exchange for 'it just connects to the cloud'.

        • Nothing a screwdriver and soldering iron can't fix.

        • by nasch ( 598556 )

          That is a bit disturbing as there probably won't be a way to disable that without voiding the warranty. And possibly ruining the device unless you really know what you're doing.

        • by dgatwood ( 11270 )

          We are fast approaching a time where the TV will come with built in cellular data, and lifetime subscription (for specific uses). I've already seen several devices that have this scheme... for example a 'cloud punch clock'.

          The best part, of course, is that "lifetime" will mean "for the expected lifetime of the device", which means that after a few years, they can stop paying for the cellular service and brick the device, forcing you to buy a new one. And even if they don't, the carriers will drop support f

        • Just buy a Roku, it will last longer and is inexpensively replaced if there's newer must-have stuff in the future.

          How do you connect to the "cloud" without a network? Wi-fi is LAN, or are you assuming LAN is only ethernet? Nobody out there is going to give you a free cellular data plan, or any cellular data plan as convenient as broadband.

          • by vux984 ( 928602 )

            How do you connect to the "cloud" without a network? Wi-fi is LAN, or are you assuming LAN is only ethernet?

            I said cellular. I meant cellular.

            Nobody out there is going to give you a free cellular data plan

            Yeah. They will. It's already happening.

            http://www22.verizon.com/whole... [verizon.com]

            "Verizon's Mobility Services include wireless voice, text messaging and wireless data packages for both 3G CDMA & 4G LTE. Adding our Mobility Services to your product suite lets you offer variety in voice and data services that keep your customers productive - at the office and on the go. Additionally, you will retain and grow your customer base with Verizonâ(TM)s Mobility Services as the tech

            • 1GB of data over 5 years isn't going to get you very much television.

              • by vux984 ( 928602 )

                Quite so, but my hypothesis was that that the cellular channel would be for advertising, telemetry, forced software updates, etc. You'd still need to put the TV on your wifi to stream netflix etc.

      • by peragrin ( 659227 ) on Tuesday January 03, 2017 @12:37PM (#53598635)

        Also if you do give the smart tv your wifi password be prepared to block its MAC address at the router if you want it to not connect anymore.

        My samsung tv I gave it the wifi password and ten switched inputs to wired network connections to prevent the tv from getting online. That I thought worked until I checked the router logs one day and noticed the tv was still trying to and sending data via wifi even though it was disabled.

        So I blocked the MAC address of the wifi adapter and no more hidden data to be sent

      • by rhazz ( 2853871 )

        It will probably get harder and harder to find a TV without these "smart" features.

        If you shop at BestBuy and their ilk, sure. Go online, do your research, and order a commercial model. They can even be very similar to the consumer models, but with the bloat removed. My current TV is the commercial version of a consumer model, which means the TV tuner and speakers aren't included. It even cost less.

        • by nasch ( 598556 )

          Well personally I want a TV tuner and speakers with my TV, so that wouldn't work for me. Maybe there are other models with those included though.

      • It will probably get harder and harder to find a TV without these "smart" features. If you don't want them, just don't give the TV your wifi password.

        I've heard of TVs sniffing around for open access WiFi connections. So if any of your neighbors has open WiFi, or the coffee shop at the end of the street offers free public WiFi, your TV could be connecting anyway. And don't forget, the GPS in the TV will let them know where you live, so it won't give you any anonymity either.

        I really think it is worth the extra money to get a non-smart TV if you can find one.

        • by nasch ( 598556 )

          Quite right, it could still report quite a bit of information. At least it wouldn't have access to your home network though.

        • I really think it is worth the extra money to get a non-smart TV if you can find one.

          I agree. But how does one know for certain if the TV really is not smart or if it's just playing dumb?

      • Don't plug in the Ethernet cable/give it your WiFi password. Smart TV becomes dumb again.

      • And if there is some dumb arse in an apartment nearby that has an open and unsecured wifi access point?

        And lets not forget the possibility that these devices are just passively scanning wifi nets and running basic cracking techniques against secured spots. Dictionary scans, then trying keys with a-z, A-Z and then harder keys. They can keeps this up the entire time it's in standby mode. The device just sits there.

        Now, if they would just mine bitcoins passively and with low power consumption, they would actua

    • by mi ( 197448 ) <slashdot-2017q4@virtual-estates.net> on Tuesday January 03, 2017 @11:36AM (#53598073) Homepage Journal

      Don't buy a smart TV. They have no purpose.

      They offer, what the manufacturer believes you want in one package.

      I too would rather just buy a nice 65" monitor — because I have a capable set-top box running my IPTV apps and a nice surround-sound setup already — but there aren't any good ones for sale. Or, rather, there are, but they all have the "smart TV" built into them — and I am as annoyed about paying for the "smart" features and the extra hardware they require (USB-readers and WiFi), as people used to be about paying the "Microsoft Tax".

      But there is no alternative at the moment. Which means, people like me (and you) are a tiny minority... I guess, it would cost the manufacturers more to make and ship the separate models without these add-ons, than to simply bundle it all in.

      • There are alternatives, but you have to look for them. You won't find them at the mass market big box store, and certainly not on prominent display.

        • by mi ( 197448 )

          There are alternatives, but you have to look for them

          Citation needed. Do give an example of a 4K-capable 65" monitor, that costs significantly less than $1200 [amazon.com] without the "Smart" features (and, preferably, without built-in speakers as well).

    • by tacroy ( 813477 )
      I dunno, my sister really enjoys that her tv can play netflix without needing a separate "thing".
    • Easier said than done. I've been looking for a 40" 1080p LED TV without smart tv that comes from a major manufacturer and have been coming up fairly empty.

    • by myowntrueself ( 607117 ) on Tuesday January 03, 2017 @12:39PM (#53598647)

      They have no purpose. Most people now simply use TVs as monitors for a set top box and if you need any more functionality simply plug your computer or tablet into a normal TV. Why anyone would pay a significant extra amount of cash for an oversized underpowered android tablet I have no idea.

      Yet a 50+" monitor costs a LOT more than a 50" TV. Even more than a smart TV. A 55" monitor costs about $1400, at the low end. A 55" smart TV costs about $450 (going by Amazon).

    • Where I'm at, Internet through the satellite and is metered, but 4Glte through my phone isn't, so anything that gets to the TV from the internet goes through my Android phone, with anti-virus software installed on it first. The whole concept of a smart TV just seems weird.

    • Why would I want to connect a computer, be it a desktop, laptop, or a tablet (really?) into my television just to watch hulu or netflix, or listen to pandora or spotify? It is overkill, requires yet another device, and costs me more. It isn't any more convenient either.
    • by antdude ( 79039 )

      But where do we buy a new dumb TV these days? :(

  • Comment removed (Score:5, Informative)

    by account_deleted ( 4530225 ) on Tuesday January 03, 2017 @11:19AM (#53597895)
    Comment removed based on user account deletion
  • by mi ( 197448 ) <slashdot-2017q4@virtual-estates.net> on Tuesday January 03, 2017 @11:19AM (#53597901) Homepage Journal

    ransomware purporting to be a FBI message a notice that suspicious files were found and the user has been fined.

    That people believe such "warnings" in large enough numbers to make it worthwhile for the crooks to make them, is a sign, that FBI has an image problem.

    It is an organization we fear, rather than one we trust (such as to hunt the scammers down). And they had this image problem for so long now, one can begin suspecting, it is not just a perception...

    • by c ( 8461 )

      That people believe such "warnings" in large enough numbers to make it worthwhile for the crooks to make them, is a sign, that FBI has an image problem.

      Ironically, the same people that fall for these scams usually think nothing of ignoring the FBI warnings that play at the beginning of movies...

      • by fedos ( 150319 )

        The thing is that ransomware doesn't just flash a warning: it prevents you from using your device. This isn't just people falling for a fake FBI image; it's people desperate to get back their expensive hardware (and possibly files).

        The scam would work just as well if the ransomware flashed a legitimate-sounding, but fake, name for a government organization.

      • If you illegally torrent your movies, I doubt you'll see the FBI warnings. Another advantage of copyright violation: you can get a superior product. This is preaching to the choir when you're positive the sinners who need the sermon are not in the church.

    • by zifn4b ( 1040588 )

      It is an organization we fear, rather than one we trust (such as to hunt the scammers down). And they had this image problem for so long now, one can begin suspecting, it is not just a perception...

      You're veering off-topic but if you do a relatively small amount of research into the topic including Gallup polls [gallup.com], you find that social trust in the United States has plummeted for many years and the latest generation, the Millennials, have the lowest social trust. It's been gradually declining: Silent > Boomers > Gen X > Millenials. If you really care about this issue do your research because it's going to take a monumental effort to change the course of our culture. We're essentially devolvin

      • A monumental effort on who's part? It seems to me that this monumental effort would have to be on the part of the politicians and government workers. But how likely is this? Especially with Trump coming into office.

        • Especially with Trump coming into office.

          Trump is fairly unique — though sometimes compared to Reagan, he is different from him in many ways too. So, it would seem, that it was other kinds of politicians, who got the country into its current state of social distrust. Whether Trump will help alleviate the problem or not, making such nasty predictions about him as you just did reveals nothing, but your own hateful partisanship.

        • Why would politicians care about what people think of them? They get elected over and over again. Most people can't stand politicians, but their own isn't too bad, it is everyone else's that is horrible.

          I don't know about you, but I am pretty sure that there is good reason to NOT believe government agencies (like the FBI) are not fully working FOR the American people.

        • Especially with Comey running the FBI. A lot of people I run into are either upset at him for his information release days before the election, or upset at him because they think he lied to help Clinton escape prosecution (I couldn't find a case of unintentional mishandling of classified material in my search that resulted in criminal prosecution, BTW).

      • We Boomers rocked,

        Rubin's appearance before the House Un-American Activities Committee (HUAC) hearings is a good example of the Yippies emphasis on conducting political protest as theater, and creating as much attention as possible to their dissent by turning it into a spectacle. Rubin was subpoenaed by HUAC in Washington but instead of pleading the Fifth Amendment as was common, he entered the room dressed in a rented 18th-century American Revolutionary War uniform, proudly claiming to be a descendant of

        • by zifn4b ( 1040588 )

          We Boomers rocked,

          Rocked in what sense? Mastering the art of charlatanism? The majority of Boomers were not very well educated because their journey of self growth and exploration so much more important maaaan to the point that they ditched formal education. When it became apparent to you that was not a sustainable way to live in a socio-economic system, you realized you actually needed to get a decent job but didn't have skills nor the means to pay for education. You didn't want to lower your standards to the bottom run

          • Rocked in what sense? Mastering the art of charlatanism?

            Bingo! Trump, Clinton and Sanders, the millennials are still falling for that crap! Global Warming, Affordable Healthcare Act, Russian Hackers, need I go on.

            • by zifn4b ( 1040588 )

              Rocked in what sense? Mastering the art of charlatanism?

              Bingo! Trump, Clinton and Sanders, the millennials are still falling for that crap! Global Warming, Affordable Healthcare Act, Russian Hackers, need I go on.

              Um you need to check your facts here. Bernie Sanders is in Silent generation. Trump is BARELY in the Boomer generation. The silent generation went through 1945, Trump was born in 1946. Hillary is also barely in the Boomer generation but moreso than Trump being born in 1947.

              Better examples would be Jamie Dimon, John Stumpf, Jordan Belfort, Jeff Bezos, Steve Ballmer etc. Those are the kind of droids you're looking for.

    • ransomware purporting to be a FBI message a notice that suspicious files were found and the user has been fined.

      That people believe such "warnings" in large enough numbers to make it worthwhile for the crooks to make them, is a sign, that FBI has an image problem.

      I disagree. It's really a people problem, such as people not understanding technology very well. I know a guy who is a blue collar worker and he can barely use a PC enough to read and send email and surf the web. He has admitted to me that he's clicked on one of those "We've found a virus on your PC. Click here to pay for our scanning program to save your PC!" popups and sent money to those people. People often don't understand the technology well enough to know what's real and what isn't and they're o

      • by mi ( 197448 )

        I disagree. It's really a people problem, such as people not understanding technology very well.

        My point was not about scamware in general, but rather a subset of it, that purports to be FBI. You don't need to understand technology to trust a law-enforcement agency to not accuse you, if you've done nothing wrong. Frightening victims with such accusations should be a net-loss for scammers — some of us may, indeed, get scared, but most should, upon seeing a reference to FBI, relax: "FBI? They'd never ma

      • It's also a problem with technical devices behaving differently from earlier devices. Until cars became computerized, I wasn't going to find that driving past a particular billboard or tuning to a particular radio station would cause problems with it. I could understand what was a threat to the car, and what sort of threat it represented, by a very basic knowledge of the mechanics involved. It was fairly easy to tell whether X was a threat to Y, and what sort of threat it was.

        Fast forward to when visi

    • People have always feared law enforcement. The FBI's reputation has little (if anything) to do with it. The ransomers just just as easily have said INTERPOL, except that too few people have heard of them.
    • by wbr1 ( 2538558 )
      The FBi has had an image problem since COINTEPRO or since he first dreamed of Tolson's schlong.
  • Let's remember that Google TV has been discontinued. Now it is Android TV, and if I don't get it wrong LG newer TV's now ship with WebOS. So, there is Ramsonware for the unsupported old Google TVs ? And I thought that having a discontinued OS that you can not update on a TV was bad enough.
  • Not Simple (Score:4, Informative)

    by freeze128 ( 544774 ) on Tuesday January 03, 2017 @11:33AM (#53598039)
    I have an LG smartphone, and I can tell you that the procedure for getting into the recovery is not as simple as other brands of phones (e.g., HTC). Usually, you would just hold down a button while the device powers on and boots up. With the LG device, you have to hold the button down until it STARTS to boot, then release the button, and then press it again. The timing is critical, and it doesn't often work the first time.

    With the television, you have even more buttons to worry about, so trial and error would take a very long time.
  • Why is it that you can call Sony and they can tell you similar steps to get into safe mode on your PS3/PS4 and do the equivalent and their front line customer support is educated enough to help you with this but LG not so much?
  • by account_deleted ( 4530225 ) on Tuesday January 03, 2017 @02:02PM (#53599299)
    Comment removed based on user account deletion
    • It probably isn't malice, it probably just didn't occur to them. My in-laws were showing me their new WiFi thermostat/security camera system. It would not surprise me if there is no clear way to reset it if it were to be compromised by malware... I look at all that stuff and feel like Adama from Battlestar Galatica refusing to network his computers...
  • by FudRucker ( 866063 ) on Tuesday January 03, 2017 @05:48PM (#53600935)
    customers should be allowed to do factory resets on their televisions, WTF is wrong with LG, that info should be in the documentation that comes with every new television sold!!!
    • Says you. What if the factory reset makes the TV unusable or crippled without doing something requiring special tools or knowledge? What if it's an attack vector? I'm not claiming that these would be well-designed TVs, just that they could happen. IIRC, LG provided a reset procedure that they thought adequate against the threat models when the set was designed, but which didn't get around the malware.

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling

Working...