Good Job Team: New TVs Are Vulnerable To Malware, Viruses

5 years ago

June 18, 2019 at 5:00 am

Welcome to Hell, where our TVs get infected with ransomware and viruses.

If this sounds like a horrifying thought, Samsung would like to remind you that, yes, your TV is just as vulnerable to random popad ads from porn as every other device. The company’s official support account on Twitter today put out a little notice showing everyone how you can run an anti-virus scan on your TV, because it’s 2019 and this is something we have to all actively think about now.

https://twitter.com/SamsungSupport/status/1140409768743452672

Unsurprisingly, Samsung’s handy reminder was not welcomed with open arms.

if your TV needs a virus scanner you fucked up pretty bad

— Internet of Shit (@internetofshit) June 17, 2019

https://twitter.com/TinehAgent/status/1140457116135645184

Aren’t your operating systems based on Linux? Do you just give root access to whoever asks for it on whatever device? Why am I having to worry about the security for an operating system that requires me to enter my root password to install anything?

— Misinko (@Mr_Misinko) June 17, 2019

Please just make dumb TVs instead.

— mndrue (@mndrue) June 17, 2019

https://twitter.com/geeknik/status/1140484307640868864

Not sure where to start… that this is needed in the first place, or that it isn’t done automatically. And could a virus subvert this scan? This TV isn’t sounding so “smart” or “intelligent” #InternetOfShit

— Ken Brucker (@KnBrckr) June 17, 2019

https://twitter.com/Taco_Lad/status/1140479261595226112

I feel bad for the Samsung Support team. They’re just doing their job, trying to help, although interactions like this one weren’t received too well.

ROOOOOOOOOFL pic.twitter.com/yuwQdlSCEd

— Parity Account (@JerpaDerpa) June 17, 2019

And best intentions don’t pan out so well when they stop your TV from using, uh, Netflix:

Just wait until it starts proving its value by protecting you from highly malicious code, such as … *checks notes* … the HDMI CEC library.https://t.co/FhjgCZRKtM

— Jeremi M Gosney (@jmgosney) April 19, 2019

If anything else, the general sentiment was that, collectively, we have enough devices in our lives that require careful management.

love to have to do infosec on the fucking teevee

— Duke ‘Burrito Haver’ Zero (@DukeZer0) June 17, 2019

Comments

31 responses to “Good Job Team: New TVs Are Vulnerable To Malware, Viruses”

READ THE COMMENTS

darren

June 17, 2019 at 3:35 pm

Dumb TV and a Chromecast works pretty well for me.

Reply
m2d2

June 17, 2019 at 3:39 pm

yeah i think ill stick with dumb tvs thanks.

Reply
1. stormo
  
  June 17, 2019 at 7:26 pm
  
  Just hope your TV never breaks down. It’s basically impossible to buy a dumb TV anymore. Even my base-tier 50″ Sony has the utterly useless “Android TV” on it. All it seems to do is update itself occasionally, forcing me to wait five minutes before I can actually use the TV.
  
  At least it has the courtesy to update at power-on rather than while I’m actually watching it, I guess.
  
  Reply
  1. m2d2
    
    June 17, 2019 at 8:01 pm
    
    Might have to go with one of those ‘not so good’ brand tvs perhaps? Or simply deny it wifi access?
    Its a problem for future me i suppose.
    
    Reply
    1. alexwalker
      
      June 18, 2019 at 9:14 am
      
      The not so good TV’s would be worse. They’re all smart TVs now, so everything will have an attack vector if it’s connected. Sob.
      
      Reply
      1. m2d2
        
        June 18, 2019 at 5:47 pm
        
        guess no wifi access is the only option.
namiwakiru

June 17, 2019 at 3:53 pm

I’ve never connected my TV to the Internet, all my streaming is done off Chromecast or the PS4.

Reply
jamesh

June 17, 2019 at 3:57 pm

Interestingly, some TVs will accept firmware updates transmitted in free-to-air TV broadcasts. There used to be a program to multiplex these updates into the broadcasts on the ABC and commercial stations, but I don’t know if it is still being done. The firmware has probably grown a lot, but the bandwidth available to send out the updates through this channel has remained constant.

Reply
1. alexwalker
  
  June 17, 2019 at 4:03 pm
  
  Love to get my Channel Seven-sponsored critical TV security updates, available only during the hours of My Kitchen Rules and some other mind-numbing quality content
  
  Reply
  1. jamesh
    
    June 17, 2019 at 11:48 pm
    
    I only saw an OTA update on my TV once, and it only notified me about the update when I tried to turn it off.
    
    But the length of television shows is actually relevant: to properly download an update, you needed to be tuned into a station to receive the full update package. If you can’t fit the update into the fraction of bandwidth available during an episode of MKR, then it would probably never download successfully. That’s probably one of the reasons the mechanism became unworkable.
    
    Reply
djbear

June 17, 2019 at 4:06 pm

Meanwhile, my tv just functions as a TV. It turns on and off.

Im fine with that.

Reply
os42

June 17, 2019 at 4:10 pm

Cut to a couple of years from now, when we’re having the same concerns about every IoT device in your home. Imagine your toaster refusing to make toast until you cough up some bitcoin, or getting locked out of your own fridge…

Reply
1. namiwakiru
  
  June 17, 2019 at 5:03 pm
  
  We don’t even have the important stuff like the fridge being able to show you who stole your last chocolate yogurt.
  “I knew it, Doug, I bloody knew it was you! Now I have the video evidence to prove it!”
  
  Reply
  1. vashta_nerada47
    
    June 17, 2019 at 7:41 pm
    
    Actually, I just saw a fridge in the store that has cameras inside (so you can see what’s in there without opening the door) and it also had a tablet built into it. If it’s not already an option, I doubt it would be hard to make it record the video feed 😛
    
    Reply
2. phil1311
  
  June 17, 2019 at 5:12 pm
  
  EA moving into hardware…
  
  Reply
anteaters

June 17, 2019 at 4:26 pm

Wow, we have gotten to that stage. New market for the Kaspersky’s and Symantec’s. Anti Virus for your household items, fridge, toaster, tv, remote control, kids.

Reply
1. alexwalker
  
  June 17, 2019 at 4:53 pm
  
  “Pay me 1 BTC or I will burn your toast every morning”
  hackers, probably
  
  Reply
  1. pookie101
    
    June 17, 2019 at 6:43 pm
    
    Hard to tell if it’s hackers in that case or a toaster just normally burning your toast because it hates you
    
    Reply
  2. drsleepless
    
    June 18, 2019 at 8:31 am
    
    lol. Sounds like something the toaster from Red Dwarf would do.
    
    Reply
germinalconsequence

June 17, 2019 at 4:59 pm

This is somewhat old news. If you have any IoT capable device, chances are it’s being exploited as part of a botnet or otherwise being misused unless you’ve secured it. We’re living in an age where we have smart devices but haven’t made people smarter to keep up with the new security and privacy problems they bring.

Reply
1. soldant
  
  June 17, 2019 at 5:11 pm
  
  OTOH most people don’t understand how their tech works, and they shouldn’t really have to as end users. It’s up to manufacturers to push software updates (and probably enforce their installation) to protect users. Unfortunately, they just don’t support their devices properly.
  
  I like the convenience of a smart TV but so many things end up broken as time goes on that I’d rather just use my console or an Apple TV or whatever and have the TV do nothing more than select inputs. At least those devices will receive regular updates.
  
  Reply
  1. grunt
    
    June 17, 2019 at 5:33 pm
    
    Thats always been the case to some extent. As a new wave of tech emerges, in this case IoT, the previous generation that didnt grow up with it tend to suffer somewhat. Its close enough they get the gist, but different enough they miss what makes them new.
    
    The switch to smart phones did similar as did the emergence of mobiles in general. My dad was pretty tech proficient, but never did get the benefits of mobile phones. Digital TV was a confusing thing for a lot of people a decade ago, and I’m sure you remember the indifference to the NBN right at the start, and the belief that you didnt need to switch. Even the rise in microwave usage confused some people for a while.
    
    Not going to go back further than that, but every time the base method with tech has changed, a group fails to understand it, and its usually an older generation that has learned how to do things a certain way, and doesnt understand how a change can make it better.
    
    Reply
2. zombiejesus
  
  June 17, 2019 at 5:47 pm
  
  I don’t know much about Tizen (which I assume is what’s being talked about here) but if it’s at all on par with Android then the only meaningful need for antivirus is if the OS allows untrusted packages to be installed and you’ve enabled that setting. If you keep your device with default security settings (eg. trusted sources only), you don’t need AV (on Android).
  
  (That’s not even getting into the fact AV on Android is mostly a scam anyway and most AV apps don’t do anything more than blacklist apps by executable hash. But hey, AV companies gotta make that money and what better way than to convince normal people they need something they don’t.)
  
  Reply
3. jamesh
  
  June 17, 2019 at 6:16 pm
  
  It really depends on who made the IoT device. Some have practically no application level security and are abandoned by the manufacturer the minute the new version is released the next year. Others make it difficult to escalate an application level compromise into a full system compromise, and have automatic updates enabled by default (e.g. Google’s ChromeCast line).
  
  I generally try to steer family away from the no-name Chinese gear on the basis that those brands have nothing to lose if they get things wrong: they’ll just cycle on to the next brand name and have a clean slate. In contrast, the Google or Philips brand names have value that the respective companies won’t want to tarnish. It’s not foolproof, but it helps weed out the worst.
  
  Reply
  1. Unit3
    
    June 17, 2019 at 9:41 pm
    
    That’s a pretty good point. The bigger names do tend to support at least critical updates longer than the no-names do.
    My partner has a less than year old Kogan TV that can no longer access netflix because they haven’t updated it, while several years ago I flashed the firmware on my 8 year old at the time LG to fix reception issues with digital channels.
    
    Reply
camm

June 17, 2019 at 5:36 pm

Shrug, I’m glad TV manufacturers are promoting this rather than pretending their shit is secure.

Reply
1. jamesh
  
  June 18, 2019 at 1:37 pm
  
  I think the main question Samsung’s post raises is what their virus scan menu item actually does.
  
  If it is just checking that all the applications are correctly signed and authorised, then surely this is something that already happens when they’re installed/upgraded. If it is possible to escape Tizen’s application confinement and compromise the base system, why would you expect that virus scan menu item to actually do what it says?
  
  It sounds like something an executive or project manager asked to be added without a clear idea of what it would do. If anything, it could give users a false sense of security. You’d be better off with a manufacturer that pushes out regular security updates than one who adds a virus check menu item.
  
  Reply
bmerigan

June 17, 2019 at 10:19 pm

Pretty concerning when the devices get to a few years old and the manufacturer no longer supports them.
My Samsung smart TV hasn’t received an update in 5 years and Android phones generally don’t get supported after 2 years

Reply
drsleepless

June 18, 2019 at 8:37 am

For me, I think one of the biggest concerns is spread. IoT devices can be an easy entry point. As people above have stated, they tend to be quickly forgotten about and have little security. But if we look at the latest Samsung tv’s for example, they are now becoming homekit compatible. Find an entry via IoT and then an exploit through homekit and then to main computers.

Reply
1. mad_danny
  
  June 18, 2019 at 8:56 am
  
  like the wireless printer issues all over again…
  
  Reply
  1. drsleepless
    
    June 18, 2019 at 10:21 am
    
    Pretty much. I think the reason these sort of things are getting focused on atm is that it is another way to be sold a shoddy antivirus. Like badly loaded, pre-installed programs on a laptop. Which for a tv if I think about some people I know they are the sort of people who don’t know any better and will buy this sort of software. Either directly on the device or as an add on sale at the good guys or harvey norman.
    
    Reply

Katy Perry, Stop, You’re Embarrassing Pikachu

It’s Been A Wild Weekend For LA Noire Fans

How To Unlock The New Viper And Pictomancer Jobs In Final Fantasy XIV: Dawntrail

This Shadow Of The Erdtree Talisman Is Perfect For Tank Builds

The Dos and Don’ts Of Selling Your Friend On Your Favourite Game

Xbox Sales: The Best Deals From Target, EB Games, Amazon & More

The Best Gaming Deals In Australia Today

PS5 Deals: The Best Sales From Amazon, EB Games, PS Store & More

Nintendo Switch Sales: The Best Deals From Target, Big W, Amazon & More

Steam Summer Sale: The Discounted Aussie Games You Need To Buy And Try

Good Job Team: New TVs Are Vulnerable To Malware, Viruses

Comments

31 responses to “Good Job Team: New TVs Are Vulnerable To Malware, Viruses”

Leave a Reply Cancel reply