What's new

Ransomware on SmartTV's now - TrendMicro Report

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I bet you don't own a Android Phone.
If I where to guess you probably have a Microsoft phone :)
I don't see you as a google type hehe
 
iPhones/iPads - ok with this - and I'm pretty much platform agnostic - the platform wars are generally over - greybeards like me - we use them all - they're just tools...

As I mentioned earlier in the thread - the scary thing with Android based SmartTV's is that in many cases, the Android Debug port is explicitly disabled.. which makes fixing the set if it gets pwn'ed a problem...
 
I don't like Smart TVs. Most of them have half-baked software, they're buggy, they have no real update/maintenance plan for their software, and can become useless after a few years, well before the end of useful life for the actual TV itself. Best to spend 100$ on an external box that gets active support, and can easily be replaced with another 100$ box rather than a 1000$ TV set.

There's probably a large bunch of Smart TVs now that can't even access Youtube anymore (one of the most popular service with Netflix), following Google's abandon of their old, original API.
 
@RMerlin, in the UK some people still use CRTs. By keeping a device to a single function it can last for a very long time that also includes LED monitors.

I think smart TVs are a waste because of the hardware inside becoming useless as well. Its a waste of hardware cost to add all those CPU, RAM and flash for all these software for just a display. Previously ISPs and services all have their own boxes but now some ISPs are doing away with their boxes and letting you just watch online.

for a tv box amazon has a good one. Small form factor with decent CPU, micro-sd and usb compared with other tv box not to mention lower power consumption and hackable android OS (so you can root and stuff). You could just get an LED monitor and stick it to the back of one.

The reason why smart TVs exist is to subsidise the cost via the inclusion of apps and services from others (its like advertising for them) and perhaps your data?
 
I think the small STB's (Roku, Androids, AppleTV, TiVO, etc...) are a much better approach - I started this thread as SmartTV's are clearly a target now, and it's very hard to troubleshoot/debug them do to the obvious DRM concerns...

Woe to the Joe Sixpack guy that get's his SmartTV locked down - he won't have the technical skills/capabilities to unbrick it - and these are challenging enough even for folks in this thread that do have the knowledge to fix due to lack of JTAG/Debug ports...
 
i just read an older blog about ransomwares on openDNS where your computer gets encrypted and you have to pay to unencrypt it. Also watched it in mr robot. I wasnt aware this was a serious problem, it seems security must be lax everywhere.
 
A business customer of mine got hit by one a few years ago. Their receptionist got infected, and her PC was encrypting all the content of the shared folders on their server. Nothing that couldn't be fixed by restoring the previous night's backup tho...

They were running McAfee's SaaS at the time (from their previous IT consultant). I moved them to Eset a few months later.
 
If only there were a way to isolate devices on our networks with some sort of iptables "jail". There is no reason my TV should be talking to any other site than the manufacturer, and I should have an easy way in my fancy-schmancy router to click a button and "jail" any device on my network and then whitelist the specific sites (with appropriate IP-to-hostname lookups for us non-techie homeowner types) that I think the device needs to actually connect to.

This would let me easily shut off all internet connectivity between my abandoned, no longer updated or used "smart" device. Be it a TV, BluRay player, DVD player, or even a Roku, FireStick/TV, ChromeStick, or my Nest thermostats, refridgerator, or my printer, and especially my home security video cameras. Things like "jailing" my Samsung SmartTV and allowing it only to talk to samsung.com (plus a few country variants) and say netflix.com servers. And that's it. Anything else, my trusty router will block. Maybe drop an alert for me to evaluate whether or not to allow a new connection as I'm "learning" what's "legit" or not with that device.

How about it, @RMerlin? Anything like that in the works for my somewhat aging RT-AC68R. Not a complaint, but a hope you're up to making something like that happen.

I really, really, don't have the patience to sit down and analyze the logs, convert IPs to hostnames, figure out if the traffic from or to the device is legit or not, and then study IPtables commands for a week and hope I don't break something. My point isn't to whine about how hard it is, technically to do such a thing, but to point out that surely there is an easier way that Joe Homeowner with a non-IT networking job can secure his home (and all of the IoT devices hanging off of his network) from having secret conversations with unsavory IP addresses out on the interwebs.

I'd even pay for firmware or a module that did that.
 
There's been some talk here - the IOT universe of things has turned ugly, as we've seen with events like the Mirai BotNet DDOS and other items.

You do bring up a really good point - what to do with those old/obsolete devices, as they're still out there, connected to the internet at large - things have a way of catching up...

And I'm reasonably certain that the current state of the art with home gateways isn't going to fix that problem any time soon...
 
Network Service Filters -> Whitelist mode. You will have a hard time figuring out what to whitelist however, as Youtube/Netflix aren't just 2 or 3 IPs that need to be whitelisted.

This isn't something that can be done with a few knobs. It's a custom job for all of these different services if you truly want to whitelist things properly.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top