Thousands of Android TV devices come with unkillable backdoor preinstalled
Thousands of Android TV devices come with unkillable backdoor preinstalled
Somehow, advanced Triada malware was added to devices before reaching resellers.
Thousands of Android TV devices come with unkillable backdoor preinstalled
Somehow, advanced Triada malware was added to devices before reaching resellers.
Worth pointing out this isn't any proper Android TV devices, but rather those cheap boxes that are often basically SBCs with AOSP installed on them which are predominantly sold as easy piracy boxes.
Edit: in fact, the article doesn't currently have TV in the title
Leaving out the TV makes it less precise and more clickbaity because then it sounds like Android phones are affected.
I guess the problem is that "Android TV" is a specific thing that none of these devices actually are, they're just dodgy boxes running Android that can be plugged into a TV.
For me it's more clickbaity because Android TV isn't actually involved here at all.
Why not just find a different website reporting the story with a better headline? Rather than sharing the one with the headline you fear is misleading?
Can you even get an actual Android TV device now that isn't a Chromecast or an Nvidia shield? Other than a few TVs that mostly come with malware (tcl, Sony, Hisense) I can't think of anything else that has actual Android TV you can buy as a consumer.
Xiaomi makes one, also Walmart carries one called Onn.
I miss having a dumb tv
If I don't connect it to the internet they don't get to sell ur data innit
I only watch pirated content. What data are they selling?
Shit will want to connect some way. If I ever have to buy a smart TV for myself, I'm opening it up and swapping the brain board or removing the antenna.
Walmart sells Sceptre 4k tvs which are dumb, sure they aren't OLED or have amazing refresh rates but they are the perfect TV for most people, it's much easier to chuck and buy a new $20 streaming device when updates make it crawl to a near stop than it is to do the same with a $600+ TV.
These new Led backlit tvs die like every 2 years and need led strip replacement. I had to repair mine 3 times now while my old lcd tv never died in 15+ years and I gave it to my dad who is using it for past 8 years daily.
I'm annoyed that they don't sell them and that even if you don't connect a smart tv to wifi to keep it dumb it'll still not just be a display and it'll try to shove stuff in your face
I bought a Hisense and it had the option during setup to disable most smart features and leave it in “basic mode”. I was already going to put an Apple TV in it so I just left it there and I’ve been happy. Only thing a tv needs is settings and the ability to change inputs.
Most TVs have an office or presentation mode hidden somewhere in the settings, that will get rid of the ad-ridden interface and replace it with a plain and functional one. That plus no wifi, ever, gets them sorted.
LOL I'm still using an old CRT TV because it just won't die and I barely watch TV
Any Smart TV can be a dumb TV if not connected to the internet
And what you will do with the preinstalled malware and bloatware?
I have an old Toshiba LCD TV which is a bit thick in comparison to today's devices but it's so good and robust. Also no smart features what so ever. Comes with a bunch of inputs and has some features not found on modern devices. It also came with full schematic should it ever need servicing. Every now and then I'll get the urge of getting oh so new and shiny OLED then remind myself about builtin expiration date and stupid "smart" features.
I gave mine up when I had to move cross country. I miss it dearly.
That's why you should build your own media center from an old machine. Much safer and more private.
How?
/
partition will do), maybe have a homemade NAS ready too Look into Plex servers, that should keep you busy for the next six months till you get it up and running.
The problem is that YouTube app and F1 app are Android only so having a Linux media box won't help. It needs to run Android to run Android apps.
Plus I like to use Chromecast, we use it all the time to send YouTube videos from our phones to the big screen.
What's wrong with using YouTube in a browser?
I don't know about apps like F1 and Chromecast, but I can see that it could be a problem. But YouTube has worked fine for me with the MPV player. Maybe you could try Android-x86? (is that thing still alive? 😅)
I swear shit like this is why Lemmy is so incredibly out of touch with the real world. I can't take the community seriously anymore.
So my home media center is not real world enough? I only expressed an opinion; you are free to ignore it. Also, there is nothing that keeps you here. Please kindly keep in mind that most Lemmy users right now are interested in technology, you can't take that away from them and there is nothing wrong with it. If you want to stay away from "shit like this", then, with all respect, you probably should not be in a technology sub in the first place.
Because something is not popular and not available in typical electronic store doesn't mean it's not real.
I know having a private life may seem unreal in recent ~10 years, but it surely can be done without giving up modern life. All it takes is a little time for research and saying "no" sometimes. The hardest part are always areas where more people like that are needed to say "no".
People have been using old computers as media centres for decades at this point. Not sure what you're on about.
I agree. Too many comments and threads are hijacked or over represented by the pro piracy crowd. I wish more communities would just ban the shit post of "yar, time to sail the high seas" that seem to be the top comment on any media related post.
You're going to build your own smart TV that can handle new HDMI and Displayport advancements too?
This is going to come as a shock to you, but HDMI has been a thing since 2004. You can find 15 year old dumb TVs with HDMI. If the TV had HDMI, it can handle any format that the screen can physically show and newer versions are backwards compatible.
Pff sure. How hard can it be? Few resistor thingies and some capaci-whatsists, and Arduino, done.
Almost any ARM SBC and a dumb TV will do, install linux/a minimal wayland compositor and waydroid and youre laughing
Any time there's a advancement you just update the board, instead of the whole TV (which its not like normal smart TV's update their ports anyways?)
Wait, smart devices might not be secure?! I'm shocked!
Are non smart TVs even still a thing nowadays? I don't own or watch any TV so I honestly don't know how the market currently looks like.
Yes. They are sold for commercial use, e.g., McD’s menu, and are quite pricey.
Apparently "smartness" has not invaded projectors...per a comment I read here on kbin a while back from a projector owner. This really encourages me to buy one.
They're harder to find, for sure. Especially if you want a large screen.
When I was shopping around a few years ago, the only 65" TV I could find without smart features was a Sceptre, which is Walmart's electronics brand. Speakers so bad that I had to buy a sound bar, and the display isn't that great, but it gets the job done and I don't need to worry about it being an attack vector.
They get called “monitors” a lot (depending whether you need them to pick up cable/airwaves of course)
Not really but you can always get a "smart" tv and never connect it to the Internet. If you want to stream just use an external device you trust like a PC
Yepp - hop on Ebay or some surplus auction site, and search for commercial/signage displays. Don't bother buying new unless you have the money for it IMO, they are expensive unless you get them used
Edit: typo
China hacked my fucking coffee mug.
These are just generic Android TV devices that use Allwinner board. Allwinner made these kind of generic boards for Android TV and Android Auto head unit and sell them to OEMs. The OEMs then "customize" it by adding their APKs into the ROM provided by Allwinner. I doubt the malware come from Allwinner. Maybe it's just one (or more) OEM that include whatever APK they found on the internet without checking.
Linus just recently did a whole episode on a few Android TV boxes from China. Very concernig findings
Who? The guy with questionable "methodology"?
So you do know him!
Bro his gf/wife is Chinese
Thanks for the super relevant info 🤦♂️
Do you realize that a person can be from a country without having any involvement with the industries and government of that country?
She's not, you can figure it out, but let's stick to generalisation
I think she's from real China, Taiwan!
In total the researchers confirmed eight devices with backdoors installed—seven TV boxes, the T95, T95Z, T95MAX, X88, Q9, X12PLUS, and MXQ Pro 5G, and a tablet J5-W.
The other thing discussed is fraudulent android apps that have been removed from the play store.
This is the best summary I could come up with:
This week, cybersecurity firm Human Security is revealing new details about the scope of the infected devices and the hidden, interconnected web of fraud schemes linked to the streaming boxes.
“They’re like a Swiss Army knife of doing bad things on the Internet,” says Gavin Reid, the CISO at Human Security who leads the company’s Satori Threat Intelligence and Research team.
“This is a truly distributed way of doing fraud.” Reid says the company has shared details of facilities where the devices may have been manufactured with law enforcement agencies.
In the second half of 2022, Human Security says in its report, its researchers spotted an Android app that appeared to be linked to inauthentic traffic and connected to the domain flyermobi.com.
When Milisic posted his initial findings about the T95 Android box in January, the research also pointed to the flyermobi domain.
The company’s report, which has data scientist Marion Habiby as its lead author, says Human Security spotted at least 74,000 Android devices showing signs of a Badbox infection around the world—including some in schools across the US.
The original article contains 455 words, the summary contains 180 words. Saved 60%. I'm a bot and I'm open source!
My OctoPrint server runs on one of these (previous homeowners left it lying around), but I completely nuked Android and installed the Armbian distro for the Inovato Quadra (itself just a carefully sourced and rebranded TV box). It was tedious though, and I'd never buy one for that purpose when there are dedicated SBCs.
I rememberLinus Tech Tips talking about that month ago:
Do you have a credible source instead?
Lmfao
Woah, I just checked, and apparently they are back to releasing videos.
Still more credible than 90% of random tech outlets.
Here is an alternative Piped link(s):
https://piped.video/1vpepaQ-VQQ?si=t52OHvJ79nnXSsYC
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I'm open-source; check me out at GitHub.
Good bot
Isn't his gf/wife Chinese ?
Definitely not unkillable tho
installing your own OS and/or bootloader is a pain and most of the time unfeasable. And that's the only way to safely kill software based backdoors.
Even then, unless you also blow away the firmware, you can't be sure it's clean.
Where are the hackers when you need them?
Looks like my old bravia and rpi is a good combination.
Chinesium devices, anyone?
You have a device not made in China?
I have a tv built in 1978, it was made somewhere in Michigan dont know where the sticker is faded in that part.
Its called google and it infects all stock android devices
Anyway I actually have one of those devices. It was support to be a birthday present but it came with some baggage. By the time I realized it I couldn't return it
Every laptop, mobile phone, TV, smart home devices and their mothers have an unkillable backdoor. What's new?
Usually get patched and fixed ¯\_(ツ)_/¯ In this case they sell them like this and most take advantage of it.