Android Ransomware Infects LG Smart TV

Share this…

Security firms have been warning us for more than a year about the possibility of Android malware jumping from phones and tablets to other Android-powered devices, such smart TVs.

The latest incident involving ransomware on a smart TV involves software engineer Darren Cauthon, who revealed that the LG smart TV of one of his family members was infected with ransomware right on Christmas day.

Based on a screenshot Cauthon posted online, the smart TV appears to be infected with a version of the Cyber.Police ransomware, also known as FLocker, Frantic Locker, or Dogspectus.

LG smart TV
LG smart TV infected with ransomware [Source: Darren Cauthon]

The infected TV is one of the last generations of LG smart TVs that ran Google TV, a smart TV platform developed by Google together with  Intel, Sony, and Logitech. Google TV launched in 2010, but Google discontinued the project in June 2014.

In the meantime, LG has moved on from Google TV, and the company’s TVs now run WebOS, an open-source Linux kernel-based multitask operating system.

Ransomware asks for $500 to unlock device, LG asks for $340 to help

Cauthon says he tried to reset the TV to factory settings, but the reset procedure available online didn’t work. When the software engineer contacted LG, the company told him to visit one of their service centers, where one of its employees could reset his TV.

This angered Cauthon because factory reset procedures shouldn’t be secret, but also because the service center visit implied a $340 bill. The ransomware asked Cauthon to pay $500 to unlock his TV.

As one commenter on Twitter pointed out, it would be cheaper to buy a new TV. “Avoid these ‘smart tvs’ like the plague,” Cauthon added following his discussion with LG.

TV infected by installing mysterious app

Asked to detail how he got infected with the ransomware, Cauthon said “They [the relatives] said they downloaded an app to watch a movie. Halfway thru movie, tv froze. Now boots to this.”

It is unclear at this moment if Cauthon’s relative downloaded an app from the official Play Store, or from a third-party source.

Twitter users didn’t wait for this confirmation, and one user was quick to answer Cauthon: “Someone downloaded an app on an ancient tv to watch pirated movies. Suddenly all SmartTVs are bad?”

Ransomware on smart TVs is going to be a big problem

In November 2015, Symantec researchers conducted a test and installed ransomware on a smart TV. Even if the researcher who conducted the test was an expert on Android malware and was a very skilled professional, he found it very difficult to remove the malware from the infected TV, a task he said would be extremely difficult and nearly impossible for a non-technical user.

The same test was repeated three months later by researchers from Trend Micro, who arrived at the same conclusion.

Malware targeting smart TVs is not that common, but when it hits it’s usually extremely difficult to deal with. For example, in January 2016, a user had a hard time removing a basic browser scareware (tech support scam). The infected TV was also an LG TV.

In June 2016, Trend Micro reported that smart TVs were regularly targeted by ransomware, with the most active threat being Cyber.Police (FLocker).

In the meantime, Google has started working on Android TV, an Android-based smart TV platform, similar to Google TV, meaning that Android malware remains a valid threat for a large chunk of the smart TV market.