Categories: Security

An LG Smart TV Was Infected with Ransomware

On Christmas Day, 2016, a software engineer reported that his family members’ smart TV was hacked. Specifically, their LG smart TV was infected with ransomware. The type of ransomware that infected their TV was called Cyber.Police. This particular type is also known as Frantic Locker, Dogspectus, or FLocker.

As a recap, ransomware is a type of malware that blocks access to a system or device until the victim pays the hacker a sum of money. After the money is paid, the device or system will be unlocked. In this case, the smart TV was most likely infected by ransomware when the family installed a malicious app onto their TV. Unfortunately, this is a common incident for smartphones, too. That’s why it’s important to regularly scan your devices for malware:

The specific model was an older LG smart TV that ran Google TV. Google discontinued Google TV in 2014. In this incident, the smart TV was unable to be reset manually. The software engineer tried to contact LG to reset the TV, but they wouldn’t do it without charging a high fee. Thanks to the press coverage of this incident, perhaps, LG changed their earlier position and helped him to unlock his family’s TV. The engineer posted the procedure on YouTube, as he felt that the knowledge shouldn’t be kept secret.

Smart TVs Are Insecure

Unfortunately, smart TVs (and other smart appliances) aren’t as secure as they should be. One reason that they’re more insecure than your smartphone or computer is that they don’t receive frequent security and software updates. There has also been a lot of news lately about new malware that can: attack Wi-Fi routers, infect one device in order to spread malware to every device connected to the same network, and utilize insecure Internet of Things devices to attack a network. As these strains of malware improve, it only puts your smart TV more at risk of being hacked. Thus, the ability of your smart TV — which has access to your Wi-Fi, and typically has your credit card information stored on it (to purchase movies, etc.), among other sensitive data — to be hacked is now an even bigger deal.

No Minimum Standard for Device Security

Further, this could be a manufacturing issue, too. There is no minimum standard for device security in the US. If we really want to ensure that all of the smart products that we’re using are secure, we would encourage regulations to be passed to hold companies accountable for selling insecure products to consumers. The Obama Administration suggested such a measure, but unfortunately, it was never passed.

PSafe Newsroom

The dfndr blog is an informative channel that presents exclusive content on security and privacy in the mobile and business world, with tips to keep users protected. Populated by a select group of expert reporters, the channel has a partnership with dfndr lab's security team. Together they bring you, first-notice news about attacks, scams, internet vulnerabilities, malware and everything affecting cybersecurity.