It took a year from proof of concept to in-the-wild attack, but ransomware for Android-based smart TVs is now here. As one victim discovered this Christmas, figuring out how to clean such an infection can be quite difficult.
Ransomware for Android phones has already been around for several years and security experts have warned in the past that it’s only a matter of time until such malicious programs start affecting smart TVs, especially since some of them also run Android.
In November 2015, a Symantec researcher named Candid Wueest even went as far as to infect his own TV with an Android ransomware application to highlight the threat. While that infection was just a demonstration, this Christmas, the owner of an LG Electronics TV experienced the real deal.
Kansas-based software developer Darren Cauthon reported on Twitter on Dec. 25 that a family member accidentally infected his Android-based TV with ransomware after downloading a movie-watching app. The picture shared by Cauthon showed the TV screen with an FBI-themed ransom message.
On Android the majority of ransomware applications are so-called screen lockers. They work by displaying persistent messages on the phone’s screen and preventing users from performing any other actions on their devices. The messages usually impersonate some law enforcement authority and ask victims to pay fictitious fines to regain control.
Cauthon, who was the previous owner of the three-year-old TV, tried to help the new owner restore the device to its default factory settings, but didn’t succeed even after receiving many suggestions and advice from other Twitter users.
According to the software developer, when he first contacted LG’s tech support, he was told that a technician would have to come over and take a look for a fee of around $340.
The ransom amount itself was $500 although even paying that would have been difficult because there was no way to click on the payment section to find the instructions on how to do so. The only thing that worked was just moving a mouse-like pointer on a portion of the TV screen via an accompanying smart remote.
Eventually LG provided Cauthon with a solution that involved pressing and releasing two physical buttons on the TV in a particular order. This booted the TV, which runs the now defunct Android-based Google TV platform, into a recovery mode.
The Android recovery mode allows wiping the data partition, which deletes all user settings, apps and data and is the equivalent of a factory reset. While this sounds straightforward, Cauthon’s experience suggests that many users would have difficulty figuring it out on their own and would probably be forced to pay for technical assistance.
If recovering from smart TV ransomware infections can be hard, imagine what users would have to deal with if these programs start infecting other internet-of-things devices, as some security experts predict.
In this case, the victim was lucky because the ransomware app was only a screen locker and not a program that encrypts files. Smart TVs have USB ports and allow connecting external hard disk drives in order to watch personal videos or photo collections—the type of files that are valuable to users, especially if they’re not backed up.