Thousands of Android TV devices come with unkillable backdoor preinstalled

Worth pointing out this isn't any proper Android TV devices, but rather those cheap boxes that are often basically SBCs with AOSP installed on them which are predominantly sold as easy piracy boxes.

Edit: in fact, the article doesn't currently have TV in the title

I miss having a dumb tv

That's why you should build your own media center from an old machine. Much safer and more private.

Wait, smart devices might not be secure?! I'm shocked!

These are just generic Android TV devices that use Allwinner board. Allwinner made these kind of generic boards for Android TV and Android Auto head unit and sell them to OEMs. The OEMs then "customize" it by adding their APKs into the ROM provided by Allwinner. I doubt the malware come from Allwinner. Maybe it's just one (or more) OEM that include whatever APK they found on the internet without checking.

Permanently Deleted

Permanently Deleted

In total the researchers confirmed eight devices with backdoors installed—seven TV boxes, the T95, T95Z, T95MAX, X88, Q9, X12PLUS, and MXQ Pro 5G, and a tablet J5-W.

The other thing discussed is fraudulent android apps that have been removed from the play store.

This is the best summary I could come up with:

This week, cybersecurity firm Human Security is revealing new details about the scope of the infected devices and the hidden, interconnected web of fraud schemes linked to the streaming boxes.

“They’re like a Swiss Army knife of doing bad things on the Internet,” says Gavin Reid, the CISO at Human Security who leads the company’s Satori Threat Intelligence and Research team.

“This is a truly distributed way of doing fraud.” Reid says the company has shared details of facilities where the devices may have been manufactured with law enforcement agencies.

In the second half of 2022, Human Security says in its report, its researchers spotted an Android app that appeared to be linked to inauthentic traffic and connected to the domain flyermobi.com.

When Milisic posted his initial findings about the T95 Android box in January, the research also pointed to the flyermobi domain.

The company’s report, which has data scientist Marion Habiby as its lead author, says Human Security spotted at least 74,000 Android devices showing signs of a Badbox infection around the world—including some in schools across the US.

The original article contains 455 words, the summary contains 180 words. Saved 60%. I'm a bot and I'm open source!

My OctoPrint server runs on one of these (previous homeowners left it lying around), but I completely nuked Android and installed the Armbian distro for the Inovato Quadra (itself just a carefully sourced and rebranded TV box). It was tedious though, and I'd never buy one for that purpose when there are dedicated SBCs.

I rememberLinus Tech Tips talking about that month ago:

https://youtu.be/1vpepaQ-VQQ?si=t52OHvJ79nnXSsYC

Definitely not unkillable tho

Where are the hackers when you need them?

Looks like my old bravia and rpi is a good combination.

Chinesium devices, anyone?

Its called google and it infects all stock android devices

Anyway I actually have one of those devices. It was support to be a birthday present but it came with some baggage. By the time I realized it I couldn't return it

Every laptop, mobile phone, TV, smart home devices and their mothers have an unkillable backdoor. What's new?