Thousands of Android TV devices come with unkillable backdoor preinstalled
Somehow, advanced Triada malware was added to devices before reaching resellers.
Worth pointing out this isn't any proper Android TV devices, but rather those cheap boxes that are often basically SBCs with AOSP installed on them which are predominantly sold as easy piracy boxes.
Edit: in fact, the article doesn't currently have TV in the title
Leaving out the TV makes it less precise and more clickbaity because then it sounds like Android phones are affected.
Can you even get an actual Android TV device now that isn't a Chromecast or an Nvidia shield? Other than a few TVs that mostly come with malware (tcl, Sony, Hisense) I can't think of anything else that has actual Android TV you can buy as a consumer.
Xiaomi makes one, also Walmart carries one called Onn.
I miss having a dumb tv
I'm annoyed that they don't sell them and that even if you don't connect a smart tv to wifi to keep it dumb it'll still not just be a display and it'll try to shove stuff in your face
Most TVs have an office or presentation mode hidden somewhere in the settings, that will get rid of the ad-ridden interface and replace it with a plain and functional one. That plus no wifi, ever, gets them sorted.
LOL I'm still using an old CRT TV because it just won't die and I barely watch TV
Walmart sells Sceptre 4k tvs which are dumb, sure they aren't OLED or have amazing refresh rates but they are the perfect TV for most people, it's much easier to chuck and buy a new $20 streaming device when updates make it crawl to a near stop than it is to do the same with a $600+ TV.
These new Led backlit tvs die like every 2 years and need led strip replacement. I had to repair mine 3 times now while my old lcd tv never died in 15+ years and I gave it to my dad who is using it for past 8 years daily.
I have an old Toshiba LCD TV which is a bit thick in comparison to today's devices but it's so good and robust. Also no smart features what so ever. Comes with a bunch of inputs and has some features not found on modern devices. It also came with full schematic should it ever need servicing. Every now and then I'll get the urge of getting oh so new and shiny OLED then remind myself about builtin expiration date and stupid "smart" features.
I gave mine up when I had to move cross country. I miss it dearly.
That's why you should build your own media center from an old machine. Much safer and more private.
The problem is that YouTube app and F1 app are Android only so having a Linux media box won't help. It needs to run Android to run Android apps.
Plus I like to use Chromecast, we use it all the time to send YouTube videos from our phones to the big screen.
I swear shit like this is why Lemmy is so incredibly out of touch with the real world. I can't take the community seriously anymore.
So my home media center is not real world enough? I only expressed an opinion; you are free to ignore it. Also, there is nothing that keeps you here. Please kindly keep in mind that most Lemmy users right now are interested in technology, you can't take that away from them and there is nothing wrong with it. If you want to stay away from "shit like this", then, with all respect, you probably should not be in a technology sub in the first place.
Because something is not popular and not available in typical electronic store doesn't mean it's not real.
I know having a private life may seem unreal in recent ~10 years, but it surely can be done without giving up modern life. All it takes is a little time for research and saying "no" sometimes. The hardest part are always areas where more people like that are needed to say "no".
I agree. Too many comments and threads are hijacked or over represented by the pro piracy crowd. I wish more communities would just ban the shit post of "yar, time to sail the high seas" that seem to be the top comment on any media related post.
You're going to build your own smart TV that can handle new HDMI and Displayport advancements too?
Almost any ARM SBC and a dumb TV will do, install linux/a minimal wayland compositor and waydroid and youre laughing
Any time there's a advancement you just update the board, instead of the whole TV (which its not like normal smart TV's update their ports anyways?)
Wait, smart devices might not be secure?! I'm shocked!
Are non smart TVs even still a thing nowadays? I don't own or watch any TV so I honestly don't know how the market currently looks like.
They're harder to find, for sure. Especially if you want a large screen.
When I was shopping around a few years ago, the only 65" TV I could find without smart features was a Sceptre, which is Walmart's electronics brand. Speakers so bad that I had to buy a sound bar, and the display isn't that great, but it gets the job done and I don't need to worry about it being an attack vector.
They get called “monitors” a lot (depending whether you need them to pick up cable/airwaves of course)
Not really but you can always get a "smart" tv and never connect it to the Internet. If you want to stream just use an external device you trust like a PC
Yepp - hop on Ebay or some surplus auction site, and search for commercial/signage displays. Don't bother buying new unless you have the money for it IMO, they are expensive unless you get them used
Edit: typo
China hacked my fucking coffee mug.
These are just generic Android TV devices that use Allwinner board. Allwinner made these kind of generic boards for Android TV and Android Auto head unit and sell them to OEMs. The OEMs then "customize" it by adding their APKs into the ROM provided by Allwinner. I doubt the malware come from Allwinner. Maybe it's just one (or more) OEM that include whatever APK they found on the internet without checking.
In total the researchers confirmed eight devices with backdoors installed—seven TV boxes, the T95, T95Z, T95MAX, X88, Q9, X12PLUS, and MXQ Pro 5G, and a tablet J5-W.
The other thing discussed is fraudulent android apps that have been removed from the play store.
This is the best summary I could come up with:
This week, cybersecurity firm Human Security is revealing new details about the scope of the infected devices and the hidden, interconnected web of fraud schemes linked to the streaming boxes.
“They’re like a Swiss Army knife of doing bad things on the Internet,” says Gavin Reid, the CISO at Human Security who leads the company’s Satori Threat Intelligence and Research team.
“This is a truly distributed way of doing fraud.” Reid says the company has shared details of facilities where the devices may have been manufactured with law enforcement agencies.
In the second half of 2022, Human Security says in its report, its researchers spotted an Android app that appeared to be linked to inauthentic traffic and connected to the domain flyermobi.com.
When Milisic posted his initial findings about the T95 Android box in January, the research also pointed to the flyermobi domain.
The company’s report, which has data scientist Marion Habiby as its lead author, says Human Security spotted at least 74,000 Android devices showing signs of a Badbox infection around the world—including some in schools across the US.
The original article contains 455 words, the summary contains 180 words. Saved 60%. I'm a bot and I'm open source!
My OctoPrint server runs on one of these (previous homeowners left it lying around), but I completely nuked Android and installed the Armbian distro for the Inovato Quadra (itself just a carefully sourced and rebranded TV box). It was tedious though, and I'd never buy one for that purpose when there are dedicated SBCs.
I rememberLinus Tech Tips talking about that month ago:
Do you have a credible source instead?
Lmfao
Woah, I just checked, and apparently they are back to releasing videos.
The video is based in mentioned sources. I don't see a reason why every video from LTT should be non-credible.
Here is an alternative Piped link(s):
https://piped.video/1vpepaQ-VQQ?si=t52OHvJ79nnXSsYC
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I'm open-source; check me out at GitHub.
Good bot
Isn't his gf/wife Chinese ?
Where are the hackers when you need them?
Looks like my old bravia and rpi is a good combination.
Its called google and it infects all stock android devices
Anyway I actually have one of those devices. It was support to be a birthday present but it came with some baggage. By the time I realized it I couldn't return it
Every laptop, mobile phone, TV, smart home devices and their mothers have an unkillable backdoor. What's new?
Usually get patched and fixed ¯\_(ツ)_/¯ In this case they sell them like this and most take advantage of it.
![Badly [re-]titled ArsTechnica article warns of large multi-vector malware incursions in IoT and personal devices suspected to be Chinese in origin](https://lemmy.world/pictrs/image/755794e6-d595-4d8b-bee6-e083591d3c1d.jpeg?format=webp&thumbnail=256)
