Android-Based Smart TVs Can Now Become Infected with Ransomware

Users have to reboot the unit, forcing it into recovery mode

Android-Based Smart TVs Can Now Become Infected with Ransomware
Image: Pexels
January 4, 2017

Ransomware for Windows computers and Android-based smartphones has existed for several years now. Security experts have been warning about the possibility that this form of malware could one day infect smart TVs.

That day has arrived.

PCWorld reports about an incident that happened over the Christmas holiday in which a family member of software developer Darren Cauthon accidentally infected a smart Android-based LG TV with ransomware after downloading a movie-watching app.

On Android, most applications containing ransomware are known as screen lockers. In this instance, Cauthon posted an image of the infected TV on Twitter showing an FBI-themed ransom message on the screen. Such screen lockers work by showing persistent messages that stop users from doing anything else on the device. The messages usually claim to be from one law enforcement authority or another and request that the victims pay a fine to get control of the device back.

Cauthon—who used to own the smart TV in this instance—tried to help the new owner restore it to its default factory settings. However, they were not able to do so, even after other Twitter users sent several suggestions and advice.

When he first contacted LG's technical support department, says Cauthon, they told him that a technician would have to examine the TV for a $340 fee.

The actual amount of the ransom was $500, although it would be hard to pay this because it was not possible to click on the payment section of the screen to find the instructions on how to pay. The only feature that worked was moving a pointer like a mouse using a smart remote on part of the TV screen.

LG eventually gave Cauthon a solution involving pressing and then releasing two physical buttons on the TV unit in a certain order. This rebooted the TV—which runs the Android-based Google TV platform, now defunct—into a recovery mode. This mode allowed the users to wipe the data partition, deleting all user settings, apps, and data. This is the same thing as a factory reset. Although this sounds simple, the experience of Cauthon's family suggests that many people would find it hard to figure out how to do it on their own. This would likely force them to pay for technical help.

The victims of the attack in this instance were lucky because the ransomware only locked the screen instead of encrypting files. Smart TVs are equipped with USB ports that allow users to connect external hard drives so that they can watch personal videos or photo collections—the kind of files that are valuable to users, particularly if they have not been backed up.