back to article Programmer finds way to liberate ransomware'd Google Smart TVs

Television production factory LG has saved Darren Cauthon's new year by providing hidden reset instructions to liberate his Google TV from ransomware. The company initially demanded more money than the idiot box was worth to repair the TV and relented offering instructions for resetting the telly after Cauthon took to Twitter …

Page:

  1. Silviu C.

    The key is "hidden reset procedure". This should be in the fine manual, not hidden so that LG can charge you for "repairing" your TV.

    LG relented and gave the instructions away for free but only after being named and shamed on Twitter. This alone should make a lot of people put them on the shit-list of openly consumer hostile companies (though I fear it won't).

    It seems that these days, if you want to buy some known brand TV you just can't avoid getting a "smart" one.

    1. getHandle

      Consumer hostile companies

      Are there any that aren't on the list??

      1. Potemkine Silver badge

        Reparability vs. planned obsolescence

        I know one company which made a bet on consumers intelligence and decided to make all its products fixable for 10 years after they are bought..

        It's a risky bet ^^

    2. Hans 1
      Happy

      >This alone should make a lot of people put them on the shit-list of openly consumer hostile companies (though I fear it won't).

      LG are on my shitlist, now ... and I have an LG 3d TV, it has never been anywhere near my network, though, and I have never even tried the "smart" functionality ... I use it as a monitor for watching TV/movies, the pi or the game consoles. No way in hell will I allow anyone around here use the smart functionality ... besides, I am sure the smart "functionality" is borken (youtube etc) as I have not bothered updating the firmware.

      1. Why allow people to install software that is not vetted onto a TV ?

      2. Factory reset procedure MUST BE in the manual, WTF ???

      SmartTV's are fine, as long as you do not give them access to a network. This certainly is silly, why buy functionality you will not be using and the answer is there were no cost-effective alternatives I could find when I bought it ... like the IoT scales I bought last year, ripped antenna out, safe now.

      Sad thing is, the average punter will use the functionality and get 0wned, sooner or later, because the devs who wrote the "smart" functionality are the same devs who wrote the IoT crap. Pretty sure there are ways to enable telnet with admin/admin login on these things ... for testing, debugging, and diagnostics ... you understand ...

      1. Anonymous Coward
        Anonymous Coward

        "SmartTV's are fine, as long as you do not give them access to a network"

        The problem with that is assumptions.... All it takes is your neighbor's kid to connect the TV while you're out, 6 months later you discover it etc. Plus, how long till we learn that Smart TV's scan nearby Wi-Fi connections? Lots of apartment complexes have unsecured Wi-Fi. Five years ago, I'd have said they won't cross that line. But now corporations act untouchable...

        1. Hans 1
          Thumb Up

          Re: "SmartTV's are fine, as long as you do not give them access to a network"

          > Plus, how long till we learn that Smart TV's scan nearby Wi-Fi connections?

          Ok, will rip the antennas out of the TV over the weekend, thanks for the hint! Just imagine, some script kiddie neighbour hacks the TV's wifi ...

          Note that I have hidden the remote to the TV, not needed, as we use the set top box and amp, all goes into HDMI1 on the TV.

          1. Anonymous Coward
            Anonymous Coward

            Re: "SmartTV's are fine, as long as you do not give them access to a network"

            Having access to the network is the BEST thing of a Smart TV.

            But this post is for a forgotten Google TV anyway

        2. Soruk
          Boffin

          Re: "SmartTV's are fine, as long as you do not give them access to a network"

          Register the MAC address of your telly in your DHCP configuration, with an out-of-range static allocation, so even if it does get connected it can't communicate.

          (Test it with your phone first)

        3. Mark 85

          Re: "SmartTV's are fine, as long as you do not give them access to a network"

          The word "smart" is a dead giveaway. Some marketing genius figured out that if a product is labeled "smart" instead of "internet connected for the company's benefit", people would buy them. Note that lot of the IoT/IoS crap is now being labeled as "smart"... smart toasters, smart thermostats, etc.

          I'm of the belief that people haven't a clue and buying a "smart" product makes up for their lack on knowledge.

          1. Justin Clift

            Re: "SmartTV's are fine, as long as you do not give them access to a network"

            > Note that lot of the IoT/IoS crap is now being labeled as "smart"... smart toasters, smart thermostats, etc.

            Smart Fork ← WTF? ;)

            1. Kiwi
              Coat

              Re: "SmartTV's are fine, as long as you do not give them access to a network"

              Smart Fork ← WTF? ;)

              Shows that some consumers are a bit forked in the head1 maybe?

              1 Well, what part of your body to you stick your fork into then?

            2. Anonymous Coward
              Anonymous Coward

              Re: "SmartTV's are fine, as long as you do not give them access to a network"

              Hurry up and take advantage of the sale at Amazon.com: was $63.87 but now $63.85!

          2. Kiwi
            Pint

            Re: "SmartTV's are fine, as long as you do not give them access to a network"

            Note that lot of the IoT/IoS crap is now being labeled as "smart"... smart toasters, smart thermostats, etc.

            I have a smart toaster. I got it about 10 years ago. I paid a premium for it, name brand and so on.

            Over the course of a few trys I adjusted it's settings to get the toast to the desired level of toastyness. Ever since then it smartly toasts my bread to the same colour, even after all this time. And when it's done it smartly turns itself off, raises the toast so it's partly out of the toaster (and easy to grab), and smartly makes a unique clicking sound to tell me the toast is ready.

            Given what is on the market today, and the longevity [cough] of even expensive products, I think I was very smart in spending a bit extra waaay back then.

            --> Closest thing to the appropriate colour.

      2. Anonymous Coward
        Thumb Up

        Re: LG are on my shitlist, now

        They have been on my shitlist since 2013, when El Reg reported that "LG smart TVs silently log owners' viewing habits to the South Korean company's servers and use them to serve targeted ads, one researcher has claimed."

        http://www.theregister.co.uk/2013/11/20/lg_smart_tv_data_collection/

        Despite LG subsequently releasing patches etc, they hired people who thought this was a good idea right up until the moment that they got caught. Not that I would ever buy a smart TV anyway, for reasons that are becoming increasingly apparent.

        1. messele

          Re: LG are on my shitlist, now

          They have been on my shitlist since 2013, when El Reg reported that "LG smart TVs silently log owners' viewing habits to the South Korean company's servers and use them to serve targeted ads, one researcher has claimed."

          So Google essentially. Got any problems with them or just when it suits?

      3. Anonymous Coward
        Anonymous Coward

        1. They aren't. This news is bogus Twitter clickbait. This TV didn't "just get this", it was intentionally put there for FUD purposes. If you understand the hoops they needed to jump through to "get" this, you will know what nonsense it is. It's not a coincidence it happened during the Xmas shutdown for maximum effect.

        1. Anonymous Coward
          Anonymous Coward

          > 1. They aren't. This news is bogus Twitter clickbait.

          Source?

          1. Kiwi
            Trollface

            > 1. They aren't. This news is bogus Twitter clickbait.

            Source?

            Someone at LG hoping that if they post this to enough forums, people will believe it rather than bothering to check back to the original articles? After all, he said "twitter clickbait" and "fake news" so the original article must have been false, right?

        2. IainWR

          Sorry, may I have that again in English?

      4. Anonymous Coward
        Anonymous Coward

        > "Factory reset procedure MUST BE in the manual, WTF ???"

        You got a manual? My experience of "smart" TVs these days come with a "panic sheet" that explains how to set it up (1 side of A4), and an "online manual" embedded into the TV, because they're pushed out the door without their final functionality, which is delivered by a > 1GB firmware update 6 months or so after it goes on sale ...

      5. Anonymous Coward
        Anonymous Coward

        Keep in mind that this a Android TV, LG has since then moved to the great WebOS :-)

    3. Anonymous Coward
      Anonymous Coward

      It seems that these days, if you want to buy some known brand TV you just can't avoid getting a "smart" one.

      Yup, and the worst aspect of that is that they are also impossible to avoid by people whose cognitive functions are declining, such as people suffering from Alzheimers. However, not to be outdone by the TV manufacturers I have also come across TV systems in homes and hospitals that inflicted a user interface that would have yielded immediate employment by Microsoft in the days of Windows ME.

      I have no idea who designs these things and who thinks that the inability to lock down such features is a good thing, but they better not introduce themselves to me. Violence may not be acceptable, but after seeing what older people have to go through just to watch TV it sure feels like an acceptable and certainly educational response. It's also fairly idiotic because the "older people" market is a growth segment, evidenced by the ever growing amount of scams in that arena such as pricing retirement homes just above available pension so they gain access to their assets (a scam which is perpetuated internationally).

      1. Doctor Syntax Silver badge

        "I have also come across TV systems in homes and hospitals that inflicted a user interface that would have yielded immediate employment by Microsoft in the days of Windows ME."

        As good as that?

      2. Anonymous Coward
        Anonymous Coward

        "I have no idea who designs these things and who thinks that the inability to lock down such features is a good thing"

        Fwiw, I was in a hotel recently where the TV looked familiar, both the enclosure and the behaviour of the innards. It was the hotelised (ie somewhat locked down) version of some Samsung LT series monitor/TV, of which I've had a couple of my very own (one pre-Smart, one allegedly Smart, iirc).

        Doubtless there could have been ways to bypass the lockdown, given time and inclination, but this one was less immediately vulnerable than many others I've seen.

        Related: Any other readers ever watch their home LAN with Wireshark or similar and wish for the days when every piece of traffic was there for a clear reason? Sadly, like wishing that every activity (especially anonymous "services") on a Window box was there for a clear reason, fashion has rendered it a futile wish.

        Happy 2017: the year we learned to love systemd.

        1. Kiwi
          Linux

          2016 we lost Lemmy (maybe late 2015 but close enough), a couple of the guys from MASH (one in the last week or so), David Bowie, George Michael, and a hell of a lot others. I also lost family members and a couple of friends this year, some who'd been around my whole life.

          I didn't think it could get any worse.....

          Happy 2017: the year we learned to love systemd.

          I guess I was wrong.

          1. Anonymous Coward
            Anonymous Coward

            Happy Days!

            >>> I didn't think it could get any worse.....

            Happy 2017: the year we learned to love systemd.

            I was one of those people who was happy to see the tech advances open my horizons to the wider world, the thought of instant world connectivity made my knees wobble.

            Now that reality has set in, I spend my time repelling boarders from all the world who want to do me harm. This is not how it was supposed to be!

            I have dug that old Nokia out of the drawer (The battery lasts all week) and removed the battery from the 'Smart' phone that is incapable of obeying a simple command to shut it. My net operates behind a false front and I've taken to using a monitor to watch TV. Now I'm looking for a way to shut my car up. (Having purchased it, I feel it should report to me, not it's maker or the old Bill - or both)

            A 21st century hermit is what this brave new world is making me, and every year is getting worse.

            I miss the 1950's even if I did have to get up and walk to the TV to change (to the other channel). I reasoned that's what kids were for. Today? My remote answers back instead and there isn't a leg to smack! (Joke for the sensitive).

            1. Kiwi

              Re: Happy Days!

              I was one of those people who was happy to see the tech advances open my horizons to the wider world, the thought of instant world connectivity made my knees wobble.

              Now that reality has set in, I spend my time repelling boarders from all the world who want to do me harm. This is not how it was supposed to be!

              Yes, I remember that wide-eyed excitement at what was coming to the world, the ability to connect anywhere and any time, smart devices that could tell you all sorts about their status or the state of the environment around you or the environment somewhere else (eg how warm/cold your house was), being able to see and control things in your home from your office or hotel. The innovation promised from Microsoft and what that would bring (just slightly before Win95), and a various other OS's (don't know I'd heard of Linux back then) and other software out there. And the way even "closed source" was just so open, alterable, and expandable. Never saw a line of the source code for Dos but I could do a hell of a lot with it, limited by my imagination or patience (some things took a while on those older CPUs).

              But what let the world in unfortunately let the world in. Only, not the world we dreamed or imagined. The ideas of security that would protect us from nastiness were poorly implemented or never came about, the good things to come along were usurped by greed or governments hell-bent on knowing every silent word imagined by every citizen at every moment, the brave new world if connected openess became a prison of closely monitored solitary confinement (look at how many people post everything they do to hundreds or thousands of "followers" on FB/Twitter, yet have no real human contact).

              My phone is basic and dumb, but with excellent battery life (doesn't last a week but then I use my phone as a phone, and talk to real people in real time for a couple of hours a day on average), not rich enough to own a modern car (you could look at finding and removing wireless antennae, or perhaps blocking its MAC off from your router - if it hunts for free WiFi hotspots then maybe you invest in a portable one that (maybe using a Raspberry?) that connects to nothing else, or some sort of WiFi jammer that is fairly localised to the car while the car is running?) and if I do get to buy a new one it'll be customised, even if it means voiding the warranty. My TV was recently given to me and is an LG, but while it can play movies off USB there's no network connectivity to it. I do find several things annoying not least that all it's fancy sound controls can only be used for the super-crap built in speakers, the only usable output is a headphone jack connected to my HT sound, but LG thinks "who the hell would want to alter tone/equaliser controls on a headphone, or have anything to make the sound clearer, and why would any one want to listen to anything BUT our suder-tinny-crapfest-speakers. That said, most stuff I view is not live TV. A computer does all the "smart" I want, and has the benefit of lifetime updates to the OS and software.

              I've never minded getting up to change channel or volume, but I know so many people who would spend 10 minutes looking for the remote instead of 10 seconds manually changing the channel!.

          2. jake Silver badge
            Pint

            @, re: systemd

            Cheer up, there will always be Slackware :-)

            1. Kiwi
              Linux

              Re: @, re: systemd

              Cheer up, there will always be Slackware :-)

              Probably one version of Linux I never got around to playing with. Must have a look if it's still around.

              1. jake Silver badge

                Re: @, re: systemd

                Not just around, Kiwi, it's active. Latest update a week ago (see the Change Logs).

                slackware.com Recommended.

      3. Anonymous Coward
        Anonymous Coward

        > It seems that these days, if you want to buy some known brand TV you just can't avoid getting a "smart" one.

        I just bought a Samsung. It's dumb as a bag of spanners. Works beautifully with my Mac Mini.

    4. Stevie

      Bah!

      "It seems that these days, if you want to buy some known brand TV you just can't avoid getting a "smart" one."

      But one can avoid installing dodgy apps offering an obvious "summat fer nowt" honeytrap.

      1. TeeCee Gold badge
        Facepalm

        Re: Bah!

        Or you can prevent this sort of thing ever happening by installing this FREE!!111!!! ANTIVIRUZ SCANUR FOUR TELEVISHUN.

        At the end of the day it doesn't matter how secure or not these things are, there's no defence against a gullible idiot with the admin password...

      2. katrinab Silver badge

        Re: Bah!

        The ITV / Channel 4 etc apps offer stuff for free and are perfectly legitimate. People who aren't familiar with technology won't understand the difference, and if they are on an app store alongside the likes of Channel 4 and BBC which isn't free, they will think they have been vetted and approved by someone.

    5. Kevin McMurtrie Silver badge
      Boffin

      The service mode on many TVs includes adjustments that may produce X-rays, burn the screen, alter very complicated calibrations, start a fire, or damage your hearing/speakers. Some calibrations require unplugging wire harnesses or monitoring test points before starting. The service mode isn't really secret - it's printed in the service manual that you can order.

      The dumb part was LG not having a dedicated reset button on the back of the TV.

      1. Anonymous Coward
        Anonymous Coward

        @ Kevin McMurtrie seriously X-rays at vaguely dangerous levels even on a CRT?

        If LG allowed him to install they should have allowed an uninstall, that the ransomware crippled the system is also LG's fault.

        Lastly access to service dialogues would no doubt be logged and be used as a get out clause on manufacturer warranty if it really was possible to damage the equipment

        1. Anonymous Coward
          Anonymous Coward

          Re: @ Kevin McMurtrie seriously X-rays at vaguely dangerous levels even on a CRT?

          If an Android TV is similar to a phone or tablet, then you must EXPLICITLY enable the Developers mode and enable 3rt party apps to be able to install anything outside the official App Market and when you enable it, it gives you a big warning...

    6. Anonymous Coward
      Flame

      They already are on my "shit list". I have a LG P1 Express laptop that goes into a boot-loop if you try to install a bigger hard drive than its 100GB HDD. (160GB is a no-go for example. I haven't tried a SSD.)

      There's no BIOS updates on their website, and their telephone support responds with: "LG made a laptop?" No idea what I'll do if the existing HDD fails.

      Then there's the ATAPI Flush Buffer = Firmware Erase CD/DVD burner fiasco of a few years ago.

      I've vowed to never buy another LG/Goldstar product as it is clear to me their "technical support" is practically useless, and I don't see it being any better for a television.

      A dumb device like a plain monitor might be okay… but anything "smart" is a no-go for me.

    7. Number6

      It seems that these days, if you want to buy some known brand TV you just can't avoid getting a "smart" one.

      It's getting a lot harder. I managed to get a dumb 50" TV on a clearance sale for $200. It's hooked up to a Linux media centre so the smart element is there, but it's under my control, no microphone and no camera.

    8. veti Silver badge

      I bought a brand-new Panasonic TV about two months ago, and I can assure you it's (almost) as dumb as the programmes it receives.

      Yes, "smart" is coming. For your next TV, I recommend "not giving it your wifi password". The one after that will have its own dedicated cellular connection, and at that point you're probably screwed, but who knows, they might have fixed their security issues by then...

  2. Anonymous Coward
    Anonymous Coward

    Best reason yet

    For not buying supposedly 'smart' TVs.

    1. Mike Lewis

      Re: Best reason yet

      Or yet another reason to avoid LG products.

      1. Planty Bronze badge
        FAIL

        Re: Best reason yet

        LG has been webos for 4 or more years now.

        1. Anonymous Coward
          Anonymous Coward

          Re: Best reason yet -LG has been webos for 4 or more years now.

          I didn't think that applied to all of their range, and I thought it was 2 years rather than 4.

          Also, are not both UIs based on a Linux which might well be identical under the hood? webOs might not be subject to this particular malware but it will probably have its own vulnerabilities.

          1. DrXym

            Re: Best reason yet -LG has been webos for 4 or more years now.

            "Also, are not both UIs based on a Linux which might well be identical under the hood? webOs might not be subject to this particular malware but it will probably have its own vulnerabilities."

            WebOS and Android use a Linux kernel of some kind but are largely different in every other respect. Android doesn't even share its userland with any other Linux dist. It's very unlikely they would share any vulnerability.

            In this case it looks like an older "smart" TV running the Google TV platform which has been pretty much abandoned by everyone, including Google. The newer Android TV is still going, but not on LG devices.

          2. Eddy Ito

            Re: Best reason yet -LG has been webos for 4 or more years now.

            In the video he says he bought the TV in 2012 or 2013 so it's not the current batch.

      2. TheVogon

        Re: Best reason yet

        "Or yet another reason to avoid LG products"

        More a reason to avoid any products with a Google OS.

    2. DaLo

      Re: Best reason yet

      Or best reason not to download an app called "free movies 4ever - legit !!!11"

  3. flearider
    Holmes

    yes dis lg a little but it's whoever downloaded the malwares fault ? just for free streaming films ..nothing is for free

    1. Dan 55 Silver badge

      The fact that a TV can let you install malware is a great big fail in itself. I want them as appliancey as possible so I don't have to babysit them.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like