But most of you won’t have to worry unless you use the TV to read email, SMS, or surf the Internet – straight use as a dumb TV should be fine. There is some question about installing apps from non-authorised app stores but as far as I can ascertain major brands lock that up pretty tightly.
The interesting thing is that when it detects Android TV, it simply locks the screen – making the TV useless until a ransom is paid. It can also steal data from the device. It portends the beginning of ransomware for any IoT device.
Trend Micro said the latest batch of 1200 variants came in April and masquerades as the Cyber Police or another law enforcement agency. It accuses potential victims of crimes they didn’t commit. Then, it demands US$200 worth of iTunes gift cards.
When launched for the first time, FLocker checks if the device is located in Eastern European counties: Kazakhstan, Azerbaijan, Bulgaria, Georgia, Hungary, Ukraine, Russia, Armenia, and Belarus. If so it deactivates itself.
If FLocker reaches a compatible target, it waits for 30 minutes after infecting the unit before it runs the routine. After the short waiting period, it starts the background service which requests device admin privileges immediately. This bypasses Android’s dynamic sandbox. If the user denies this request, it will freeze the screen faking a system update.
Norton by Symantec has also warned of FLocker in the wild. Ironically it was one of the first companies last year to warn of ransomware for smart TVs. It is an interesting read as it also covers things like unsigned firmware updates and how a smart TV could be hijacked to become part of a Botnet or cryptocurrency mining operation.
While the initial version is "defeatable" via a computer with the Android developer tools using the ADB command to kill the process and revoke its administrator access, very few have that expertise. There is some talk of a hardware (not a software menu) factory reset, but depending on set that may not be possible. Smart TV manufacturers can tell you which combination of buttons to press at power on.
Dave Jevans, Vice President Mobile Security at Proofpoint, has provided some insights into this threat and user tips:
“The biggest risk will be on mobile devices where users surf the Internet or receive SMS messages that can spread malicious apps. Typically SMS messages are not enabled on TV sets running Android. It could be possible to get infected by visiting an infected malicious website on your Android TV," he said.
Consumers can protect themselves by:
- not accepting apps for installation that are sent by SMS messages
- being very wary of accepting apps for installation from web pages and not an App store
- be very wary when apps request for increased access privileges
- be extremely wary or do not install apps on Android that have permissions such as:
- RESTART_PACKAGES
- SYSTEM_ALERT_WINDOW
- KILL_BACKGROUND_PROCESSES
- GET_TASKS
Enterprises can protect employees mobile devices by deploying an App Reputation and Security service in conjunction with their Mobile Device Management service.