back to article Programmer finds way to liberate ransomware'd Google Smart TVs

Television production factory LG has saved Darren Cauthon's new year by providing hidden reset instructions to liberate his Google TV from ransomware. The company initially demanded more money than the idiot box was worth to repair the TV and relented offering instructions for resetting the telly after Cauthon took to Twitter …

The key is "hidden reset procedure". This should be in the fine manual, not hidden so that LG can charge you for "repairing" your TV.

LG relented and gave the instructions away for free but only after being named and shamed on Twitter. This alone should make a lot of people put them on the shit-list of openly consumer hostile companies (though I fear it won't).

It seems that these days, if you want to buy some known brand TV you just can't avoid getting a "smart" one.

75
0

Consumer hostile companies

Are there any that aren't on the list??

31
1
Silver badge
Happy

>This alone should make a lot of people put them on the shit-list of openly consumer hostile companies (though I fear it won't).

LG are on my shitlist, now ... and I have an LG 3d TV, it has never been anywhere near my network, though, and I have never even tried the "smart" functionality ... I use it as a monitor for watching TV/movies, the pi or the game consoles. No way in hell will I allow anyone around here use the smart functionality ... besides, I am sure the smart "functionality" is borken (youtube etc) as I have not bothered updating the firmware.

1. Why allow people to install software that is not vetted onto a TV ?

2. Factory reset procedure MUST BE in the manual, WTF ???

SmartTV's are fine, as long as you do not give them access to a network. This certainly is silly, why buy functionality you will not be using and the answer is there were no cost-effective alternatives I could find when I bought it ... like the IoT scales I bought last year, ripped antenna out, safe now.

Sad thing is, the average punter will use the functionality and get 0wned, sooner or later, because the devs who wrote the "smart" functionality are the same devs who wrote the IoT crap. Pretty sure there are ways to enable telnet with admin/admin login on these things ... for testing, debugging, and diagnostics ... you understand ...

14
13
Anonymous Coward

"SmartTV's are fine, as long as you do not give them access to a network"

The problem with that is assumptions.... All it takes is your neighbor's kid to connect the TV while you're out, 6 months later you discover it etc. Plus, how long till we learn that Smart TV's scan nearby Wi-Fi connections? Lots of apartment complexes have unsecured Wi-Fi. Five years ago, I'd have said they won't cross that line. But now corporations act untouchable...

29
0
Silver badge
Thumb Up

Re: "SmartTV's are fine, as long as you do not give them access to a network"

> Plus, how long till we learn that Smart TV's scan nearby Wi-Fi connections?

Ok, will rip the antennas out of the TV over the weekend, thanks for the hint! Just imagine, some script kiddie neighbour hacks the TV's wifi ...

Note that I have hidden the remote to the TV, not needed, as we use the set top box and amp, all goes into HDMI1 on the TV.

2
2
Anonymous Coward

It seems that these days, if you want to buy some known brand TV you just can't avoid getting a "smart" one.

Yup, and the worst aspect of that is that they are also impossible to avoid by people whose cognitive functions are declining, such as people suffering from Alzheimers. However, not to be outdone by the TV manufacturers I have also come across TV systems in homes and hospitals that inflicted a user interface that would have yielded immediate employment by Microsoft in the days of Windows ME.

I have no idea who designs these things and who thinks that the inability to lock down such features is a good thing, but they better not introduce themselves to me. Violence may not be acceptable, but after seeing what older people have to go through just to watch TV it sure feels like an acceptable and certainly educational response. It's also fairly idiotic because the "older people" market is a growth segment, evidenced by the ever growing amount of scams in that arena such as pricing retirement homes just above available pension so they gain access to their assets (a scam which is perpetuated internationally).

17
2

Reparability vs. planned obsolescence

I know one company which made a bet on consumers intelligence and decided to make all its products fixable for 10 years after they are bought..

It's a risky bet ^^

8
0
Silver badge
Thumb Up

Re: LG are on my shitlist, now

They have been on my shitlist since 2013, when El Reg reported that "LG smart TVs silently log owners' viewing habits to the South Korean company's servers and use them to serve targeted ads, one researcher has claimed."

http://www.theregister.co.uk/2013/11/20/lg_smart_tv_data_collection/

Despite LG subsequently releasing patches etc, they hired people who thought this was a good idea right up until the moment that they got caught. Not that I would ever buy a smart TV anyway, for reasons that are becoming increasingly apparent.

13
0
Anonymous Coward

1. They aren't. This news is bogus Twitter clickbait. This TV didn't "just get this", it was intentionally put there for FUD purposes. If you understand the hoops they needed to jump through to "get" this, you will know what nonsense it is. It's not a coincidence it happened during the Xmas shutdown for maximum effect.

2
3
Anonymous Coward

> "Factory reset procedure MUST BE in the manual, WTF ???"

You got a manual? My experience of "smart" TVs these days come with a "panic sheet" that explains how to set it up (1 side of A4), and an "online manual" embedded into the TV, because they're pushed out the door without their final functionality, which is delivered by a > 1GB firmware update 6 months or so after it goes on sale ...

3
0
Silver badge

"I have also come across TV systems in homes and hospitals that inflicted a user interface that would have yielded immediate employment by Microsoft in the days of Windows ME."

As good as that?

1
0
Silver badge

Bah!

"It seems that these days, if you want to buy some known brand TV you just can't avoid getting a "smart" one."

But one can avoid installing dodgy apps offering an obvious "summat fer nowt" honeytrap.

6
0
Gold badge
Facepalm

Re: Bah!

Or you can prevent this sort of thing ever happening by installing this FREE!!111!!! ANTIVIRUZ SCANUR FOUR TELEVISHUN.

At the end of the day it doesn't matter how secure or not these things are, there's no defence against a gullible idiot with the admin password...

10
0
Boffin

Re: "SmartTV's are fine, as long as you do not give them access to a network"

Register the MAC address of your telly in your DHCP configuration, with an out-of-range static allocation, so even if it does get connected it can't communicate.

(Test it with your phone first)

6
0
Anonymous Coward

"I have no idea who designs these things and who thinks that the inability to lock down such features is a good thing"

Fwiw, I was in a hotel recently where the TV looked familiar, both the enclosure and the behaviour of the innards. It was the hotelised (ie somewhat locked down) version of some Samsung LT series monitor/TV, of which I've had a couple of my very own (one pre-Smart, one allegedly Smart, iirc).

Doubtless there could have been ways to bypass the lockdown, given time and inclination, but this one was less immediately vulnerable than many others I've seen.

Related: Any other readers ever watch their home LAN with Wireshark or similar and wish for the days when every piece of traffic was there for a clear reason? Sadly, like wishing that every activity (especially anonymous "services") on a Window box was there for a clear reason, fashion has rendered it a futile wish.

Happy 2017: the year we learned to love systemd.

4
0
Silver badge
Boffin

The service mode on many TVs includes adjustments that may produce X-rays, burn the screen, alter very complicated calibrations, start a fire, or damage your hearing/speakers. Some calibrations require unplugging wire harnesses or monitoring test points before starting. The service mode isn't really secret - it's printed in the service manual that you can order.

The dumb part was LG not having a dedicated reset button on the back of the TV.

4
5
Silver badge

Re: "SmartTV's are fine, as long as you do not give them access to a network"

The word "smart" is a dead giveaway. Some marketing genius figured out that if a product is labeled "smart" instead of "internet connected for the company's benefit", people would buy them. Note that lot of the IoT/IoS crap is now being labeled as "smart"... smart toasters, smart thermostats, etc.

I'm of the belief that people haven't a clue and buying a "smart" product makes up for their lack on knowledge.

6
0
Anonymous Coward

> 1. They aren't. This news is bogus Twitter clickbait.

Source?

0
1

Re: "SmartTV's are fine, as long as you do not give them access to a network"

> Note that lot of the IoT/IoS crap is now being labeled as "smart"... smart toasters, smart thermostats, etc.

Smart Fork ← WTF? ;)

5
0
Anonymous Coward

@ Kevin McMurtrie seriously X-rays at vaguely dangerous levels even on a CRT?

If LG allowed him to install they should have allowed an uninstall, that the ransomware crippled the system is also LG's fault.

Lastly access to service dialogues would no doubt be logged and be used as a get out clause on manufacturer warranty if it really was possible to damage the equipment

0
1
Flame

They already are on my "shit list". I have a LG P1 Express laptop that goes into a boot-loop if you try to install a bigger hard drive than its 100GB HDD. (160GB is a no-go for example. I haven't tried a SSD.)

There's no BIOS updates on their website, and their telephone support responds with: "LG made a laptop?" No idea what I'll do if the existing HDD fails.

Then there's the ATAPI Flush Buffer = Firmware Erase CD/DVD burner fiasco of a few years ago.

I've vowed to never buy another LG/Goldstar product as it is clear to me their "technical support" is practically useless, and I don't see it being any better for a television.

A dumb device like a plain monitor might be okay… but anything "smart" is a no-go for me.

4
0
Bronze badge

Re: Bah!

The ITV / Channel 4 etc apps offer stuff for free and are perfectly legitimate. People who aren't familiar with technology won't understand the difference, and if they are on an app store alongside the likes of Channel 4 and BBC which isn't free, they will think they have been vetted and approved by someone.

0
0
Silver badge

It seems that these days, if you want to buy some known brand TV you just can't avoid getting a "smart" one.

It's getting a lot harder. I managed to get a dumb 50" TV on a clearance sale for $200. It's hooked up to a Linux media centre so the smart element is there, but it's under my control, no microphone and no camera.

1
1
Silver badge
Linux

2016 we lost Lemmy (maybe late 2015 but close enough), a couple of the guys from MASH (one in the last week or so), David Bowie, George Michael, and a hell of a lot others. I also lost family members and a couple of friends this year, some who'd been around my whole life.

I didn't think it could get any worse.....

Happy 2017: the year we learned to love systemd.

I guess I was wrong.

3
0
Silver badge
Pint

Re: "SmartTV's are fine, as long as you do not give them access to a network"

Note that lot of the IoT/IoS crap is now being labeled as "smart"... smart toasters, smart thermostats, etc.

I have a smart toaster. I got it about 10 years ago. I paid a premium for it, name brand and so on.

Over the course of a few trys I adjusted it's settings to get the toast to the desired level of toastyness. Ever since then it smartly toasts my bread to the same colour, even after all this time. And when it's done it smartly turns itself off, raises the toast so it's partly out of the toaster (and easy to grab), and smartly makes a unique clicking sound to tell me the toast is ready.

Given what is on the market today, and the longevity [cough] of even expensive products, I think I was very smart in spending a bit extra waaay back then.

--> Closest thing to the appropriate colour.

1
0
Silver badge
Coat

Re: "SmartTV's are fine, as long as you do not give them access to a network"

Smart Fork ← WTF? ;)

Shows that some consumers are a bit forked in the head1 maybe?

1 Well, what part of your body to you stick your fork into then?

1
0
Silver badge
Trollface

> 1. They aren't. This news is bogus Twitter clickbait.

Source?

Someone at LG hoping that if they post this to enough forums, people will believe it rather than bothering to check back to the original articles? After all, he said "twitter clickbait" and "fake news" so the original article must have been false, right?

1
0

Re: "SmartTV's are fine, as long as you do not give them access to a network"

Hurry up and take advantage of the sale at Amazon.com: was $63.87 but now $63.85!

1
0
Anonymous Coward

Happy Days!

>>> I didn't think it could get any worse.....

Happy 2017: the year we learned to love systemd.

I was one of those people who was happy to see the tech advances open my horizons to the wider world, the thought of instant world connectivity made my knees wobble.

Now that reality has set in, I spend my time repelling boarders from all the world who want to do me harm. This is not how it was supposed to be!

I have dug that old Nokia out of the drawer (The battery lasts all week) and removed the battery from the 'Smart' phone that is incapable of obeying a simple command to shut it. My net operates behind a false front and I've taken to using a monitor to watch TV. Now I'm looking for a way to shut my car up. (Having purchased it, I feel it should report to me, not it's maker or the old Bill - or both)

A 21st century hermit is what this brave new world is making me, and every year is getting worse.

I miss the 1950's even if I did have to get up and walk to the TV to change (to the other channel). I reasoned that's what kids were for. Today? My remote answers back instead and there isn't a leg to smack! (Joke for the sensitive).

0
0
Anonymous Coward

Keep in mind that this a Android TV, LG has since then moved to the great WebOS :-)

1
0
Anonymous Coward

Re: "SmartTV's are fine, as long as you do not give them access to a network"

Having access to the network is the BEST thing of a Smart TV.

But this post is for a forgotten Google TV anyway

0
0
Anonymous Coward

Re: @ Kevin McMurtrie seriously X-rays at vaguely dangerous levels even on a CRT?

If an Android TV is similar to a phone or tablet, then you must EXPLICITLY enable the Developers mode and enable 3rt party apps to be able to install anything outside the official App Market and when you enable it, it gives you a big warning...

2
0
Silver badge
Pint

@, re: systemd

Cheer up, there will always be Slackware :-)

1
0
Silver badge

I bought a brand-new Panasonic TV about two months ago, and I can assure you it's (almost) as dumb as the programmes it receives.

Yes, "smart" is coming. For your next TV, I recommend "not giving it your wifi password". The one after that will have its own dedicated cellular connection, and at that point you're probably screwed, but who knows, they might have fixed their security issues by then...

0
0
Silver badge

Re: Happy Days!

I was one of those people who was happy to see the tech advances open my horizons to the wider world, the thought of instant world connectivity made my knees wobble.

Now that reality has set in, I spend my time repelling boarders from all the world who want to do me harm. This is not how it was supposed to be!

Yes, I remember that wide-eyed excitement at what was coming to the world, the ability to connect anywhere and any time, smart devices that could tell you all sorts about their status or the state of the environment around you or the environment somewhere else (eg how warm/cold your house was), being able to see and control things in your home from your office or hotel. The innovation promised from Microsoft and what that would bring (just slightly before Win95), and a various other OS's (don't know I'd heard of Linux back then) and other software out there. And the way even "closed source" was just so open, alterable, and expandable. Never saw a line of the source code for Dos but I could do a hell of a lot with it, limited by my imagination or patience (some things took a while on those older CPUs).

But what let the world in unfortunately let the world in. Only, not the world we dreamed or imagined. The ideas of security that would protect us from nastiness were poorly implemented or never came about, the good things to come along were usurped by greed or governments hell-bent on knowing every silent word imagined by every citizen at every moment, the brave new world if connected openess became a prison of closely monitored solitary confinement (look at how many people post everything they do to hundreds or thousands of "followers" on FB/Twitter, yet have no real human contact).

My phone is basic and dumb, but with excellent battery life (doesn't last a week but then I use my phone as a phone, and talk to real people in real time for a couple of hours a day on average), not rich enough to own a modern car (you could look at finding and removing wireless antennae, or perhaps blocking its MAC off from your router - if it hunts for free WiFi hotspots then maybe you invest in a portable one that (maybe using a Raspberry?) that connects to nothing else, or some sort of WiFi jammer that is fairly localised to the car while the car is running?) and if I do get to buy a new one it'll be customised, even if it means voiding the warranty. My TV was recently given to me and is an LG, but while it can play movies off USB there's no network connectivity to it. I do find several things annoying not least that all it's fancy sound controls can only be used for the super-crap built in speakers, the only usable output is a headphone jack connected to my HT sound, but LG thinks "who the hell would want to alter tone/equaliser controls on a headphone, or have anything to make the sound clearer, and why would any one want to listen to anything BUT our suder-tinny-crapfest-speakers. That said, most stuff I view is not live TV. A computer does all the "smart" I want, and has the benefit of lifetime updates to the OS and software.

I've never minded getting up to change channel or volume, but I know so many people who would spend 10 minutes looking for the remote instead of 10 seconds manually changing the channel!.

0
0
Silver badge
Linux

Re: @, re: systemd

Cheer up, there will always be Slackware :-)

Probably one version of Linux I never got around to playing with. Must have a look if it's still around.

0
0

Re: LG are on my shitlist, now

They have been on my shitlist since 2013, when El Reg reported that "LG smart TVs silently log owners' viewing habits to the South Korean company's servers and use them to serve targeted ads, one researcher has claimed."

So Google essentially. Got any problems with them or just when it suits?

0
0

Sorry, may I have that again in English?

0
0
Silver badge

Re: @, re: systemd

Not just around, Kiwi, it's active. Latest update a week ago (see the Change Logs).

slackware.com Recommended.

0
0

> It seems that these days, if you want to buy some known brand TV you just can't avoid getting a "smart" one.

I just bought a Samsung. It's dumb as a bag of spanners. Works beautifully with my Mac Mini.

0
0
Silver badge

Best reason yet

For not buying supposedly 'smart' TVs.

22
1

Re: Best reason yet

Or yet another reason to avoid LG products.

16
1
Bronze badge
FAIL

Re: Best reason yet

LG has been webos for 4 or more years now.

1
1
Silver badge

Re: Best reason yet -LG has been webos for 4 or more years now.

I didn't think that applied to all of their range, and I thought it was 2 years rather than 4.

Also, are not both UIs based on a Linux which might well be identical under the hood? webOs might not be subject to this particular malware but it will probably have its own vulnerabilities.

1
0
Silver badge

Re: Best reason yet

Or best reason not to download an app called "free movies 4ever - legit !!!11"

32
1
Silver badge

Re: Best reason yet -LG has been webos for 4 or more years now.

"Also, are not both UIs based on a Linux which might well be identical under the hood? webOs might not be subject to this particular malware but it will probably have its own vulnerabilities."

WebOS and Android use a Linux kernel of some kind but are largely different in every other respect. Android doesn't even share its userland with any other Linux dist. It's very unlikely they would share any vulnerability.

In this case it looks like an older "smart" TV running the Google TV platform which has been pretty much abandoned by everyone, including Google. The newer Android TV is still going, but not on LG devices.

2
0
Silver badge

Re: Best reason yet -LG has been webos for 4 or more years now.

In the video he says he bought the TV in 2012 or 2013 so it's not the current batch.

2
0
Silver badge

Re: Best reason yet

"Or yet another reason to avoid LG products"

More a reason to avoid any products with a Google OS.

1
2
Holmes

yes dis lg a little but it's whoever downloaded the malwares fault ? just for free streaming films ..nothing is for free

17
1
Silver badge

The fact that a TV can let you install malware is a great big fail in itself. I want them as appliancey as possible so I don't have to babysit them.

24
3

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2017