back to article Time to spin the wheel of pwnage! This week, malware can infect your…. Android set-top box!

Set-top tuner boxes have become the infection vector in the spread of Internet of Things malware. This came out of a report from mobile security house WootCloud, which said its team has caught a botnet called Ares, targeting Android entertainment boxes from Huawei, Cubetek, and Qezy Media. The WootCloud malware detectives …

  1. Wellyboot Silver badge
    Facepalm

    No options.

    >>>Users are also advised to set passwords on their devices for interfaces like Telnet, SNMP, and web.<<<

    Please show me how to get to those security options via the 'app' for 99% of set top boxes and other I-o-Tat stuff infesting peoples living room.

    1. Adrian 4 Silver badge

      Re: No options.

      If it has a telnet port open, I guess you can telnet to to it instead of using the app ..

      1. GnuTzu Silver badge

        Re: No options.

        Telnet port open? Oh, how the sniffing of passwords will proliferate in proportion to the number of telnet managed devices. Are we going to also see clear-text passwords for web interfaces?

  2. Wiretrip

    Don't most people use devices like this on a NATed subnet (i.e. the way most routers are set up)? So unless the STB is actively opening port forwards via UPnP then they can't be reached from the open Internet. These stories always seem more like publicity for the boutiques that release them. I'd certainly never heard of the one here!

    1. This post has been deleted by its author

    2. AJames

      I wish all of these security announcements would make that point about subnets clearer instead of obscurely mentioning the possibility of malware scanning the internet for directly connected boxes.

      It would also be nice if they gave links to specific instructions that most users would want to follow to secure their systems, instead of vague warnings to increase security without details, often appearing to suggest measures that would cripple functionality.

    3. Time Waster

      Ignoring the question of IPv6, I can imagine some people will deliberately enable port-forwarding to allow remote access for managing recordings (and as mentioned, I’m sure some will automatically set this up for you with UPnP).

  3. Claptrap314 Silver badge
    Pint

    "The attacks on IoT devices in particular have proven startlingly effective in recent years ..."

    Really? Folks around here have been screaming from the proverbial rooftops since this whole IoT (remember: The "S" is for security) fiasco was proposed. This is EXACTLY what any intelligent, honest, & experienced person in the industry has been saying would happen.

    Icon because crying in it seems to be the only viable option. Which we also stated.

  4. jake Silver badge

    For the record ...

    ... MythTV still works quite nicely, should you have a need for such a thing.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019