
FLocker Mobile Ransomware Crosses to Smart TV - bifrost
http://blog.trendmicro.com/trendlabs-security-intelligence/flocker-ransomware-crosses-smart-tv/
======
weq
Smart tv = giving samsung, apple permission to listen to every word you say,
and use those words to target martketing at you. There no no expectation or
privacy around your smart tv. I mean their smart marketing device you buy pay
for the privledge to use.

~~~
Dr_tldr
FYI: Smart TV typically refers to any television capable of connecting to the
internet, not necessarily only to those with webcam, microphone, always-on
functionality, etc.

A TV with no peripherals that only knows your wifi password and nothing else
about you has many magnitudes less access to private information than your
phone, computer, tablet, etc.

------
jacquesm
Some interesting monetization options around big sports events and other mass
audience items.

~~~
eric_h
Oh good lord, I hadn't even thought of that. Keep the ransomware sitting idle
until 10 minutes before the Super Bowl - then turn it on asking for $1000 (or
even less, if you've got it on enough TVs) to release the lock.

I turned off the "smart" features on my smart tv the moment they showed me an
ad. (no fucking way I'm paying $2k for a TV to show me ads, I barely tolerate
the occasional Hulu programming that they were unable to get an ad-free
license for).

~~~
voltagex_
How do you turn off the "smart" features on most TVs? I am hoping I can still
get a "dumb" panel the next time I need a new TV (which is hopefully never).

Many people on HN could set up bi-directional firewalls but what hope has the
average person got?

~~~
NeutronBoy
> I am hoping I can still get a "dumb" panel the next time I need a new TV
> (which is hopefully never).

Protip: when you go to buy one, don't go to consumer electronic retailers - if
you find a commercial electronic wholesaler (e.g. one that sells equipment for
businesses), you'll find heaps of dumb TVs that are basically giant computer
monitors. Same panels, better warranty, and nothing in them except a panel and
a bunch of input ports.

Businesses often use these in reception areas, operations rooms, etc.

~~~
Scoundreller
What's the price difference?

Sad to think I'll have to pay a premium for the basic model...

~~~
voltagex_
[https://www.amazon.com/Samsung-
RM48D-48-Inch-1080p-Signage/d...](https://www.amazon.com/Samsung-
RM48D-48-Inch-1080p-Signage/dp/B00MTWTQL6)

[https://www.amazon.com/s/ref=nb_sb_noss_2/177-4673061-841302...](https://www.amazon.com/s/ref=nb_sb_noss_2/177-4673061-8413026?url=search-
alias%3Delectronics&field-keywords=samsung+48%22)

Seems to be about $200 USD difference - and funnily enough the commercial
version probably doesn't have HDMI-CEC.

------
steven777400
I didn't see in the article, how does the TV become infected? I presume that
users of "smart TVs" are mostly using built-in apps for Netflix, Hulu, etc; is
there some existing vulnerability that allows this to connect to the TV over
the network and exploit it? Or does it require the victim to access website
from the TV's browser? (Do smart TVs have browsers?) Or install an app on the
TV?

~~~
jbob2000
Yeah, that part was missing from the article. It looks like it phishes the
user into installing the ransomeware app, but they have to download the app
before that happens.

I'm assuming that a user would be browsing the web on their TV and some
website has abused the schema for installing apps through the smartTV app
store.

