We recently reported about Android banking Trojans including ransomware in their arsenal. Now, Android ransomware has turned to infecting LG Smart TVs. Security firms have been warning users for more than a year about the possibility of Android ransomware jumping from phones and tablets to other Android-powered devices, such as LG Smart TVs. The ransomware that has infected LG Smart TVs appears to be a popular form of Android ransomware called ‘Cyber Police’ also known as FLocker, Frantic Locker, or Dogspectus.
Cyber Police Ransomware
Cyber Police ransomware came onto the cybersecurity scene in late April 2016 and infected millions of Android devices. Unlike other malware threats, Cyber Police automatically downloads and installs itself after a user visits some compromised websites, all without the user knowing. Upon installation, the ransomware prevents users from doing anything on the device until a ransom of $200 is paid in iTune gift cards.
The name Cyber Police for the ransomware comes from how the malware works. As you can see from the ransom note below, the message appears to be from the U.S. Government, explaining that the device is locked because the user supposedly browsed illegal websites. Furthermore, the message warns users that their browsing history has been stored in the database of the U.S. Department of Homeland Security.
Much like the Android banking Trojans that include ransomware, if you are somewhat tech-savvy, you know that you won’t have to pay the ransom. Unlike other ransomware cases, Cyber Police ransomware doesn’t encrypt data; it simply locks the phone. However, you can retrieve your data by connecting your Android device to a PC and reset it to the original factory settings. If you have your device backed up through cloud services, you can minimize the loss of data by downloading your data after performing the factory reset.
LG Smart TV Ransomware Infection
Based on the screenshot below, the LG Smart TV appears to be infected by Cyber Police ransomware. The infected TV is one of the last generations of LG Smart TVs that run Google TV, which was launched in 2010 but discontinued in June 2014. LG has since moved from Google TV to WebOS, an open-source Linux-based multitask operating system.
The TV was infected with Cyber Police ransomware by downloading an app to watch a movie. Halfway through the movie, the TV froze and now boots to show the ransom note from Cyber Police. It’s unclear whether the user downloaded the app from the official Google Play Store or from a third-party source.
Upon receiving the ransom note, the user attempted to reset the TV to factory settings, but the procedure available online didn’t work. After contacting LG support, where one of its employees could reset the TV, the support service sent the user a bill for $340 while the ransomware demanded a $500 payment. Based on the date this TV was purchased, it would probably be a better idea for this user to purchase a newer TV with updated security settings.
The Future of Ransomware on Smart TVs
The example above received a lot of criticism from Smart TV users as this TV is considered ‘ancient’ in the technology world. Just because an old, outdated Smart TV was infected with ransomware, are all smart TVs at risk? We believe the answer is ‘YES.’
In our 2017 Cybersecurity Predictions article, IoT attacks are projected to be the next major cybersecurity threat. As devices become more internet-enabled, like Smart TVs, security measures still lag behind, despite risks being at an all-time high. Researchers from Symantec conducted a test and installed ransomware on an updated Smart TV. Despite the researcher being an expert of Android malware, he found it extremely difficult to remove the malware from the infected TV and said it would be nearly impossible for a non-technical user.
Google has now started working on an Android-based Smart TV platform. What does this mean? Android ransomware remains a huge and valid threat for a large chunk of the Smart TV market.