Friday, 17 June 2016 10:01

FLocker can infect Android OS TVs Featured

By

FLocker – Frantic Locker – appeared in May 2015. Over 7000 varieties have evolved, and it has jumped to Android OS for smart TVs which is used by Sony, Sharp, Philips and more.

But most of you won’t have to worry unless you use the TV to read email, SMS, or surf the Internet – straight use as a dumb TV should be fine. There is some question about installing apps from non-authorised app stores but as far as I can ascertain major brands lock that up pretty tightly.

The interesting thing is that when it detects Android TV, it simply locks the screen – making the TV useless until a ransom is paid. It can also steal data from the device. It portends the beginning of ransomware for any IoT device.

Trend Micro said the latest batch of 1200 variants came in April and masquerades as the Cyber Police or another law enforcement agency. It accuses potential victims of crimes they didn’t commit. Then, it demands US$200 worth of iTunes gift cards.

When launched for the first time, FLocker checks if the device is located in Eastern European counties: Kazakhstan, Azerbaijan, Bulgaria, Georgia, Hungary, Ukraine, Russia, Armenia, and Belarus. If so it deactivates itself.

If FLocker reaches a compatible target, it waits for 30 minutes after infecting the unit before it runs the routine. After the short waiting period, it starts the background service which requests device admin privileges immediately. This bypasses Android’s dynamic sandbox. If the user denies this request, it will freeze the screen faking a system update.

Norton by Symantec has also warned of FLocker in the wild. Ironically it was one of the first companies last year to warn of ransomware for smart TVs. It is an interesting read as it also covers things like unsigned firmware updates and how a smart TV could be hijacked to become part of a Botnet or cryptocurrency mining operation.

While the initial version is "defeatable" via a computer with the Android developer tools using the ADB command to kill the process and revoke its administrator access, very few have that expertise. There is some talk of a hardware (not a software menu) factory reset, but depending on set that may not be possible. Smart TV manufacturers can tell you which combination of buttons to press at power on.

Dave Jevans, Vice President Mobile Security at Proofpoint, has provided some insights into this threat and user tips:

“The biggest risk will be on mobile devices where users surf the Internet or receive SMS messages that can spread malicious apps. Typically SMS messages are not enabled on TV sets running Android.  It could be possible to get infected by visiting an infected malicious website on your Android TV," he said.

Consumers can protect themselves by:

  •  not accepting apps for installation that are sent by SMS messages
  •  being very wary of accepting apps for installation from web pages and not an App store
  •  be very wary when apps request for increased access privileges
  •  be extremely wary or do not install apps on Android that have permissions such as:
    • RESTART_PACKAGES
    • SYSTEM_ALERT_WINDOW
    • KILL_BACKGROUND_PROCESSES
    • GET_TASKS

Enterprises can protect employees mobile devices by deploying an App Reputation and Security service in conjunction with their Mobile Device Management service.

BUSINESS WORKS BETTER WITH WINDOWS 1O. MAKE THE SHIFT

You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer

Timezones

QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.

REGISTER!

ADVERTISE ON ITWIRE NEWS SITE & NEWSLETTER

iTWire can help you promote your company, services, and products.

Get more LEADS & MORE SALES

Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]

OR CLICK HERE!

Ray Shaw

joomla stats

Ray Shaw [email protected]  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments