Unhappy holidays: Android ransomware strikes LG smart TV on Christmas *

lg-tv-ransomware-screenshot-cauthon

*Updated below.

Christmas Day brought an unexpected and decidedly unwanted gift to the family of Kansas-based software developer Darren Cauthon: smart TV ransomware.

According to Cauthon, he was visiting family when an older-model LG smart TV became infected with a version of the Cyber.Police ransomware, otherwise known as FLocker, Frantic Locker or Dogspectus.

Someone in the house had downloaded a free movie streaming app and was in the midst of watching one of the movies when the ransomware took over. The ransomware displays an official looking letter from the Federal Bureau of Investigation claiming that the person involved was illegally streaming movies. In this case, the screenshot appears to suggest the “illegally pirated content” was the movie “Suicide Squad.” The ransomware then requests a payment of $500 in order to unlock the device.

How did this happen? The smart TV in question is an older model from LG, the 50GA6400, produced between 2012 and 2013 that runs on the discontinued smart TV platform Google TV. The platform was launched by Google Inc. in 2010, developed with Intel, Sony and Logitech but was discontinued in 2014. Judging by the sideways-orientation in the screenshot, the malware appears to expect a tablet or a phone.

Security researchers discovered that Android-powered TVs, similar to this LG model, had become targets for ransomware in June of this year. According to researchers at Trend Micro Inc. the malware waits 30 minutes after infecting a device to act and other mobile devices that cross-platform with the TV could also be vulnerable.

Statistics on the infection rate of smart TVs and what TVs are vulnerable are hard to come by. As for the mobile malware landscape, a report released by smartphone maker Nokia Corp. revealed a 96 percent rise in infections during the first half of 2016.

In the report, Android OS is cited as hit the hardest with 8.9 million infected apps in July 2016. As an Android-based OS, the Google TV operating system and smart TVs that use it fall into this category.

Fix almost as costly as the ransom

Ordinarily, a having a tech-savvy software developer in the family would mean that the TV would be reset to factory settings in a matter of minutes or hours and its firmware updated to kill the ransomware. If that were easy, this would become a story about how smart devices leave networks susceptible to malware, companies need to up their security game and consumers need better training on “safe” apps to download.

Not so for the Cauthon family. According to BleepingComputer, the security researcher attempted to contact LG Electronics Inc. to learn how to reset the TV but got the runaround instead. According to Cauthon, LG technical support would not tell him how to reset the TV and instead directed him to take the TV to a service center. This would incur a potential $340 bill to remove the ransomware.

As for the do-it-yourself fix, the factory reset method is apparently secret and this is why LG tech supports wants people to go to a service center. Following the timeline of the Twitter feed containing Cauthon’s initial complaint, numerous helpful users attempted to find others who attempted a reset before without much effect.

Screenshot of help Cauthon received on his Twitter feed to fix the broken TV. To no avail.

Screenshot of help Cauthon received on his Twitter feed to fix the broken TV, to no avail.

At this point, a new TV would probably be cheaper than paying the ransom or getting LG to fix it. Right now, Amazon has more than 1,000 flat screen TVs under $500, including newer models than the disabled one.

Update: LG tech support finally came through for Cauthon on Wednesday and on Thursday he tweeted that the fix works along with a YouTube video of how to perform a factory reset.

For his part in the whole undesired gift of malware and attempts to fix the TV, Cauton was also interviewed by local news station KSHB 41.

“Pure anger you know. You buy a TV and you expect it to work and it, a hacker gets in the TV,” said Cauthon about the whole ordeal. “The FBI will not contact you via your TV to demand money from you, so if anything on your TV demands money from you don’t pay them.”

Featured image credit: Darren Cauthon via Twitter