Following the news that the first case of ransomware on a smart TV has appeared over the Christmas holiday with one consumer burdened with finding out how to remove ransomware from his TV. IT security experts from Tripwire commented below.

Craig Young, Cybersecurity Researcher at Tripwire:

CraigYoung“For the latest case of smart TV ransomware, it is important to recognize that this malware was downloaded from some unspecified site and side-loaded onto the TV.  Although I feel that it is important for devices to allow side-loading of content, consumers need to understand that this is an advanced feature and comes with certain inherent risks.  It is unwise to download apps outside of a trusted app store. But when there is a strong need to do so, it is wise to first submit the app for analysis through a service like VirusTotal.  While these systems are far from perfect, a lot of the malicious Android apps will likely be flagged as such.”

Lamar Bailey, Senior Director of Security Research and Development at Tripwire: 

Lamar Bailey“Smart devices, including TVs, are just special purpose computers, so any attack that can happen to a computer can happen to a TV. Android and Opera make the OS for the majority of the most popular SmartTVs and both OSes have security features, but they may not be implemented. Security has not been much of a consideration for most IoT and smart device vendors so it was just a matter of time before ransomware for these devices hits the mainstream. These TV operating systems have open sources components and the developer kits and tools can be easily downloaded by anyone who can conduct a web search making writing exploits and review code much easier. There is no way to backup and restore a TV, so if the factory reset does not work, the TV is useless unless you pay the ransom or have the vendor fix or replace it.”

“You better have a good warranty that covers these types of issues, and at this time, I do not see any that specially mention this. Consumers are at the mercy of the vendor. Cyber security Insurance exists for companies, but it is not common for individuals or normally included in rental or homeowners policies.

  •  Vendors should be held accountable by consumers for unsecure products and this coverage

should extend beyond a one year warranty.

  • Consumers need to buy major products like TVs with credit cards that offer extended warranties to help protect their investment.
  • All IoT and Smart products should have a hard reset to completely set the device back to factory.
  • All Smart products should be receiving security updates and fixes on a regular basis and consumers need to set auto updates.
  • Consumers should do a websearch for the product they are looking to buy and look for “exploit”, “Security”, “hacked”, and “updates” to see if there are any reports of issues before buying.
  • Consumers need to do a little more investigating when buying products and look beyond price and feature set to see how often a company updates the product and how long the warranty lasts.
  • Extended warranties may be a good option if they cover these types of issues.”
Information Security Buzz