Following the news that Flocker Android Ransomware is now infecting Smart TVs, experts from PRPL Foundation, Imperva, Proofpoint and MIRACL, commented below.
Cesare Garlati, Chief Security Strategist at the prpl Foundation:
“There is not really anything special about this attack; the malware operates in the same way to other malware on Android devices and we have seen a few cases with smart TVs in the past with LG TVs. Users need to be careful if they are using multiple devices that run on the Android platform, as it can move more easily from one device to the next.
“Manufacturers can help eliminate the headache for users having to deal with these types of malware by taking steps at the development level to ensure they offer secure updates to fix vulnerabilities and practice security by separation to avoid privilege escalation – for example, system lockdown. The prpl Security Guidance sets out these steps.
“If we’re getting technical, I think the term “ransomware” is improperly used in this case. Users can always reset the TV to factory defaults and get rid of the problem. There shouldn’t be any valuable personal data/files on a TV worth the payment of the ransom. TVs are devices to consume content – more like tablets, not to produce and store it – like PCs.”
Itsik Mantin, Director of Security Research at Imperva:
“We have seen this scenario occurring across all sorts of digital devices, from PCs to phones, cars and recently refrigerators. When a device becomes digital and gets connected, it presents new opportunities for attackers. White hats and black hats figure out the new attack surface and mount attacks and security measures follow. The only thing that changes is the time it takes to complete the chain, which becomes shorter and shorter.
As in other cases, the infection occurs when the user downloads and installs a malicious application, usually from clicking on a link which they receive in a message or see on the internet. Smart TVs are not different to desktops PCs and other electronic devices, and the security rule of thumb also holds here – always treat suggestions to download new software with caution.
In the never-ending race against hackers, security personnel should assume losing a battle here and there, and make sure they have recovery procedures in place for when such scenarios occur.”
David Jevans, VP of Mobile Security at Proofpoint:
“The biggest risk will be on mobile devices where users surf the Internet or receive SMS messages that can spread malicious apps. Typically SMS messages are not enabled on TV sets running Android. It could be possible to get infected by visiting an infected malicious website on your Android TV.
Consumers can protect themselves by:
– not accepting apps for installation that are sent by SMS messages
– being very wary of accepting apps for installation from web pages and not an App store
– be very wary when apps request for increased access privileges
– be extremely wary or do not install apps on Android that have permissions such as:
RESTART_PACKAGES
SYSTEM_ALERT_WINDOW
KILL_BACKGROUND_PROCESSES
GET_TASKS
Enterprises can protect employees with their mobile devices by deploying an App Reputation and Security service in conjunction with their Mobile Device Management service.”
Brian Spector, CEO at MIRACL:
“This finding shouldn’t come as a surprise – it was only a matter of time before smart devices started getting infected with ransomware. Door bells and kettle are just as vulnerable to attacks as computers and phones as is every single device connected to the Internet.
Security is the bedrock of trust online, whether it is serves to verify a user (to a service, or to another device); to protect a user’s information or investments; or allow a user to understand the (still new and evolving) environment that is the Internet of Things.
As the Web moves into its next phase, and connected devices become the norm, new solutions are needed to move the future of cloud computing forward, and protect the data, identities and information of the nearly 3 billion people who use the Web.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.