Researchers at Trend Micro have spotted cybercriminals targeting vulnerable Android-based smart TVs with malicious apps can allow cyber home invasions.
An attacker could virtually stalk victims through connected cameras and microphones, set up payment fraud through connected accounts, install ransomware, and gain unauthorized access to other devices and networks that share the same WiFi, according to a Jan. 7 blog post.
The malicious apps were detected as ANDROIDOS_ROOTSTV.A. and contain a backdoor that exploits the (CVE-2014-7911) vulnerability in Android versions before Lollipop 5.0 (Cupcake 1.5 to Kitkat 4.4W.2), the post said.
Cybercriminals lure users to various sites that distribute the malicious apps with the promise of offering content from other countries that otherwise wouldn't be available.The sites are under the H.TV name and use several download servers to infect users. Most visitors to these sites are located in the United States or Canada, the researchers said.
|Screenshot of sites that serve malware to Smart TVs, courtesy of Trend Micro.|
Despite the ease of updating the software on most Android mobile devices, researchers said that upgrading smart TVs may be more challenging to users due to hardware constraints.
Tom Kellermann, chief cybersecurity officer (CSO) at Trend Micro, told SCMagazine.com that between 15 and 20 percent of vulnerable Android-based TVs that require hardware updates likely need to be specially ordered in addition to the software updates.
“Android should do a more proactive job of notifying consumers of updates,” Kellermann said, adding that any smart TV manufactured more than six months ago should be updated. Even a television set that was recently opened for Christmas is probably already vulnerable to attack, he contended.
Kellermann recommended that smart TV owners regularly update their systems, change all default passwords, use mobile application reputation services, and turn devices off after use.
Researchers recently said millions of smart TVs and remote control apps are vulnerable to remote code execution attacks and that cybercriminals have a wide range of options if they wish to breach the average smart TV.