• @9point6@lemmy.world
    link
    fedilink
    English
    117
    edit-2
    1 year ago

    Worth pointing out this isn’t any proper Android TV devices, but rather those cheap boxes that are often basically SBCs with AOSP installed on them which are predominantly sold as easy piracy boxes.

    Edit: in fact, the article doesn’t currently have TV in the title

    • @Vent@lemm.eeOP
      link
      fedilink
      English
      281 year ago

      Leaving out the TV makes it less precise and more clickbaity because then it sounds like Android phones are affected.

      • @9point6@lemmy.world
        link
        fedilink
        English
        171 year ago

        I guess the problem is that “Android TV” is a specific thing that none of these devices actually are, they’re just dodgy boxes running Android that can be plugged into a TV.

        For me it’s more clickbaity because Android TV isn’t actually involved here at all.

        • KubeRoot
          link
          fedilink
          English
          71 year ago

          I’d say it would be more clickbaity if you just removed the “TV”, because it’d make you think of smartphones, and those would be much more concerning

          • @9point6@lemmy.world
            link
            fedilink
            English
            3
            edit-2
            1 year ago

            Yeah I’m not sure what the correct headline is, but at least for me I definitely clicked because I thought it was to do with Android TV, which it wasn’t. It was about those cheap boxes that anyone reading Ars already knows are probably filled with malware

        • @planish@sh.itjust.works
          link
          fedilink
          English
          11 year ago

          Aren’t the boxes running “Android TV”, the set top box oriented flavor of Android, with e.g. the launcher designed to be operated with a TV remote and not a touch screen?

          They are not themselves TVs, though, and I guess nowdays it might be most common for “Android TV” to run on the TV instead of on a separate device.

          • @Zanz@lemmy.ml
            link
            fedilink
            English
            1
            edit-2
            1 year ago

            Those boxes are in a skin for normal Android to make it work with the TV. The only device you likely come in contact with with Android TV is the new Chromecast or a Sony TV. Other than the Nvidia shield and the Chromecast most actual Android TV devices still come with malware from the manufacturer. Even the Sony TVs, but basically every Smart TV comes with malware to spy on what you’re doing too.

            I think the new dish network’s at top box also runs Android TV, maybe you found one of those wild.

          • @9point6@lemmy.world
            link
            fedilink
            English
            11 year ago

            That’s the problem, they’re not running Android TV at all. Just regular phone Android with some third party launcher.

            • @planish@sh.itjust.works
              link
              fedilink
              English
              11 year ago

              Are you sure? One can definitely build images of the actual “Android TV” for various SBCs and the sorts of SOCs in these TV boxes, and then load them up with malware. Why wouldn’t they use that?

              • @9point6@lemmy.world
                link
                fedilink
                English
                1
                edit-2
                1 year ago

                Honestly, I’m not entirely sure why, but for whatever reason these boxes are always running a pretty old version of regular Android. (Edit: in fact googling a couple of the devices in the article seems to confirm that)

                Maybe there are more protections preventing this kind of malware on newer versions? Maybe someone just made the images a long time ago and people are just reusing them

      • deweydecibel
        link
        fedilink
        English
        51 year ago

        Why not just find a different website reporting the story with a better headline? Rather than sharing the one with the headline you fear is misleading?

    • @Zanz@lemmy.ml
      link
      fedilink
      English
      11 year ago

      Can you even get an actual Android TV device now that isn’t a Chromecast or an Nvidia shield? Other than a few TVs that mostly come with malware (tcl, Sony, Hisense) I can’t think of anything else that has actual Android TV you can buy as a consumer.

      • YⓄ乙
        link
        fedilink
        English
        61 year ago

        I only watch pirated content. What data are they selling?

        • El Barto
          link
          fedilink
          English
          61 year ago

          Your viewing habits. Nature shows? Show this guy camping gear ads on his phone!

          • @doktorseven@lemmy.world
            link
            fedilink
            English
            4
            edit-2
            1 year ago

            You know, if I did get relevant ads from all of these places that are supposedly tracking everything that I do and monitoring my likes, I wouldn’t mind ads so much. But the fact that even though Google, for example, knows everything that I do and everywhere that I go and everything that I like, they still serve me irrelevant ads that I would never care about in a billion years. All of this touted targeted ads bullshit technology and it doesn’t even work. So I don’t care, harvest everything that I like and everything that I do. Because it doesn’t work anyway.

            • @MeanEYE@lemmy.world
              link
              fedilink
              English
              41 year ago

              Problem are not ads being relevant. Real problem is much more sinister. It’s about being able to influence your behavior thanks to knowing your habits. Shill new running shoes from a different perspective so you find it more palatable or easier to influence you to buy something you don’t want. Slowly these patterns emerge and can be exploited. In some cases they can start to reveal secrets you don’t want revealed, like that case where Target sent pregnancy ads and coupons to teenagers and causing bunch of issues with their parents. It gets worse if they start selling your data to others. Imagine a politician making targeted ads towards select group of people based on their preferences telling them what they want to hear in order to get elected. Data can easily be abused in such a way.

              You say it doesn’t work on you, which I doubt but even if that is so, on majority of people it will work. Privacy must be taken absolutely and seriously even though you have nothing to hide. Just like freedom of speech must remain even though you have nothing to publicly say.

              • @0ryX@lemm.ee
                link
                fedilink
                English
                21 year ago

                Very well said I agree this needs to be taken more seriously. I recently bought a laptop that when booting into the BIOS displayed a message box saying that the device had persistent technology installed on it. With a little google search I found many computer companies come preinstalled with this rootkit and that it was not installed on the hard drive but into the motherboard instead and removing it was next to impossible. Almost every major computer company now are coming pre-installed with this. (mine was a 2020 Levono Thinkpad T490)

            • YⓄ乙
              link
              fedilink
              English
              1
              edit-2
              1 year ago

              Bro being a regular sucks and it even sucks more when you don’t know what you’re taking about. They will sell you Nike while making you think that you’re life sucks because you’re fat.

          • YⓄ乙
            link
            fedilink
            English
            21 year ago

            Ah well goodluck google. I haven’t seen a single ad from past 6-7 years. Next DNS on my router, Linux mint with Firefox (ublock origin) and same for android.

            • El Barto
              link
              fedilink
              English
              4
              edit-2
              1 year ago

              Nice! I do pretty much the same except for the dns part. I’ll look into it.

              Having said that, I’ve always said that we should be able to purchase dumb TVs, and when people say “just don’t connect it to the net,” they’re missing the point, because they’re still enabling these companies (this is not directed at you specifically. It’s just an argument I keep hearing.)

      • @Duamerthrax@lemmy.world
        link
        fedilink
        English
        21 year ago

        Shit will want to connect some way. If I ever have to buy a smart TV for myself, I’m opening it up and swapping the brain board or removing the antenna.

    • @PoopMonster@lemmy.world
      link
      fedilink
      English
      81 year ago

      Walmart sells Sceptre 4k tvs which are dumb, sure they aren’t OLED or have amazing refresh rates but they are the perfect TV for most people, it’s much easier to chuck and buy a new $20 streaming device when updates make it crawl to a near stop than it is to do the same with a $600+ TV.

      • @Knocturnal@lemmy.world
        link
        fedilink
        English
        11 year ago

        These new Led backlit tvs die like every 2 years and need led strip replacement. I had to repair mine 3 times now while my old lcd tv never died in 15+ years and I gave it to my dad who is using it for past 8 years daily.

    • @DudeDudenson
      link
      English
      81 year ago

      I’m annoyed that they don’t sell them and that even if you don’t connect a smart tv to wifi to keep it dumb it’ll still not just be a display and it’ll try to shove stuff in your face

      • @viking@infosec.pub
        link
        fedilink
        English
        61 year ago

        Most TVs have an office or presentation mode hidden somewhere in the settings, that will get rid of the ad-ridden interface and replace it with a plain and functional one. That plus no wifi, ever, gets them sorted.

      • @LappingDog@sh.itjust.works
        link
        fedilink
        English
        61 year ago

        I bought a Hisense and it had the option during setup to disable most smart features and leave it in “basic mode”. I was already going to put an Apple TV in it so I just left it there and I’ve been happy. Only thing a tv needs is settings and the ability to change inputs.

        • @job3rg@lemmy.world
          link
          fedilink
          English
          41 year ago

          Whats the malware going to do?

          Lock you out? Instant refund and negative review. Steal your info? Cant send info out without internet.

    • @MeanEYE@lemmy.world
      link
      fedilink
      English
      51 year ago

      I have an old Toshiba LCD TV which is a bit thick in comparison to today’s devices but it’s so good and robust. Also no smart features what so ever. Comes with a bunch of inputs and has some features not found on modern devices. It also came with full schematic should it ever need servicing. Every now and then I’ll get the urge of getting oh so new and shiny OLED then remind myself about builtin expiration date and stupid “smart” features.

    • El Barto
      link
      fedilink
      English
      21 year ago

      I gave mine up when I had to move cross country. I miss it dearly.

      • ChaoticNeutralCzech
        link
        fedilink
        English
        341 year ago
        1. Connect old PC to TV. Both can be 15 years old.
        2. (optional) For better performance, get a small SSD alongside the big HDD (a 64GB / partition will do), maybe have a homemade NAS ready too
        3. Install Lubuntu, Mint XFCE, Puppy Linux or any other distro of choice
        4. Set up KDE Connect, qBittorrent and VLC
        5. Enjoy
        • @SEND_NOODLES_PLS@lemmy.world
          link
          fedilink
          English
          71 year ago

          Cheers, I’m using this as a jump off point for a weekend project maybe. Would anything change if I was interested in casting content too?

          • ChaoticNeutralCzech
            link
            fedilink
            English
            31 year ago

            I think Kodi does some casting… Not 100% sure.

            Make sure TearFree is enabled in the graphics configuration (google it).

            The hardest part in my project was recalibrating the colors because my TV in HDMI-RGB mode (as opposed to YCbCr) displays everything below 10% brightness as black. The rest was done very quickly. I don’t even need a sequential-chunk torrent software because I use FreeRapid Downloader and ulozto.net (can download fast enough to play while downloading at reasonable 720p/1080p bitrates, otherwise ulozto-downloader and a 10min wait is needed).

          • ChaoticNeutralCzech
            link
            fedilink
            English
            10
            edit-2
            1 year ago

            You can use a relatively cheap Pi as a NAS (network-attached storage - there are ready-made solutions but expensive and don’t get updates for nearly as long), and possibly add Kodi media server capabilities (useful for smart TVs). Check if that model supports a sufficiently fast disk interface (USB 3.0, SATA etc.) and Ethernet (100 Mb/s or better if 4K is required). Boot from an SD card and use a 2TB+ HDD (1TB could be enough if you barely store anything). Most disks from the past 10 years will be good enough to play 4K video from if no OS is running from them. Go for a lower-end one but not ridiculously cheap, and check that people aren’t frequently complaining about the model or product line.

            I don’t know which Pi models can smoothly play HD video without overheating, I don’t own any. But those that can are likely a lot more expensive than old PCs you could use otherwise. I would just get a cheap one for a NAS and probably some other common network use cases (web server, Pihole etc.)

            • Karyoplasma
              link
              fedilink
              English
              31 year ago

              My RPi 2B plays HD vids without stuttering or overheating. 4K doesn’t work tho, so if you want that, get a newer model.

                • @RubberElectrons@lemmy.world
                  link
                  fedilink
                  English
                  3
                  edit-2
                  1 year ago

                  Yes, I’m using libreelec, I and friends control the display from our phones using the Kore app. Makes searching and typing easy, works great on my Pi. Fun game, which of you will select a movie first on your phones lol.

                  Note: pi3B can do 1080p but it struggles a little if the codec is anything other than h264, because Kodi decided to stop supporting closed source drivers. If you’re playing anything above 1080 and anything other than h264, go for a pi 4 or better.

          • danque
            link
            fedilink
            English
            41 year ago

            Yes just research how to install Plex or Kodi on your pi. I just did it this evening for an update. For that I used docker with Linuxserver/Plex. It takes some time to get all the settings but there are good YouTube tutorials on how to do it.

          • @Lupara@lemmy.sdf.org
            link
            fedilink
            English
            31 year ago

            You’d be better off with a used office pc, something with a 4. Or 6. gen Intel CPU is usually cheaper than a RPI and way more versatile. Only thing you lose on is size and power consumption.

        • @Limit@lemm.ee
          link
          fedilink
          English
          21 year ago

          OK I’ve tried in the past to make a decent streaming box from both windows media center edition and various Linux distros. But I need something that is simple, can be controlled entirely from a remote, and has the major streaming apps (Netflix, disney, etc). I haven’t really found any solution that’s easy enough for non techie people to use. I have a standalone roku box that works ok we also have a roku TV which is a giant piece of garbage, and I’m considering buying an external roku or nvidia shield as a streaming box instead, I do have a couple of raspberry pi 4s I could use one but again I’m faced with the same issues.

            • @Blackmist@feddit.uk
              link
              fedilink
              English
              81 year ago

              Yeah, it’s free and open source. I just pointed it at a few folders of TV, movies and music that I downloaded years ago, and it catalogued them all, downloaded all the blurbs and posters.

              Like a mini Netflix that you host yourself.

                • @___that_old_polish_guy@lemmy.world
                  link
                  fedilink
                  English
                  21 year ago

                  There are jellyfin, Plex and emby shares you can subscribe to for cheap, try it out before blowing money and time on a set-up that needs constant tinkering, it’s easy to just download an app and connect to your remote library somewhere that someone else spends time on. I use a shield I got 6 years ago, but now also the Amazon fire stick 4k max on another TV and everything is just easy and seamless while using a Plex share that’s 9 euro per month.

            • smiletolerantly
              link
              fedilink
              English
              101 year ago

              What are you talking about. First time I set it up, had it running on my local network in less than 5 minutes. 5 more minutes for external (granted, already had the infrastructure for that in place).

              Then maybe 20min going through the settings to personalize my account? And maybe another 20min looking if there are any plugins I wanted to use.

              • @PlexSheep@feddit.de
                link
                fedilink
                English
                31 year ago

                It’s true, the setup with docker is easy and reliable. However, sorting and taking your media takes very long.

                • smiletolerantly
                  link
                  fedilink
                  English
                  21 year ago

                  Not even docker, I just pulled it from the aur, lol.

                  And yeah, that’s fair. Though not really Jellyfins fault if it’s not sorted already. Same goes for Plex.

              • @Redditiscancer789@lemmy.world
                link
                fedilink
                English
                21 year ago

                I don’t think it’s a year to setup the software. Rather a year to load it lol. I’ve spent probably close to 4 years loading content into my Plex server and I don’t see any end in sight.

              • sebinspace
                link
                fedilink
                English
                11 year ago

                People pull shit out of their asses to feel superior about things they don’t actually know anything about.

        • @CmdrShepard@lemmy.one
          link
          fedilink
          English
          41 year ago

          It’ll only take a few minutes to setup. Once you get hooked you’ll spend a lot more time automating everything and adding more storage.

    • danielfgom
      link
      fedilink
      English
      101 year ago

      The problem is that YouTube app and F1 app are Android only so having a Linux media box won’t help. It needs to run Android to run Android apps.

      Plus I like to use Chromecast, we use it all the time to send YouTube videos from our phones to the big screen.

        • danielfgom
          link
          fedilink
          English
          61 year ago

          Can’t control it from my phone. Would need a mouse. At least I’m tech minded. My wife isn’t and there is no way she would stand for using a mouse and browser on the TV.

          • @CeeBee@lemmy.world
            link
            fedilink
            English
            31 year ago

            Get a media centre remote. Works great.

            And if you have an Android phone use KDE Connect. There’s a Windows version now also, and you can do just about everything with it.

          • @hikaru755@feddit.de
            link
            fedilink
            English
            21 year ago

            Ah, right, makes sense. I’m using a steam controller (or any other controller with steam, honestly) instead of a mouse, which works well enough

      • @itsraining@lemmy.world
        link
        fedilink
        English
        11 year ago

        I don’t know about apps like F1 and Chromecast, but I can see that it could be a problem. But YouTube has worked fine for me with the MPV player. Maybe you could try Android-x86? (is that thing still alive? 😅)

    • 👁️👄👁️
      link
      fedilink
      English
      -111 year ago

      I swear shit like this is why Lemmy is so incredibly out of touch with the real world. I can’t take the community seriously anymore.

      • @itsraining@lemmy.world
        link
        fedilink
        English
        6
        edit-2
        1 year ago

        So my home media center is not real world enough? I only expressed an opinion; you are free to ignore it. Also, there is nothing that keeps you here. Please kindly keep in mind that most Lemmy users right now are interested in technology, you can’t take that away from them and there is nothing wrong with it. If you want to stay away from “shit like this”, then, with all respect, you probably should not be in a technology sub in the first place.

        • @Copernican@lemmy.world
          link
          fedilink
          English
          2
          edit-2
          1 year ago

          I think the difference is folks confuse the general public with the general lemmy user. And I can’t tell if the fediverse and lemmy are supposed to be attempting to be a front page for general folks or lemmy early adopter folks.

      • @smileyhead@discuss.tchncs.de
        link
        fedilink
        English
        41 year ago

        Because something is not popular and not available in typical electronic store doesn’t mean it’s not real.

        I know having a private life may seem unreal in recent ~10 years, but it surely can be done without giving up modern life. All it takes is a little time for research and saying “no” sometimes. The hardest part are always areas where more people like that are needed to say “no”.

      • @CeeBee@lemmy.world
        link
        fedilink
        English
        41 year ago

        People have been using old computers as media centres for decades at this point. Not sure what you’re on about.

          • @CeeBee@lemmy.world
            link
            fedilink
            English
            11 year ago

            Legally would be DVDs, Blurays, and DRM-free sources.

            I’ve torrented movies I have physical copies of before. It’s faster than ripping and encoding it myself. And notice I didn’t say “pirated”?

            You can’t pirate something you legally own a copy of. That fast was a major factor in some of the high profile lawsuits against individuals. If the person being sued owned a copy of the movie/song then they dropped it from the list.

      • @Copernican@lemmy.world
        link
        fedilink
        English
        21 year ago

        I agree. Too many comments and threads are hijacked or over represented by the pro piracy crowd. I wish more communities would just ban the shit post of “yar, time to sail the high seas” that seem to be the top comment on any media related post.

  • @redcalcium@lemmy.institute
    link
    fedilink
    English
    29
    edit-2
    1 year ago

    These are just generic Android TV devices that use Allwinner board. Allwinner made these kind of generic boards for Android TV and Android Auto head unit and sell them to OEMs. The OEMs then “customize” it by adding their APKs into the ROM provided by Allwinner. I doubt the malware come from Allwinner. Maybe it’s just one (or more) OEM that include whatever APK they found on the internet without checking.

    • Eggyhead
      link
      fedilink
      151 year ago

      Do modern TVs even come in non-smart variants anymore?

      • @Rai@lemmy.dbzer0.com
        link
        fedilink
        English
        71 year ago

        It doesn’t really matter, just don’t connect them to the internet. Our TV just has a 14 year old computer that plays media perfectly, and is completely cut off from the internet.

        • deweydecibel
          link
          fedilink
          English
          41 year ago

          If they allow you to do that without any loss in functionality.

          • @wildginger@lemmy.myserv.one
            link
            fedilink
            English
            21 year ago

            It takes some research if youve never done anything like it before, but you can drip feed it the internet via a pihole, and starve it specifically of ads and data collection. Keep the functionality, kill the leech.

            Google smart tv pihole, theres a few guides, for anyone interested.

            • @Rai@lemmy.dbzer0.com
              link
              fedilink
              English
              11 year ago

              But why? It doesn’t need that for anything. Just plug an old computer in via HDMI and bookmark movie-web.app or download/stream stuff from anywhere. Much better quality, interface, and no jank.

              • @wildginger@lemmy.myserv.one
                link
                fedilink
                English
                31 year ago

                Just depends on what you need it for, and what youre trying to plug into it.

                For example, some people dont have spare computers to turn into a mini server, but do have $60 and the time to fiddle with a raspberry pi.

                • @Rai@lemmy.dbzer0.com
                  link
                  fedilink
                  English
                  1
                  edit-2
                  1 year ago

                  Mines a 14 year old gateway you could prolly get for free or under 100, much more powerful than a RPi. Using Windows 10 on it with zero issue.

                  I do have a couple Pis next to it but those don’t hook up to any screens, I just tunnel into em. One is a PiHole and one is a server. :3

          • @Rai@lemmy.dbzer0.com
            link
            fedilink
            English
            11 year ago

            Curious, what functionality would I lose? All it needs to do is turn on and display video through an HDMI port.

            • 𝒍𝒆𝒎𝒂𝒏𝒏
              link
              fedilink
              English
              41 year ago

              Samsung historically has had a habit of poaching features from their Smart TVs as they age, eventually leaving you with a not so smart TV after a decade or so. Not sure if other manufacturers do the same

              • asudox
                link
                fedilink
                English
                21 year ago

                What a realistic approach! A thing getting dumber as it ages, what a great idea!

                /s

              • @Rai@lemmy.dbzer0.com
                link
                fedilink
                English
                21 year ago

                Aha! Yeah that’s okay with me, since we just disable their internet hook computers up, to use them as dumb monitors.

        • @space@lemmy.dbzer0.com
          link
          fedilink
          English
          21 year ago

          Above 35" monitors aren’t that common, and the ones that exist are basically TVs with TV software.

          Commercial displays are the only real alternative. Some of them even come with a slot for a Raspberry Pi compute module.

      • @omni@lemdro.id
        link
        fedilink
        English
        11 year ago

        I heard Sceptre still sells them. Never bought one so can’t vouch for quality

    • @jvisick@programming.dev
      link
      fedilink
      English
      61 year ago

      Admittedly I haven’t been looking that hard, but I don’t think I’ve seen a TV for sale in the past 10 years that wasn’t a “smart” TV.

  • @Kissaki@feddit.de
    link
    fedilink
    English
    111 year ago

    In total the researchers confirmed eight devices with backdoors installed—seven TV boxes, the T95, T95Z, T95MAX, X88, Q9, X12PLUS, and MXQ Pro 5G, and a tablet J5-W.

    The other thing discussed is fraudulent android apps that have been removed from the play store.

  • AutoTL;DRB
    link
    English
    71 year ago

    This is the best summary I could come up with:


    This week, cybersecurity firm Human Security is revealing new details about the scope of the infected devices and the hidden, interconnected web of fraud schemes linked to the streaming boxes.

    “They’re like a Swiss Army knife of doing bad things on the Internet,” says Gavin Reid, the CISO at Human Security who leads the company’s Satori Threat Intelligence and Research team.

    “This is a truly distributed way of doing fraud.” Reid says the company has shared details of facilities where the devices may have been manufactured with law enforcement agencies.

    In the second half of 2022, Human Security says in its report, its researchers spotted an Android app that appeared to be linked to inauthentic traffic and connected to the domain flyermobi.com.

    When Milisic posted his initial findings about the T95 Android box in January, the research also pointed to the flyermobi domain.

    The company’s report, which has data scientist Marion Habiby as its lead author, says Human Security spotted at least 74,000 Android devices showing signs of a Badbox infection around the world—including some in schools across the US.


    The original article contains 455 words, the summary contains 180 words. Saved 60%. I’m a bot and I’m open source!

    • @heeplr@feddit.de
      link
      fedilink
      English
      3
      edit-2
      1 year ago

      installing your own OS and/or bootloader is a pain and most of the time unfeasable. And that’s the only way to safely kill software based backdoors.

      • Doubletwist
        link
        fedilink
        English
        11 year ago

        Even then, unless you also blow away the firmware, you can’t be sure it’s clean.

        • @heeplr@feddit.de
          link
          fedilink
          English
          11 year ago

          on Android, the OS is the firmware. If you talk about peripheral firmware, I’d not call it “software based” anymore.

  • Possibly linux
    link
    fedilink
    English
    -3
    edit-2
    1 year ago

    Its called google and it infects all stock android devices

    Anyway I actually have one of those devices. It was support to be a birthday present but it came with some baggage. By the time I realized it I couldn’t return it

  • nadram
    link
    fedilink
    English
    -71 year ago

    Every laptop, mobile phone, TV, smart home devices and their mothers have an unkillable backdoor. What’s new?

    • Jin
      link
      fedilink
      English
      51 year ago

      Usually get patched and fixed ¯⁠\⁠_⁠(⁠ツ⁠)⁠_⁠/⁠¯ In this case they sell them like this and most take advantage of it.