Worth pointing out this isn’t any proper Android TV devices, but rather those cheap boxes that are often basically SBCs with AOSP installed on them which are predominantly sold as easy piracy boxes.
Edit: in fact, the article doesn’t currently have TV in the title
Leaving out the TV makes it less precise and more clickbaity because then it sounds like Android phones are affected.
I guess the problem is that “Android TV” is a specific thing that none of these devices actually are, they’re just dodgy boxes running Android that can be plugged into a TV.
For me it’s more clickbaity because Android TV isn’t actually involved here at all.
I’d say it would be more clickbaity if you just removed the “TV”, because it’d make you think of smartphones, and those would be much more concerning
Yeah I’m not sure what the correct headline is, but at least for me I definitely clicked because I thought it was to do with Android TV, which it wasn’t. It was about those cheap boxes that anyone reading Ars already knows are probably filled with malware
Aren’t the boxes running “Android TV”, the set top box oriented flavor of Android, with e.g. the launcher designed to be operated with a TV remote and not a touch screen?
They are not themselves TVs, though, and I guess nowdays it might be most common for “Android TV” to run on the TV instead of on a separate device.
Those boxes are in a skin for normal Android to make it work with the TV. The only device you likely come in contact with with Android TV is the new Chromecast or a Sony TV. Other than the Nvidia shield and the Chromecast most actual Android TV devices still come with malware from the manufacturer. Even the Sony TVs, but basically every Smart TV comes with malware to spy on what you’re doing too.
I think the new dish network’s at top box also runs Android TV, maybe you found one of those wild.
That’s the problem, they’re not running Android TV at all. Just regular phone Android with some third party launcher.
Are you sure? One can definitely build images of the actual “Android TV” for various SBCs and the sorts of SOCs in these TV boxes, and then load them up with malware. Why wouldn’t they use that?
Honestly, I’m not entirely sure why, but for whatever reason these boxes are always running a pretty old version of regular Android. (Edit: in fact googling a couple of the devices in the article seems to confirm that)
Maybe there are more protections preventing this kind of malware on newer versions? Maybe someone just made the images a long time ago and people are just reusing them
Why not just find a different website reporting the story with a better headline? Rather than sharing the one with the headline you fear is misleading?
It’s only slightly misleading and Arstechnica writes really good articles. It’s pretty much the only news site I regularly browse.
Is there a better article to find?
Can you even get an actual Android TV device now that isn’t a Chromecast or an Nvidia shield? Other than a few TVs that mostly come with malware (tcl, Sony, Hisense) I can’t think of anything else that has actual Android TV you can buy as a consumer.
Xiaomi makes one, also Walmart carries one called Onn.
I miss having a dumb tv
If I don’t connect it to the internet they don’t get to sell ur data innit
I only watch pirated content. What data are they selling?
Your viewing habits. Nature shows? Show this guy camping gear ads on his phone!
You know, if I did get relevant ads from all of these places that are supposedly tracking everything that I do and monitoring my likes, I wouldn’t mind ads so much. But the fact that even though Google, for example, knows everything that I do and everywhere that I go and everything that I like, they still serve me irrelevant ads that I would never care about in a billion years. All of this touted targeted ads bullshit technology and it doesn’t even work. So I don’t care, harvest everything that I like and everything that I do. Because it doesn’t work anyway.
Problem are not ads being relevant. Real problem is much more sinister. It’s about being able to influence your behavior thanks to knowing your habits. Shill new running shoes from a different perspective so you find it more palatable or easier to influence you to buy something you don’t want. Slowly these patterns emerge and can be exploited. In some cases they can start to reveal secrets you don’t want revealed, like that case where Target sent pregnancy ads and coupons to teenagers and causing bunch of issues with their parents. It gets worse if they start selling your data to others. Imagine a politician making targeted ads towards select group of people based on their preferences telling them what they want to hear in order to get elected. Data can easily be abused in such a way.
You say it doesn’t work on you, which I doubt but even if that is so, on majority of people it will work. Privacy must be taken absolutely and seriously even though you have nothing to hide. Just like freedom of speech must remain even though you have nothing to publicly say.
Very well said I agree this needs to be taken more seriously. I recently bought a laptop that when booting into the BIOS displayed a message box saying that the device had persistent technology installed on it. With a little google search I found many computer companies come preinstalled with this rootkit and that it was not installed on the hard drive but into the motherboard instead and removing it was next to impossible. Almost every major computer company now are coming pre-installed with this. (mine was a 2020 Levono Thinkpad T490)
Bro being a regular sucks and it even sucks more when you don’t know what you’re taking about. They will sell you Nike while making you think that you’re life sucks because you’re fat.
Ah well goodluck google. I haven’t seen a single ad from past 6-7 years. Next DNS on my router, Linux mint with Firefox (ublock origin) and same for android.
Nice! I do pretty much the same except for the dns part. I’ll look into it.
Having said that, I’ve always said that we should be able to purchase dumb TVs, and when people say “just don’t connect it to the net,” they’re missing the point, because they’re still enabling these companies (this is not directed at you specifically. It’s just an argument I keep hearing.)
Shit will want to connect some way. If I ever have to buy a smart TV for myself, I’m opening it up and swapping the brain board or removing the antenna.
LOL I’m still using an old CRT TV because it just won’t die and I barely watch TV
Walmart sells Sceptre 4k tvs which are dumb, sure they aren’t OLED or have amazing refresh rates but they are the perfect TV for most people, it’s much easier to chuck and buy a new $20 streaming device when updates make it crawl to a near stop than it is to do the same with a $600+ TV.
These new Led backlit tvs die like every 2 years and need led strip replacement. I had to repair mine 3 times now while my old lcd tv never died in 15+ years and I gave it to my dad who is using it for past 8 years daily.
I’m annoyed that they don’t sell them and that even if you don’t connect a smart tv to wifi to keep it dumb it’ll still not just be a display and it’ll try to shove stuff in your face
Most TVs have an office or presentation mode hidden somewhere in the settings, that will get rid of the ad-ridden interface and replace it with a plain and functional one. That plus no wifi, ever, gets them sorted.
I bought a Hisense and it had the option during setup to disable most smart features and leave it in “basic mode”. I was already going to put an Apple TV in it so I just left it there and I’ve been happy. Only thing a tv needs is settings and the ability to change inputs.
android tv has this option at setup, like Sony and whatever else
your Hisense has android tv pre-installed
Any Smart TV can be a dumb TV if not connected to the internet
And what you will do with the preinstalled malware and bloatware?
Whats the malware going to do?
Lock you out? Instant refund and negative review. Steal your info? Cant send info out without internet.
I have an old Toshiba LCD TV which is a bit thick in comparison to today’s devices but it’s so good and robust. Also no smart features what so ever. Comes with a bunch of inputs and has some features not found on modern devices. It also came with full schematic should it ever need servicing. Every now and then I’ll get the urge of getting oh so new and shiny OLED then remind myself about builtin expiration date and stupid “smart” features.
I gave mine up when I had to move cross country. I miss it dearly.
That’s why you should build your own media center from an old machine. Much safer and more private.
How?
- Connect old PC to TV. Both can be 15 years old.
- (optional) For better performance, get a small SSD alongside the big HDD (a 64GB
/partition will do), maybe have a homemade NAS ready too - Install Lubuntu, Mint XFCE, Puppy Linux or any other distro of choice
- Set up KDE Connect, qBittorrent and VLC
- Enjoy
Cheers, I’m using this as a jump off point for a weekend project maybe. Would anything change if I was interested in casting content too?
I think Kodi does some casting… Not 100% sure.
Make sure
TearFreeis enabled in the graphics configuration (google it).The hardest part in my project was recalibrating the colors because my TV in HDMI-RGB mode (as opposed to YCbCr) displays everything below 10% brightness as black. The rest was done very quickly. I don’t even need a sequential-chunk torrent software because I use FreeRapid Downloader and ulozto.net (can download fast enough to play while downloading at reasonable 720p/1080p bitrates, otherwise
ulozto-downloaderand a 10min wait is needed).Kodi supports DLNA, a media library sharing/casting standard.
Stremio on a old windows laptop is a good easy alternative
Could you use a pi ? Do you have any recommendations on ssd / hdd
You can use a relatively cheap Pi as a NAS (network-attached storage - there are ready-made solutions but expensive and don’t get updates for nearly as long), and possibly add Kodi media server capabilities (useful for smart TVs). Check if that model supports a sufficiently fast disk interface (USB 3.0, SATA etc.) and Ethernet (100 Mb/s or better if 4K is required). Boot from an SD card and use a 2TB+ HDD (1TB could be enough if you barely store anything). Most disks from the past 10 years will be good enough to play 4K video from if no OS is running from them. Go for a lower-end one but not ridiculously cheap, and check that people aren’t frequently complaining about the model or product line.
I don’t know which Pi models can smoothly play HD video without overheating, I don’t own any. But those that can are likely a lot more expensive than old PCs you could use otherwise. I would just get a cheap one for a NAS and probably some other common network use cases (web server, Pihole etc.)
My RPi 2B plays HD vids without stuttering or overheating. 4K doesn’t work tho, so if you want that, get a newer model.
Are dedicated media-centered OSs (fast boot, remote control) available?
Yes, I’m using libreelec, I and friends control the display from our phones using the Kore app. Makes searching and typing easy, works great on my Pi. Fun game, which of you will select a movie first on your phones lol.
Note: pi3B can do 1080p but it struggles a little if the codec is anything other than h264, because Kodi decided to stop supporting closed source drivers. If you’re playing anything above 1080 and anything other than h264, go for a pi 4 or better.
Yes just research how to install Plex or Kodi on your pi. I just did it this evening for an update. For that I used docker with Linuxserver/Plex. It takes some time to get all the settings but there are good YouTube tutorials on how to do it.
Great news. I have a pi I’m not really using. Be a good project for it.
You’d be better off with a used office pc, something with a 4. Or 6. gen Intel CPU is usually cheaper than a RPI and way more versatile. Only thing you lose on is size and power consumption.
I’ll need to look into that then
OK I’ve tried in the past to make a decent streaming box from both windows media center edition and various Linux distros. But I need something that is simple, can be controlled entirely from a remote, and has the major streaming apps (Netflix, disney, etc). I haven’t really found any solution that’s easy enough for non techie people to use. I have a standalone roku box that works ok we also have a roku TV which is a giant piece of garbage, and I’m considering buying an external roku or nvidia shield as a streaming box instead, I do have a couple of raspberry pi 4s I could use one but again I’m faced with the same issues.
This may seem like a bit much, but it pretty much holds your hand to guide you through the install.
Have you tried Kodi?
Have you tried Kodi?
Look into Plex servers, that should keep you busy for the next six months till you get it up and running.
Or Jellyfin. Because free.
Is jellyfin a better alternative?
Yes
Yeah, it’s free and open source. I just pointed it at a few folders of TV, movies and music that I downloaded years ago, and it catalogued them all, downloaded all the blurbs and posters.
Like a mini Netflix that you host yourself.
Sounds great. I’ll just need to take the time to actually do it
There are jellyfin, Plex and emby shares you can subscribe to for cheap, try it out before blowing money and time on a set-up that needs constant tinkering, it’s easy to just download an app and connect to your remote library somewhere that someone else spends time on. I use a shield I got 6 years ago, but now also the Amazon fire stick 4k max on another TV and everything is just easy and seamless while using a Plex share that’s 9 euro per month.
The Android TV app seems better too.
That will keep you busy for a full year.
What are you talking about. First time I set it up, had it running on my local network in less than 5 minutes. 5 more minutes for external (granted, already had the infrastructure for that in place).
Then maybe 20min going through the settings to personalize my account? And maybe another 20min looking if there are any plugins I wanted to use.
It’s true, the setup with docker is easy and reliable. However, sorting and taking your media takes very long.
Not even docker, I just pulled it from the aur, lol.
And yeah, that’s fair. Though not really Jellyfins fault if it’s not sorted already. Same goes for Plex.
I don’t think it’s a year to setup the software. Rather a year to load it lol. I’ve spent probably close to 4 years loading content into my Plex server and I don’t see any end in sight.
Radarr/Sonarr :)
People pull shit out of their asses to feel superior about things they don’t actually know anything about.
It’ll only take a few minutes to setup. Once you get hooked you’ll spend a lot more time automating everything and adding more storage.
The problem is that YouTube app and F1 app are Android only so having a Linux media box won’t help. It needs to run Android to run Android apps.
Plus I like to use Chromecast, we use it all the time to send YouTube videos from our phones to the big screen.
What’s wrong with using YouTube in a browser?
Can’t control it from my phone. Would need a mouse. At least I’m tech minded. My wife isn’t and there is no way she would stand for using a mouse and browser on the TV.
Get a media centre remote. Works great.
And if you have an Android phone use KDE Connect. There’s a Windows version now also, and you can do just about everything with it.
Ah, right, makes sense. I’m using a steam controller (or any other controller with steam, honestly) instead of a mouse, which works well enough
I don’t know about apps like F1 and Chromecast, but I can see that it could be a problem. But YouTube has worked fine for me with the MPV player. Maybe you could try Android-x86? (is that thing still alive? 😅)
I swear shit like this is why Lemmy is so incredibly out of touch with the real world. I can’t take the community seriously anymore.
So my home media center is not real world enough? I only expressed an opinion; you are free to ignore it. Also, there is nothing that keeps you here. Please kindly keep in mind that most Lemmy users right now are interested in technology, you can’t take that away from them and there is nothing wrong with it. If you want to stay away from “shit like this”, then, with all respect, you probably should not be in a technology sub in the first place.
I think the difference is folks confuse the general public with the general lemmy user. And I can’t tell if the fediverse and lemmy are supposed to be attempting to be a front page for general folks or lemmy early adopter folks.
Because something is not popular and not available in typical electronic store doesn’t mean it’s not real.
I know having a private life may seem unreal in recent ~10 years, but it surely can be done without giving up modern life. All it takes is a little time for research and saying “no” sometimes. The hardest part are always areas where more people like that are needed to say “no”.
People have been using old computers as media centres for decades at this point. Not sure what you’re on about.
but where does the media come from? and how do most folks get their media legally?
Legally would be DVDs, Blurays, and DRM-free sources.
I’ve torrented movies I have physical copies of before. It’s faster than ripping and encoding it myself. And notice I didn’t say “pirated”?
You can’t pirate something you legally own a copy of. That fast was a major factor in some of the high profile lawsuits against individuals. If the person being sued owned a copy of the movie/song then they dropped it from the list.
I agree. Too many comments and threads are hijacked or over represented by the pro piracy crowd. I wish more communities would just ban the shit post of “yar, time to sail the high seas” that seem to be the top comment on any media related post.
Wait, smart devices might not be secure?! I’m shocked!
China hacked my fucking coffee mug.
deleted by creator
These are just generic Android TV devices that use Allwinner board. Allwinner made these kind of generic boards for Android TV and Android Auto head unit and sell them to OEMs. The OEMs then “customize” it by adding their APKs into the ROM provided by Allwinner. I doubt the malware come from Allwinner. Maybe it’s just one (or more) OEM that include whatever APK they found on the internet without checking.
deleted by creator
Do modern TVs even come in non-smart variants anymore?
deleted by creator
But they’re expensive.
A 50" TV is about $220. (smart TV)
A 50" monitor is $650.
deleted by creator
It doesn’t really matter, just don’t connect them to the internet. Our TV just has a 14 year old computer that plays media perfectly, and is completely cut off from the internet.
If they allow you to do that without any loss in functionality.
It takes some research if youve never done anything like it before, but you can drip feed it the internet via a pihole, and starve it specifically of ads and data collection. Keep the functionality, kill the leech.
Google smart tv pihole, theres a few guides, for anyone interested.
But why? It doesn’t need that for anything. Just plug an old computer in via HDMI and bookmark movie-web.app or download/stream stuff from anywhere. Much better quality, interface, and no jank.
Just depends on what you need it for, and what youre trying to plug into it.
For example, some people dont have spare computers to turn into a mini server, but do have $60 and the time to fiddle with a raspberry pi.
Mines a 14 year old gateway you could prolly get for free or under 100, much more powerful than a RPi. Using Windows 10 on it with zero issue.
I do have a couple Pis next to it but those don’t hook up to any screens, I just tunnel into em. One is a PiHole and one is a server. :3
Curious, what functionality would I lose? All it needs to do is turn on and display video through an HDMI port.
Samsung historically has had a habit of poaching features from their Smart TVs as they age, eventually leaving you with a not so smart TV after a decade or so. Not sure if other manufacturers do the same
What a realistic approach! A thing getting dumber as it ages, what a great idea!
/s
Aha! Yeah that’s okay with me, since we just disable their internet hook computers up, to use them as dumb monitors.
no.
It’s hard to buy a dumb TV now
deleted by creator
Above 35" monitors aren’t that common, and the ones that exist are basically TVs with TV software.
Commercial displays are the only real alternative. Some of them even come with a slot for a Raspberry Pi compute module.
I heard Sceptre still sells them. Never bought one so can’t vouch for quality
new Moto G phones come to mind lol
just got one and dear lord so much adware
deleted by creator
Admittedly I haven’t been looking that hard, but I don’t think I’ve seen a TV for sale in the past 10 years that wasn’t a “smart” TV.
deleted by creator
deleted by creator
Who? The guy with questionable “methodology”?
So you do know him!
Bro his gf/wife is Chinese
Thanks for the super relevant info 🤦♂️
Do you realize that a person can be from a country without having any involvement with the industries and government of that country?
I think she’s from real China, Taiwan!
She’s not, you can figure it out, but let’s stick to generalisation
In total the researchers confirmed eight devices with backdoors installed—seven TV boxes, the T95, T95Z, T95MAX, X88, Q9, X12PLUS, and MXQ Pro 5G, and a tablet J5-W.
The other thing discussed is fraudulent android apps that have been removed from the play store.
This is the best summary I could come up with:
This week, cybersecurity firm Human Security is revealing new details about the scope of the infected devices and the hidden, interconnected web of fraud schemes linked to the streaming boxes.
“They’re like a Swiss Army knife of doing bad things on the Internet,” says Gavin Reid, the CISO at Human Security who leads the company’s Satori Threat Intelligence and Research team.
“This is a truly distributed way of doing fraud.” Reid says the company has shared details of facilities where the devices may have been manufactured with law enforcement agencies.
In the second half of 2022, Human Security says in its report, its researchers spotted an Android app that appeared to be linked to inauthentic traffic and connected to the domain flyermobi.com.
When Milisic posted his initial findings about the T95 Android box in January, the research also pointed to the flyermobi domain.
The company’s report, which has data scientist Marion Habiby as its lead author, says Human Security spotted at least 74,000 Android devices showing signs of a Badbox infection around the world—including some in schools across the US.
The original article contains 455 words, the summary contains 180 words. Saved 60%. I’m a bot and I’m open source!
I rememberLinus Tech Tips talking about that month ago:
Do you have a credible source instead?
Lmfao
Still more credible than 90% of random tech outlets.
3/10 is still not a good rating, even if strictly better than 2/10
Woah, I just checked, and apparently they are back to releasing videos.
The video is based in mentioned sources. I don’t see a reason why every video from LTT should be non-credible.
Oh, many many reasons is why.
They aren’t tech experts. They’re tech entertainers.
Here is an alternative Piped link(s):
https://piped.video/1vpepaQ-VQQ?si=t52OHvJ79nnXSsYC
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.
Good bot
Isn’t his gf/wife Chinese ?
Definitely not unkillable tho
installing your own OS and/or bootloader is a pain and most of the time unfeasable. And that’s the only way to safely kill software based backdoors.
Even then, unless you also blow away the firmware, you can’t be sure it’s clean.
on Android, the OS is the firmware. If you talk about peripheral firmware, I’d not call it “software based” anymore.
Looks like my old bravia and rpi is a good combination.
Chinesium devices, anyone?
You have a device not made in China?
I have a tv built in 1978, it was made somewhere in Michigan dont know where the sticker is faded in that part.
Cool. 500W worth of lamps for (maybe) 32" of terrible quality picture?
Its actaully widescreen and the picture quality is surprisingly decent.
Except that old CRT cannot display modern digital images.
Yeah, I was making a joke. Do love that bastard though, also its fun to daisy chain adapters and run firesticks and shit on it. Good for old movies and games that were intended for CRT.
I tried to make that shit work with Raspberry pi. All attempts were futile.
Here it is: https://discuss.tchncs.de/post/2626604
Its called google and it infects all stock android devices
Anyway I actually have one of those devices. It was support to be a birthday present but it came with some baggage. By the time I realized it I couldn’t return it
Every laptop, mobile phone, TV, smart home devices and their mothers have an unkillable backdoor. What’s new?
Usually get patched and fixed ¯\_(ツ)_/¯ In this case they sell them like this and most take advantage of it.
