Some Android TVs Infectable by Ransomware

Candid Wueest of from the technology security company Symantec recently bought a new TV which happened to run Android TV. It was probably manufactured by Sony. He noticed that there were some significant security issues on the device, which led him to do a thorough investigation.

If a user wants to send private information over the Internet, they’ll want to make sure their connection is encrypted. The information is sent from their computer to a remote server. This process can be completed over hundreds or thousands of miles of physical wire or airspace, making it easy for anyone to get that data as well. With a secure connection, the information read is nonsensical. Without knowing the key used to encrypt the message, it’s almost impossible to make sense of the message.

This also prevents a nefarious user from masquerading as that server. A server could pretend it was a bank site, storing your account credentials on its own system instead of your bank. Worse, it could pretend it was a software store. While you think you’re downloading a safe app or operating system update, you’re actually downloading malware. The download can be intercepted and replaced. This is called a Man in the Middle Attack.
Man in the Middle Attack

These have been relatively uncommon thanks to modern practices. If you go to many websites, you’ll see they are using HTTPS. The S stands for secure. It allows users to make a secure connection to a remote server and communicate without worrying about somebody trying to interfere with that connection. A connection to Google Play is secure, and you can download apps knowing that malware hasn’t been added to them en-route.

However, Wueest discovered that the TV he purchased has a gaming portal which communicates over an insecure connection. He was able to execute a Man in the Middle Attack when installing a racing game, instead installing ransomware. Ransomware is a type of software that prevents your device from operating properly until you contact the hackers and pay some sort of ransom for your device to function again.


Although Wueest was able to remove the malware using ADB, it does highlight a potential security threat for consumers. While by default you cannot install apps from unknown sources, many users do choose to disable this option for the openness and benefit of sideloading apps.

As our various devices become more functional, it does allow for more security holes. In this particular case, the hacker would need to be on the same network as the device, but that does not excuse the large security vulnerability present. Hopefully Sony, or whichever manufacturer this is, sends an update out to block off this avenue for potential hackers. He details his findings in a blog post if you’re curious on learning more.

Nick Felker

Nick Felker

Nick Felker is a student Electrical & Computer Engineering student at Rowan University (C/O 2017) and the student IEEE webmaster. When he's not studying, he is a software developer for the web and Android (Felker Tech). He has several open source projects on GitHub ( Devices: Moto G-2013 Moto G-2015, Moto 360, Google ADT-1, Nexus 7-2013 (x2), Lenovo Laptop, Custom Desktop. Although he was an intern at Google, the content of this blog is entirely independent and his own thoughts.

More Posts - Website

Follow Me:
TwitterLinkedInGoogle PlusReddit