Oh Great, Ransomware Is Infecting Smart TVs Now

Ghost in the machine.

On Christmas day, a family member of software developer Darren Cauthon received an unwelcome gift. According to Cauthon, that person “downloaded an app to watch a movie” on his or her LG smart TV, and the device froze soon after. When it rebooted, it was stuck on a screen purporting to show a letter from the desk of FBI Director James Comey, one claiming in subgrammatical English that the device had been locked up for “your attendance of the forbidden pornographic sites.” To make good, the letter warned, the device’s owner would have to pay a $500 fine.

As Catalin Cimpanu writes on BleepingComputer, the TV in question “appears to be infected with a version of the Cyber.Police ransomware, also known as FLocker, Frantic Locker, or Dogspectus.” While Frantic Locker has primarily affected Android smartphones, the TV was, Cauthon has explained on Twitter, an early model Google TV, one that runs a version of the Android operating system.

Ransomware works by taking over a system until a user pays a fee, often in the form of cryptocurrency or digital gift cards. One recent high-profile ransomware attack shut down much of San Francisco’s public transit system while another targeted a Hollywood hospital. More mundane ransomware has been reported on Android devices since at least 2014, and Frantic Locker first began to show up on phones in 2015. Although such programs can be dangerous, especially for the unprepared, they can often be relatively easy to clear off of a system, even if you don’t want to pay the fee.

TV-based ransomware is somewhat more worrisome, in part because it can be difficult to remove, as security researchers from Trend Micro warned in a report earlier this year. Seeing that risk realized in the wild seems to substantiate those fears, not least of all because traditional Android workarounds failed to fix the problem, according to Cauthon.

In its report, Trend Micro suggested that users with infected devices “contact the device vendor for solution first.” Cauthon, for his own part, apparently tried just that. But as Cimpanu reports, LG representatives “told him to visit one of their service centers, where one of its employees could reset his TV.” That service came with a hefty price tag attached—$340, enough that Cauthon’s family member might have been better off buying a new television outright.

As it happens, though, not every story has a grim ending in 2016. On Wednesday morning, Cauthon tweeted that LG had provided him with instructions for a factory reset.

Whether or not that procedure works, his story is further evidence that so-called smart devices are often anything but.