This is a most excellent place for technology news and articles.
Worth pointing out this isn't any proper Android TV devices, but rather those cheap boxes that are often basically SBCs with AOSP installed on them which are predominantly sold as easy piracy boxes.
Edit: in fact, the article doesn't currently have TV in the title
Leaving out the TV makes it less precise and more clickbaity because then it sounds like Android phones are affected.
I guess the problem is that "Android TV" is a specific thing that none of these devices actually are, they're just dodgy boxes running Android that can be plugged into a TV.
For me it's more clickbaity because Android TV isn't actually involved here at all.
I'd say it would be more clickbaity if you just removed the "TV", because it'd make you think of smartphones, and those would be much more concerning
I miss having a dumb tv
If I don't connect it to the internet they don't get to sell ur data innit
LOL I'm still using an old CRT TV because it just won't die and I barely watch TV
I'm annoyed that they don't sell them and that even if you don't connect a smart tv to wifi to keep it dumb it'll still not just be a display and it'll try to shove stuff in your face
That's why you should build your own media center from an old machine. Much safer and more private.
How?
/ partition will do), maybe have a homemade NAS ready tooCheers, I'm using this as a jump off point for a weekend project maybe. Would anything change if I was interested in casting content too?
Look into Plex servers, that should keep you busy for the next six months till you get it up and running.
The problem is that YouTube app and F1 app are Android only so having a Linux media box won't help. It needs to run Android to run Android apps.
Plus I like to use Chromecast, we use it all the time to send YouTube videos from our phones to the big screen.
Wait, smart devices might not be secure?! I'm shocked!
Are non smart TVs even still a thing nowadays? I don't own or watch any TV so I honestly don't know how the market currently looks like.
Yes. They are sold for commercial use, e.g., McD’s menu, and are quite pricey.
Depends on your definition of "quite pricey." There's no equivalent of a $250 50" Insignia FireTV, but I've seen Samsung signage displays on Amazon for about a $75-$100 premium over their comparable Smart TVs. They also don't come with a stand, so if you weren't already buying a VESA mount you'll need to add another $40-80. There is a significant premium, but it's not necessarily orders of magnitude.
Apparently "smartness" has not invaded projectors...per a comment I read here on kbin a while back from a projector owner. This really encourages me to buy one.
It did though, last time I went to a tech store, there was a samsung smart projector that had all the capabilities of a smart tv
They're harder to find, for sure. Especially if you want a large screen.
When I was shopping around a few years ago, the only 65" TV I could find without smart features was a Sceptre, which is Walmart's electronics brand. Speakers so bad that I had to buy a sound bar, and the display isn't that great, but it gets the job done and I don't need to worry about it being an attack vector.
They get called “monitors” a lot (depending whether you need them to pick up cable/airwaves of course)
These are just generic Android TV devices that use Allwinner board. Allwinner made these kind of generic boards for Android TV and Android Auto head unit and sell them to OEMs. The OEMs then "customize" it by adding their APKs into the ROM provided by Allwinner. I doubt the malware come from Allwinner. Maybe it's just one (or more) OEM that include whatever APK they found on the internet without checking.
In total the researchers confirmed eight devices with backdoors installed—seven TV boxes, the T95, T95Z, T95MAX, X88, Q9, X12PLUS, and MXQ Pro 5G, and a tablet J5-W.
The other thing discussed is fraudulent android apps that have been removed from the play store.
This is the best summary I could come up with:
This week, cybersecurity firm Human Security is revealing new details about the scope of the infected devices and the hidden, interconnected web of fraud schemes linked to the streaming boxes.
“They’re like a Swiss Army knife of doing bad things on the Internet,” says Gavin Reid, the CISO at Human Security who leads the company’s Satori Threat Intelligence and Research team.
“This is a truly distributed way of doing fraud.” Reid says the company has shared details of facilities where the devices may have been manufactured with law enforcement agencies.
In the second half of 2022, Human Security says in its report, its researchers spotted an Android app that appeared to be linked to inauthentic traffic and connected to the domain flyermobi.com.
When Milisic posted his initial findings about the T95 Android box in January, the research also pointed to the flyermobi domain.
The company’s report, which has data scientist Marion Habiby as its lead author, says Human Security spotted at least 74,000 Android devices showing signs of a Badbox infection around the world—including some in schools across the US.
The original article contains 455 words, the summary contains 180 words. Saved 60%. I'm a bot and I'm open source!