A software engineer has freed a smart TV of a ransomware infection by using closely guarded factory reset instructions.
On Christmas Day 2016, software engineer Darren Cauthon tweeted out a dilemma involving his LG smart television set.
— Darren Cauthon (@darrencauthon) December 25, 2016
In the comments appended to his tweet, Cauthon reveals his wife downloaded an app to watch a movie. Halfway through the movie, the screen froze. Cauthon tried to fix the issue by rebooting the TV. Instead it booted to a ransomware demand familiar to many (although not usually on a television!):
DEPARTMENT OF JUSTICE
FEDERAL BUREAU OF INVESTIGATION
WASHINGTON DC DEPARTMENT, USA
AS A RESULT OF FULL SCANNING OF YOUR DEVICE, SOME SUSPICIOUS FILES HAVE BEEN FOUND AND YOUR ATTENDANCE OF THE FORBIDDEN PORNOGRAPHIC SITES HAS BEEN FIXED. FOR THIS REASON YOUR DEVICE HAS BEEN LOCKED.
INFORMATION ON YOUR LOCATION AND SNAPSHOTS CONTAINING YOUR FACE HAVE BEEN UPLOADED ON THE FBI CYBER CRIME DEPARTMENT'S DATACENTER.
At this time, it's unknown what app Cauthon's wife downloaded onto the TV or where it came from. The software engineer hasn't revealed much to dispel the mystery. As he told one commentator on Twitter:
"No, I don't have the url. I asked and they told me the name of the app, but they don't remember where it came from."
The software engineer has yet to disclose the name of the app publicly.
Theoretically, Cauthon's wife could have downloaded the app off Google Play. As I wrote in an article for Metacompliance, the affected smart TV is one of the last sets that ran Google TV, a platform developed by Google in collaboration with Intel, Sony, and Logitech in 2010. The industry abandoned Google TV in 2014, but users can still use the platform on their smart TVs to search Google's Play Store for downloadable apps.
This particular smart TV suffered an infection at the hands of FLocker. Also known as Frantic Locker or Dogspectus, it's a version of Cyber.Police - the same ransomware of which Trend Micro's researchers have found more than 7,000 variants since it appeared in May 2015.
After rendering the TV unusable, FLocker demanded Cauthon's family pay US $500 in ransom. The software engineer contacted LG and requested that the company help him restore the TV to its factory settings. An LG representative said they could not disclose the instructions to customers and recommended Cauthon bring the TV in to a LG service professional, a visit which would cost more than US $300.
Fortunately, LG eventually changed its mind and gave him the factory reset instructions. The Register relays them brilliantly:
"With the TV powered off, place one finger on the settings symbol then another finger on the channel down symbol. Remove finger from settings, then from channel down, and navigate using volume keys to the wipe data/ factory reset option."
Cauthon has published a video on YouTube demonstrating the process.
Given ransomware's ongoing evolution, I doubt we have heard the last of crypto-malware infecting smart TVs.
Should your TV ever experience an infection, follow Cauthon's example and contact the manufacturer for help.
In the meantime, make sure you're careful about what apps you download onto your TV set.