The Anti-virus Times

Friday, March 22, 2024

Remember trying this method if your TV set wasn’t working? You’d bang on the case, twist the wires, and voilà, it would come on? Nowadays, devices are smarter, and it is harder and more expensive to repair them. But users can also encounter other modern-day troubles when a device breaks down. For example, they can be hacked or have their personal data or money stolen. And this is no longer a problem that can be fixed with a screwdriver; it forces users to take care of their privacy and use anti-virus protection on all their Internet-connected devices.

Read today's article to find out what bad things attackers can do with your Android smart devices and how to protect yourself.

What should people who own Android smart devices be afraid of?

When we talk about anti-virus protection for Android devices, we first think of solutions for smartphones and tablets. We use these devices every day, store a lot of personal information on them, and sometimes we use our gadgets all day long: for work, chatting in instant messengers, making purchases, and using social networks... Meanwhile, we turn on our TVs or game consoles mainly in the evenings and do not let them get close to our personal lives. But, this unequal attitude towards different types of smart devices does not negate the fact that we need to take care of their protection equally carefully.

Attackers are interested in all types of Android devices. Intercepting Internet traffic, stealing personal data, extortion, obscene advertising, inappropriate content for children instead of cartoons — these are today’s threats. People protect their smartphone and tablet but forget about the rest of their smart devices — who hasn’t been in this situation? And why does someone need to hack a smart TV, a smart projector or a game console?

Let's imagine that a new smart TV has appeared in a living room. The owner of the device is inviting his friends over to watch live stream football on its wide screen. The room is full of the smell of ink from the installation instructions; packaging paper rustles underfoot. The lucky owner of the smart device carries out all the necessary installation steps. The final one involves linking his existing account to the TV in order to fully enjoy all the smart features. The user enters "How to link an account to a smart TV" in the search bar, and in the first line of the drop-down list of pages, he reads a story about how an account was stolen from a smart TV linked with Google.

And now the hero of our story has to look for ways to protect the account and the device together from possible attacks because no one likes it when their confidential data are stolen and their right to sole ownership of their device is taken away.

What motivates cybercriminal and types of attacks

Doctor Web’s specialists give the following explanations for why attackers hack Android smart devices.

Information that can be stolen: personal data, logins and passwords, phone numbers, email addresses, and payment details. After taking possession of such information, attackers can get close to the funds in the hacked account or, say, email all the instant messengers’ contacts on behalf of the victim, asking them for a loan.

Type of fraud: phishing, malicious applications.

Account trading is also one way that criminals earn money.

Information that can be stolen: from smart TVs, hackers make off with accounts for streaming services — for example, in order to sell this data on the black market.

Type of fraud: accounts can be stolen using phishing and malicious applications.

Data that can be stolen: cybercriminals can access the browser history and take screenshots. For devices equipped with a camera and a microphone — these can be both smart TVs and set-top boxes, there is the danger of espionage. The hackers' arsenal also includes malicious programs that block a device's operation or encrypt files. Cybercriminals often demand a ransom for their restoration or in some other way blackmail the user.

Type of attack: spyware or encryption ransomware and blockers distributed via websites, email attachments containing tempting content, torrents, and software vulnerabilities.

An infected application can even be downloaded from official software stores, not to mention pirated sites. For example, cybercriminals can use trojans disguised as a media player or a "useful" utility to sneak into a system and extract any useful information.

What it means: cybercriminals can use compromised devices as botnet elements. The devices in such a network, known as “bots” or “zombies,” obey an attacker's commands and are used to send out spam, carry out DDoS attacks, gather information about the credentials of hacked users, and commit other cybercrimes.

Type of attack: botnets are created by infecting devices with malware.

Advertising is everywhere now, and it's difficult to control it. It can be shown to any age category. For example, a child using a photo editor application on a phone sees an advertisement targeting people 18 and older. In this case, no one is using the device owner’s data for selfish purposes or asking for a ransom, but obscene commercials can be traumatic if the youngest family members have access to the device. Therefore, both parental control and an anti-virus are useful.

Absolutely any owner of a smart device can fall victim to hacking or unwanted advertising. Everyone has a lot to lose. No one can be sure that they are uninteresting to intruders — we reason differently than they do.

Weak points of smart devices running the Android OS

Even if a user observes security measures, they are not completely immune from attacks since almost every Android device has an Achilles heal.

Vulnerabilities If a user has never experienced having their device hacked via the various vulnerabilities in their applications or the system itself, they are either lucky or have a good anti-virus.

Cybercriminals track and exploit vulnerabilities to their advantage. Therefore, it is advisable to take a farsighted approach to the problem and soften the blow in advance. Despite the fact that fixing vulnerabilities depends largely on the manufacturer, users should not refuse to install all the available updates of any software. And they should also install an anti-virus solution.

Modified OS versions. Install custom firmware and get malware as a gift. Here's one known way to infect smart TVs and other smart devices with trojans and other malware.

A miner for mining cryptocurrency or a trojan for raising a proxy server can be built into modified firmware. A trojan for carrying out DDoS attacks could also be built in. So, you should not install third-party firmware.

Infected firmware. It's nice to receive a bonus or an additional service when buying things — but not when the original firmware is infected with malware. Not every manufacturer will pay attention to this, let alone release a patch. The user will be doomed to use the infected system and spend time and money searching for a solution to the problem. For example, they may have to look for third-party firmware that could also be infected.

If a smart Android device has a stripped-down version of the operating system, it can also be infected at the moment of purchase and, therefore, dangerous. But due to possible incompatibility with third-party applications, even with an anti-virus, for example, the user will not know this because they will not be able to check.