Worth pointing out this isn’t any proper Android TV devices, but rather those cheap boxes that are often basically SBCs with AOSP installed on them which are predominantly sold as easy piracy boxes.
Edit: in fact, the article doesn’t currently have TV in the title
Leaving out the TV makes it less precise and more clickbaity because then it sounds like Android phones are affected.
I guess the problem is that “Android TV” is a specific thing that none of these devices actually are, they’re just dodgy boxes running Android that can be plugged into a TV.
For me it’s more clickbaity because Android TV isn’t actually involved here at all.
I’d say it would be more clickbaity if you just removed the “TV”, because it’d make you think of smartphones, and those would be much more concerning
Aren’t the boxes running “Android TV”, the set top box oriented flavor of Android, with e.g. the launcher designed to be operated with a TV remote and not a touch screen?
They are not themselves TVs, though, and I guess nowdays it might be most common for “Android TV” to run on the TV instead of on a separate device.
That’s the problem, they’re not running Android TV at all. Just regular phone Android with some third party launcher.
Are you sure? One can definitely build images of the actual “Android TV” for various SBCs and the sorts of SOCs in these TV boxes, and then load them up with malware. Why wouldn’t they use that?
Honestly, I’m not entirely sure why, but for whatever reason these boxes are always running a pretty old version of regular Android. (Edit: in fact googling a couple of the devices in the article seems to confirm that)
Maybe there are more protections preventing this kind of malware on newer versions? Maybe someone just made the images a long time ago and people are just reusing them
Those boxes are in a skin for normal Android to make it work with the TV. The only device you likely come in contact with with Android TV is the new Chromecast or a Sony TV. Other than the Nvidia shield and the Chromecast most actual Android TV devices still come with malware from the manufacturer. Even the Sony TVs, but basically every Smart TV comes with malware to spy on what you’re doing too.
I think the new dish network’s at top box also runs Android TV, maybe you found one of those wild.
Why not just find a different website reporting the story with a better headline? Rather than sharing the one with the headline you fear is misleading?
It’s only slightly misleading and Arstechnica writes really good articles. It’s pretty much the only news site I regularly browse.
Can you even get an actual Android TV device now that isn’t a Chromecast or an Nvidia shield? Other than a few TVs that mostly come with malware (tcl, Sony, Hisense) I can’t think of anything else that has actual Android TV you can buy as a consumer.
Xiaomi makes one, also Walmart carries one called Onn.
Wait, smart devices might not be secure?! I’m shocked!
Are non smart TVs even still a thing nowadays? I don’t own or watch any TV so I honestly don’t know how the market currently looks like.
Yes. They are sold for commercial use, e.g., McD’s menu, and are quite pricey.
I think you meant to say not subsidized by ad tracking lol
Yes, not subsidized…and therefore pricy.
Depends on your definition of “quite pricey.” There’s no equivalent of a $250 50" Insignia FireTV, but I’ve seen Samsung signage displays on Amazon for about a $75-$100 premium over their comparable Smart TVs. They also don’t come with a stand, so if you weren’t already buying a VESA mount you’ll need to add another $40-80. There is a significant premium, but it’s not necessarily orders of magnitude.
And they’re made better… To be on 24x7. So you’re also paying for a better quality display. That’s worth paying for too.
Apparently “smartness” has not invaded projectors…per a comment I read here on kbin a while back from a projector owner. This really encourages me to buy one.
It did though, last time I went to a tech store, there was a samsung smart projector that had all the capabilities of a smart tv
I hope it is not ubiquitous.
Not yet, but it is definitely heading that direction
Although a projector would need you to have a home with a whole spare wall. And would force you to dim the lights all the time.
They’re harder to find, for sure. Especially if you want a large screen.
When I was shopping around a few years ago, the only 65" TV I could find without smart features was a Sceptre, which is Walmart’s electronics brand. Speakers so bad that I had to buy a sound bar, and the display isn’t that great, but it gets the job done and I don’t need to worry about it being an attack vector.
They get called “monitors” a lot (depending whether you need them to pick up cable/airwaves of course)
China hacked my fucking coffee mug.
deleted by creator
I miss having a dumb tv
LOL I’m still using an old CRT TV because it just won’t die and I barely watch TV
Walmart sells Sceptre 4k tvs which are dumb, sure they aren’t OLED or have amazing refresh rates but they are the perfect TV for most people, it’s much easier to chuck and buy a new $20 streaming device when updates make it crawl to a near stop than it is to do the same with a $600+ TV.
These new Led backlit tvs die like every 2 years and need led strip replacement. I had to repair mine 3 times now while my old lcd tv never died in 15+ years and I gave it to my dad who is using it for past 8 years daily.
Any Smart TV can be a dumb TV if not connected to the internet
And what you will do with the preinstalled malware and bloatware?
Whats the malware going to do?
Lock you out? Instant refund and negative review. Steal your info? Cant send info out without internet.
But it will still be a bloat and take up resources like any deamon/service and resources are already very low on these devices!
Not connecting to internet is not a solution but buying dump TV is.
I’m annoyed that they don’t sell them and that even if you don’t connect a smart tv to wifi to keep it dumb it’ll still not just be a display and it’ll try to shove stuff in your face
I bought a Hisense and it had the option during setup to disable most smart features and leave it in “basic mode”. I was already going to put an Apple TV in it so I just left it there and I’ve been happy. Only thing a tv needs is settings and the ability to change inputs.
Most TVs have an office or presentation mode hidden somewhere in the settings, that will get rid of the ad-ridden interface and replace it with a plain and functional one. That plus no wifi, ever, gets them sorted.
These are just generic Android TV devices that use Allwinner board. Allwinner made these kind of generic boards for Android TV and Android Auto head unit and sell them to OEMs. The OEMs then “customize” it by adding their APKs into the ROM provided by Allwinner. I doubt the malware come from Allwinner. Maybe it’s just one (or more) OEM that include whatever APK they found on the internet without checking.
That’s why you should build your own media center from an old machine. Much safer and more private.
How?
- Connect old PC to TV. Both can be 15 years old.
- (optional) For better performance, get a small SSD alongside the big HDD (a 64GB
/partition will do), maybe have a homemade NAS ready too - Install Lubuntu, Mint XFCE, Puppy Linux or any other distro of choice
- Set up KDE Connect, qBittorrent and VLC
- Enjoy
Stremio on a old windows laptop is a good easy alternative
OK I’ve tried in the past to make a decent streaming box from both windows media center edition and various Linux distros. But I need something that is simple, can be controlled entirely from a remote, and has the major streaming apps (Netflix, disney, etc). I haven’t really found any solution that’s easy enough for non techie people to use. I have a standalone roku box that works ok we also have a roku TV which is a giant piece of garbage, and I’m considering buying an external roku or nvidia shield as a streaming box instead, I do have a couple of raspberry pi 4s I could use one but again I’m faced with the same issues.
Look into Plex servers, that should keep you busy for the next six months till you get it up and running.
Or Jellyfin. Because free.
That will keep you busy for a full year.
What are you talking about. First time I set it up, had it running on my local network in less than 5 minutes. 5 more minutes for external (granted, already had the infrastructure for that in place).
Then maybe 20min going through the settings to personalize my account? And maybe another 20min looking if there are any plugins I wanted to use.
People pull shit out of their asses to feel superior about things they don’t actually know anything about.
It’s true, the setup with docker is easy and reliable. However, sorting and taking your media takes very long.
Not even docker, I just pulled it from the aur, lol.
And yeah, that’s fair. Though not really Jellyfins fault if it’s not sorted already. Same goes for Plex.
I swear shit like this is why Lemmy is so incredibly out of touch with the real world. I can’t take the community seriously anymore.
I agree. Too many comments and threads are hijacked or over represented by the pro piracy crowd. I wish more communities would just ban the shit post of “yar, time to sail the high seas” that seem to be the top comment on any media related post.
You’re going to build your own smart TV that can handle new HDMI and Displayport advancements too?
Pff sure. How hard can it be? Few resistor thingies and some capaci-whatsists, and Arduino, done.
The correct answer is usually Raspberry pi + github.
Although I have no idea what those mean
You can easily configure those with block-chain based AI.
Don’t forget to setup the transistor receptors!
The flux capacitor comes first tho
Almost any ARM SBC and a dumb TV will do, install linux/a minimal wayland compositor and waydroid and youre laughing
Any time there’s a advancement you just update the board, instead of the whole TV (which its not like normal smart TV’s update their ports anyways?)
In total the researchers confirmed eight devices with backdoors installed—seven TV boxes, the T95, T95Z, T95MAX, X88, Q9, X12PLUS, and MXQ Pro 5G, and a tablet J5-W.
The other thing discussed is fraudulent android apps that have been removed from the play store.
This is the best summary I could come up with:
This week, cybersecurity firm Human Security is revealing new details about the scope of the infected devices and the hidden, interconnected web of fraud schemes linked to the streaming boxes.
“They’re like a Swiss Army knife of doing bad things on the Internet,” says Gavin Reid, the CISO at Human Security who leads the company’s Satori Threat Intelligence and Research team.
“This is a truly distributed way of doing fraud.” Reid says the company has shared details of facilities where the devices may have been manufactured with law enforcement agencies.
In the second half of 2022, Human Security says in its report, its researchers spotted an Android app that appeared to be linked to inauthentic traffic and connected to the domain flyermobi.com.
When Milisic posted his initial findings about the T95 Android box in January, the research also pointed to the flyermobi domain.
The company’s report, which has data scientist Marion Habiby as its lead author, says Human Security spotted at least 74,000 Android devices showing signs of a Badbox infection around the world—including some in schools across the US.
The original article contains 455 words, the summary contains 180 words. Saved 60%. I’m a bot and I’m open source!
deleted by creator
Do modern TVs even come in non-smart variants anymore?
deleted by creator
It doesn’t really matter, just don’t connect them to the internet. Our TV just has a 14 year old computer that plays media perfectly, and is completely cut off from the internet.
If they allow you to do that without any loss in functionality.
It takes some research if youve never done anything like it before, but you can drip feed it the internet via a pihole, and starve it specifically of ads and data collection. Keep the functionality, kill the leech.
Google smart tv pihole, theres a few guides, for anyone interested.
But why? It doesn’t need that for anything. Just plug an old computer in via HDMI and bookmark movie-web.app or download/stream stuff from anywhere. Much better quality, interface, and no jank.
Just depends on what you need it for, and what youre trying to plug into it.
For example, some people dont have spare computers to turn into a mini server, but do have $60 and the time to fiddle with a raspberry pi.
Curious, what functionality would I lose? All it needs to do is turn on and display video through an HDMI port.
Samsung historically has had a habit of poaching features from their Smart TVs as they age, eventually leaving you with a not so smart TV after a decade or so. Not sure if other manufacturers do the same
What a realistic approach! A thing getting dumber as it ages, what a great idea!
/s
It’s hard to buy a dumb TV now
deleted by creator
Above 35" monitors aren’t that common, and the ones that exist are basically TVs with TV software.
Commercial displays are the only real alternative. Some of them even come with a slot for a Raspberry Pi compute module.
new Moto G phones come to mind lol
just got one and dear lord so much adware
deleted by creator
Admittedly I haven’t been looking that hard, but I don’t think I’ve seen a TV for sale in the past 10 years that wasn’t a “smart” TV.
Linus just recently did a whole episode on a few Android TV boxes from China. Very concernig findings
Bro his gf/wife is Chinese
I think she’s from real China, Taiwan!
She’s not, you can figure it out, but let’s stick to generalisation
I rememberLinus Tech Tips talking about that month ago:
Do you have a credible source instead?
Lmfao
Woah, I just checked, and apparently they are back to releasing videos.
Here is an alternative Piped link(s):
https://piped.video/1vpepaQ-VQQ?si=t52OHvJ79nnXSsYC
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.
Good bot
Isn’t his gf/wife Chinese ?
My OctoPrint server runs on one of these (previous homeowners left it lying around), but I completely nuked Android and installed the Armbian distro for the Inovato Quadra (itself just a carefully sourced and rebranded TV box). It was tedious though, and I’d never buy one for that purpose when there are dedicated SBCs.
deleted by creator
4k though
deleted by creator
Where are the hackers when you need them?
Looks like my old bravia and rpi is a good combination.
Definitely not unkillable tho
installing your own OS and/or bootloader is a pain and most of the time unfeasable. And that’s the only way to safely kill software based backdoors.
Its called google and it infects all stock android devices
Anyway I actually have one of those devices. It was support to be a birthday present but it came with some baggage. By the time I realized it I couldn’t return it
