this post was submitted on 07 Oct 2023
161 points (87.4% liked)

Technology

60071 readers
4967 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
 

"In total the researchers confirmed eight devices with backdoors installed—seven TV boxes, the T95, T95Z, T95MAX, X88, Q9, X12PLUS, and MXQ Pro 5G, and a tablet J5-W. (Some of these have also been identified by other security researchers looking into the issue in recent months)."

edit this is the v4 of the title of this post. I'm not accustomed to editorializing or de-editorializing posts. I believe that the brand names involved were fairly trivial to the discussion of escalating malware cyberoperations especially if they are state sponsored. Earlier versions of the title were mischiefously incendiary. I apologize for that.

top 16 comments
sorted by: hot top controversial new old
[–] [email protected] 70 points 1 year ago (6 children)

Clarifying "Android" here feels misleading. Sure, they're all Android devices, but they're not what people think of when they think of Android devices. And they're also unlikely to be the ones most people buy.

You could also say "cheap Chinese TV boxes" and it'd still be accurate, and the devices people would think of would be more closely related to the actual devices in question.

This has basically nothing to do with Android. You might as well say "plastic TV boxes" at that point.

[–] [email protected] 17 points 1 year ago

agreed! what a pointless inclusion of Android in the headline. clearly trying to paint a bad picture for them

[–] [email protected] 8 points 1 year ago

I agree with you that it's misleading, but the app was in the playstore and I think that's what they're referring to. Google says they weren't certified which means they weren't tested and they were removed. I agree that it's still clickbait though.

[–] [email protected] 5 points 1 year ago (1 children)

Thats what the title was for the last couple posts for this article, "cheap android TV boxes" instead android itself.

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago)

Thank you. I was not aware of that. I don't really know how to check to see if a link has been posted before. I would like to avoid reposting. 'sure would be nice if a veteran citizen of Leamington could explain it. I have re- re-titled the title in light of your comment.

[–] [email protected] 3 points 1 year ago

I suppose that clarifying it as 'uncertified open source Android' would be more appropriate.

[–] [email protected] 2 points 1 year ago (1 children)

I respectfully disagree. Ars Technica is not known for being a clickbait site. They are merely stating what platform(s) the malware runs on. It's not an Android hit piece, and it's not clickbait, it's just a warning about buying cheap Chinese electronics that have access to your Wi-Fi.

[–] [email protected] 1 points 1 year ago

That's a Wired article though, they sometimes run those too and the quality of them, at least from my perspective, is dubious.

[–] [email protected] -2 points 1 year ago

Clarifying "Android" here feels misleading

Not at all for anybody who knows "Android TV" is an operating system.

You could also say "cheap Chinese TV boxes

You could also say "Wrzldrmpft with BBQ sauce".

Android TV is installed on TVs, projectors, small boxes, big boxes, round boxes, triangled boxes, californian boxes, chinese boxes...

[–] [email protected] 25 points 1 year ago* (last edited 1 year ago) (1 children)

Edit: OP fixed their title! Thanks OP! The original title was worded to state that Apple TVs were pre-installed with malware, which is not true. The rest of this comment can be ignored now but I've left it for reference:

OP'S headline is a lie and should be taken down or modified.

There are no Apple devices preloaded with malware or backdoors in this article.

Human Security’s research is divided into two areas: Badbox, which involves the compromised Android devices and the ways they are involved in fraud and cybercrime. And the second, dubbed Peachpit, is a related ad fraud operation involving at least 39 Android and iOS apps. Google says it has removed the apps following Human Security’s research, while Apple says it has found issues in several of the apps reported to it.

The same security firm that found the malware on the cheap Chinese ANDROID ONLY boxes, separately found android and ios apps which are security risks (and need to be downloaded manually). The firm reported the apps to both Google and Apple. Both companies are dealing with the reports appropriately.

[–] [email protected] 2 points 1 year ago

Thank you. No hatred toward anyone involved, but the first question is whether I’m affected and this provides a clear answer

[–] [email protected] 18 points 1 year ago* (last edited 1 year ago) (2 children)

Why does this headline say “AND Apple”?

[–] [email protected] 4 points 1 year ago

Because there are some iOS apps implicated, I assume. It’s definitely misleading, if you buy one of the tv boxes they talk about in the article you are almost certainly getting malware, if you buy an appletv even used, the chance it has malware that would survive a clean reinstall is minuscule.

[–] [email protected] 3 points 1 year ago

Honestly, it’s an easy way to get upvotes with this community. A lot of people will upvote it without reading it, much less thinking critically about it for half a second.

[–] [email protected] 2 points 1 year ago

This article does NOT say Apple is shipping hardware with badbox / peachpit preinstalled.

It does look like some shady apps got submitted to Apple’s App Store and were committing Ad Fraud. Moreover, it looks like the Android Badbox devices are kind of toast, unless you’re up for totally reinstalling new firmware.

https://www.humansecurity.com/hubfs/HUMAN_Report_BADBOX-and-PEACHPIT.pdf

If you bought a name brand streaming device, and only installed popular well known apps from their marketplaces, you’re properly fine.

[–] [email protected] 2 points 1 year ago

This is the best summary I could come up with:


This week, cybersecurity firm Human Security is revealing new details about the scope of the infected devices and the hidden, interconnected web of fraud schemes linked to the streaming boxes.

“They’re like a Swiss Army knife of doing bad things on the Internet,” says Gavin Reid, the CISO at Human Security who leads the company’s Satori Threat Intelligence and Research team.

“This is a truly distributed way of doing fraud.” Reid says the company has shared details of facilities where the devices may have been manufactured with law enforcement agencies.

In the second half of 2022, Human Security says in its report, its researchers spotted an Android app that appeared to be linked to inauthentic traffic and connected to the domain flyermobi.com.

When Milisic posted his initial findings about the T95 Android box in January, the research also pointed to the flyermobi domain.

The company’s report, which has data scientist Marion Habiby as its lead author, says Human Security spotted at least 74,000 Android devices showing signs of a Badbox infection around the world—including some in schools across the US.


The original article contains 455 words, the summary contains 180 words. Saved 60%. I'm a bot and I'm open source!