Well, this one certainly wins the prize this week! Wired Magazine published a round-up of multiple cybersecurity researchers and the cybersecurity firm Human Security on a wide reaching scheme executed on dozens of models of Android Streaming boxes to plant backdoors to either state or criminal threat actors in China. “Human Security researchers found seven Android TV boxes and one tablet with the backdoors installed, and they’ve seen signs of 200 different models of Android devices that may be impacted.”
Oops.
Google has responded and taken steps to remove these apps and the boxes from their stores and access. While this may seem incredible, it is just the latest example of supply chain attacks and the pervasive threat of hardware that is manufactured in China to the privacy and security of every day citizens. Malware is no longer just for cracking into the Crown Jewels of big organizations now: it is coming after all of us.
Wired Magazine excerpt:
WHEN YOU BUY a TV streaming box, there are certain things you wouldn’t expect it to do. It shouldn’t secretly be laced with malware or start communicating with servers in China when it’s powered up. It definitely should not be acting as a node in an organized crime scheme making millions of dollars through fraud. However, that’s been the reality for thousands of unknowing people who own cheap Android TV devices.
In January, security researcher Daniel Milisic discovered that a cheap Android TV streaming box called the T95 was infected with malware right out of the box, with multiple other researchers confirming the findings. But it was just the tip of the iceberg. Today, cybersecurity firm Human Security is revealing new details about the scope of the infected devices and the hidden, interconnected web of fraud schemes linked to the streaming boxes.
Wired: Your Cheap Android TV Streaming Box May Have a Dangerous Backdoor
Read the report by Human Security:
