That’s why you should build your own media center from an old machine. Much safer and more private.
Thousands of Android TV devices come with unkillable backdoor preinstalled
Submitted 1 year ago by Vent@lemm.ee to technology@lemmy.world
Comments
itsraining@lemmy.world 1 year ago
wafflez@lemmy.world 1 year ago
How?
ChaoticNeutralCzech@feddit.de 1 year ago
- Connect old PC to TV. Both can be 15 years old.
- (optional) For better performance, get a small SSD alongside the big HDD (a 64GB
/partition will do), maybe have a homemade NAS ready too - Install Lubuntu, Mint XFCE, Puppy Linux or any other distro of choice
- Set up KDE Connect, qBittorrent and VLC
- Enjoy
AngryCommieKender@lemmy.world 1 year ago
Look into Plex servers, that should keep you busy for the next six months till you get it up and running.
mojo@lemm.ee 1 year ago
I swear shit like this is why Lemmy is so incredibly out of touch with the real world. I can’t take the community seriously anymore.
itsraining@lemmy.world 1 year ago
So my home media center is not real world enough? I only expressed an opinion; you are free to ignore it. Also, there is nothing that keeps you here. Please kindly keep in mind that most Lemmy users right now are interested in technology, you can’t take that away from them and there is nothing wrong with it. If you want to stay away from “shit like this”, then you probably should not be in a technology sub in the first place.
CeeBee@lemmy.world 1 year ago
People have been using old computers as media centres for decades at this point. Not sure what you’re on about.
smileyhead@discuss.tchncs.de 1 year ago
Because something is not popular and not available in typical electronic store doesn’t mean it’s not real.
I know having a private life may seem unreal in recent ~10 years, but it surely can be done without giving up modern life. All it takes is a little time for research and saying “no” sometimes. The hardest part are always areas where more people like that are needed to say “no”.
Copernican@lemmy.world 1 year ago
I agree. Too many comments and threads are hijacked or over represented by the pro piracy crowd. I wish more communities would just ban the shit post of “yar, time to sail the high seas” that seem to be the top comment on any media related post.
danielfgom@lemmy.world 1 year ago
The problem is that YouTube app and F1 app are Android only so having a Linux media box won’t help. It needs to run Android to run Android apps.
Plus I like to use Chromecast, we use it all the time to send YouTube videos from our phones to the big screen.
hikaru755@feddit.de 1 year ago
What’s wrong with using YouTube in a browser?
itsraining@lemmy.world 1 year ago
I don’t know about apps like F1 and Chromecast, but I can see that it could be a problem. But YouTube has worked fine for me with the MPV player. Maybe you could try Android-x86? (is that thing still alive? 😅)
Maximilious@kbin.social 1 year ago
You're going to build your own smart TV that can handle new HDMI and Displayport advancements too?
dustyData@lemmy.world 1 year ago
This is going to come as a shock to you, but HDMI has been a thing since 2004. You can find 15 year old dumb TVs with HDMI.
agent_flounder@lemmy.one 1 year ago
Pff sure. How hard can it be? Few resistor thingies and some capaci-whatsists, and Arduino, done.
Sethayy@sh.itjust.works 1 year ago
Almost any ARM SBC and a dumb TV will do, install linux/a minimal wayland compositor and waydroid and youre laughing
Any time there’s a advancement you just update the board, instead of the whole TV (which its not like normal smart TV’s update their ports anyways?)
DogMuffins@discuss.tchncs.de 1 year ago
Wait, smart devices might not be secure?! I’m shocked!
DarkThoughts@kbin.social 1 year ago
Are non smart TVs even still a thing nowadays? I don't own or watch any TV so I honestly don't know how the market currently looks like.
TenderfootGungi@lemmy.world 1 year ago
Yes. They are sold for commercial use, e.g., McD’s menu, and are quite pricey.
guyrocket@kbin.social 1 year ago
Apparently "smartness" has not invaded projectors...per a comment I read here on kbin a while back from a projector owner. This really encourages me to buy one.
Chozo@kbin.social 1 year ago
They're harder to find, for sure. Especially if you want a large screen.
When I was shopping around a few years ago, the only 65" TV I could find without smart features was a Sceptre, which is Walmart's electronics brand. Speakers so bad that I had to buy a sound bar, and the display isn't that great, but it gets the job done and I don't need to worry about it being an attack vector.
alignedchaos@sh.itjust.works 1 year ago
They get called “monitors” a lot
lemann@lemmy.one 1 year ago
Yepp - hop on Ebay or some surplus auction site, and search for commercial displays. Don’t bother buying new unless you have the money for it IMO, they are expensive unless you get them used
BigT54@lemmy.world 1 year ago
Not really but you can always get a “smart” tv and never connect it to the Internet. If you want to stream just use an external device you trust like a PC
Imgonnatrythis@sh.itjust.works 1 year ago
China hacked my fucking coffee mug.
redcalcium@lemmy.institute 1 year ago
These are just generic Android TV devices that use Allwinner board. Allwinner made these kind of genetic boards for Android TV and Android Auto head unit and sell them to OEMs. I doubt the malware come from Allwinner. Maybe it’s just one (or more) OEM that include whatever APK they found on the internet without checking.
ubermeisters@lemmy.world 1 year ago
Owning a smart TV is one of the stupidest things you can do
Eggyhead@artemis.camp 1 year ago
Do modern TVs even come in non-smart variants anymore?
ubermeisters@lemmy.world 1 year ago
yeah I have 3 connected to this PC
Rai@lemmy.dbzer0.com 1 year ago
It doesn’t really matter, just don’t connect them to the internet. Our TV just has a 14 year old computer that plays media perfectly, and is completely cut off from the internet.
devfuuu@lemmy.world [bot] 1 year ago
no.
vext01@lemmy.sdf.org 1 year ago
It’s hard to buy a dumb TV now
omni@lemdro.id 1 year ago
I heard Sceptre still sells them. Never bought one so can’t vouch for quality
MaxVoltage@lemmy.world 1 year ago
new Moto G phones come to mind lol
just got one and dear lord so much adware
jvisick@programming.dev 1 year ago
Admittedly I haven’t been looking that hard, but I don’t think I’ve seen a TV for sale in the past 10 years that wasn’t a “smart” TV.
ubermeisters@lemmy.world 1 year ago
I’ve updated my comment with some info, Hope it helps next time you’re in the market.
spiderkle@lemmy.ca 1 year ago
Linus just recently did a whole episode on a few Android TV boxes from China. Very concernig findings
CeeBee@lemmy.world 1 year ago
Who? The guy with questionable “methodology”?
CarterDarter@lemmy.world 1 year ago
So you do know him!
PipedLinkBot@feddit.rocks [bot] 1 year ago
yoz@aussie.zone 1 year ago
Bro his gf/wife is Chinese
TwilightVulpine@lemmy.world 1 year ago
Do you realize that a person can be from a country without having any involvement with the industries and government of that country?
delitomatoes@lemm.ee 1 year ago
She’s not, you can figure it out, but let’s stick to generalisation
Zetta@mander.xyz 1 year ago
I think she’s from real China, Taiwan!
jeena@jemmy.jeena.net 1 year ago
I rememberLinus Tech Tips talking about that month ago:
SlikPikker@lemmy.ca 1 year ago
Do you have a credible source instead?
BetaDoggo_@lemmy.world 1 year ago
Still more credible than 90% of random tech outlets.
PipedLinkBot@feddit.rocks [bot] 1 year ago
Here is an alternative Piped link(s):
https://piped.video/1vpepaQ-VQQ?si=t52OHvJ79nnXSsYC
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.
yoz@aussie.zone 1 year ago
Isn’t his gf/wife Chinese ?
Kissaki@feddit.de 1 year ago
In total the researchers confirmed eight devices with backdoors installed—seven TV boxes, the T95, T95Z, T95MAX, X88, Q9, X12PLUS, and MXQ Pro 5G, and a tablet J5-W.
The other thing discussed is fraudulent android apps that have been removed from the play store.
possiblylinux127@lemmy.zip 1 year ago
Its called google and it infects all stock android devices
fne8w2ah@lemmy.world 1 year ago
Chinesium devices, anyone?
planish@sh.itjust.works 1 year ago
You have a device not made in China?
autotldr@lemmings.world [bot] 1 year ago
This is the best summary I could come up with:
This week, cybersecurity firm Human Security is revealing new details about the scope of the infected devices and the hidden, interconnected web of fraud schemes linked to the streaming boxes.
“They’re like a Swiss Army knife of doing bad things on the Internet,” says Gavin Reid, the CISO at Human Security who leads the company’s Satori Threat Intelligence and Research team.
“This is a truly distributed way of doing fraud.” Reid says the company has shared details of facilities where the devices may have been manufactured with law enforcement agencies.
In the second half of 2022, Human Security says in its report, its researchers spotted an Android app that appeared to be linked to inauthentic traffic and connected to the domain flyermobi.com.
When Milisic posted his initial findings about the T95 Android box in January, the research also pointed to the flyermobi domain.
The company’s report, which has data scientist Marion Habiby as its lead author, says Human Security spotted at least 74,000 Android devices showing signs of a Badbox infection around the world—including some in schools across the US.
The original article contains 455 words, the summary contains 180 words. Saved 60%. I’m a bot and I’m open source!
guyrocket@kbin.social 1 year ago
Where are the hackers when you need them?
nadram@lemmy.world 1 year ago
Every laptop, mobile phone, TV, smart home devices and their mothers have an unkillable backdoor. What’s new?
Cyberjin@lemmy.world 1 year ago
Usually get patched and fixed ¯\_(ツ)_/¯ In this case they sell them like this and most take advantage of it.
wjrii@kbin.social 1 year ago
My OctoPrint server runs on one of these (previous homeowners left it lying around), but I completely nuked Android and installed the Armbian distro for the Inovato Quadra (itself just a carefully sourced and rebranded TV box). It was tedious though, and I'd never buy one for that purpose when there are dedicated SBCs.
ubermeisters@lemmy.world 1 year ago
Personal opinion: if you’ve got a decent pi kicking around, it makes a better media server than any smart TV ever has. Bonus points for running pihole.
xrtxn@lemmy.sdf.org 1 year ago
Definitely not unkillable tho
heeplr@feddit.de 1 year ago
installing your own OS and/or bootloader is a pain and most of the time unfeasable. And that’s the only way to safely kill malware.
Sygheil@lemmy.world 1 year ago
my old bravia and rpi is a good combination.
9point6@lemmy.world 1 year ago
Worth pointing out this isn’t any proper Android TV devices, but rather those cheap boxes that are often basically SBCs with AOSP installed on them which are predominantly sold as easy piracy boxes.
Vent@lemm.ee 1 year ago
Leaving out the TV makes it less precise and more clickbaity because then it sounds like Android phones are affected.
9point6@lemmy.world 1 year ago
I guess the problem is that “Android TV” is a specific thing that none of these devices actually are, they’re just dodgy boxes running Android that can be plugged into a TV.
For me it’s more clickbaity because Android TV isn’t actually involved here at all.
deweydecibel@lemmy.world 1 year ago
Why not just find a different website reporting the story with a better headline? Rather than sharing the one with the headline you fear is misleading?