id2957383castle538722100600887orig
Security

Android-powered smart TVs targeted by malicious apps

Smart TVs running older versions of Android are being targeted by several websites offering apps containing malware, according to Trend Micro.

The security vendor wrote on Thursday that it found a handful of app websites targeting people in the U.S. and Canada by offering the malicious apps.

The apps are exploiting a flaw in Android that dates to 2014, showing that many smart TVs do not have the latest patches.

"Most smart TVs today use older versions of Android, which still contain this flaw," wrote Ju Zhu, a mobile threats analyst with Trend. "While most mobile Android devices can easily be upgraded to the latest version, upgrading smart TV sets may be more challenging for users because they are limited by the hardware."

The vulnerable Android versions are Cupcake 1.5 through Kitkat 4.4W.2., Zhu wrote.

Security experts say that smart TVs could become attractive to cybercriminals since their operating systems are not updated as rigorously as desktop computers.

Smart TVs are rising in popularity and are essentially large versions of mobile phones. The devices have operating systems and networking capabilities and hardware features such as USB ports, all of which present opportunities for hackers.

The malicious apps exploit the Android vulnerability when a user downloads one. Zhu said TV users are lured to the app sites but didn't describe if there are other tricks involved in getting people to download the apps.

Once a malicious app is installed, it is possible for the attackers to install other apps on the smart TV.

The app websites do not use SSL/TLS (Secure Sockets Layer/Transport Layer Security), which encrypts the connection. It would be possible then for a second attacker to intercept the unencrypted connection and conduct a man-in-the-middle attack "in effect overriding the payload of the first attacker," Zhu wrote.

IDG Insider

PREVIOUS ARTICLE

« Samsung profit up 15 percent, but disappoints

NEXT ARTICLE

Renault Nissan plans 10 autonomous cars by 2020 »
author_image
IDG News Service

The IDG News Service is the world's leading daily source of global IT news, commentary and editorial resources. The News Service distributes content to IDG's more than 300 IT publications in more than 60 countries.

  • Mail

Recommended for You

Trump hits partial pause on Huawei ban, but 5G concerns persist

Phil Muncaster reports on China and beyond

FinancialForce profits from PSA investment

Martin Veitch's inside track on today’s tech trends

Future-proofing the Middle East

Keri Allan looks at the latest trends and technologies

Poll

Do you think your smartphone is making you a workaholic?