Popular Android TV boxes from AllWinner and RockChip sold by major retailers come preloaded with malware, according to security researchers and TechCrunch.
Security researchers say that the boxes are preloaded with malware connecting them to a large botnet of thousands of other Android boxes in home around the globe.
The botnet is currently running a clickbot to generate ad money by tapping on ads in the background, unbeknownst to the user.
- "But because of the way the malware is designed, the authors can push out any payload they like," security researcher Daniel Milisic, who discovered the malware, told TechCrunch.
Milisic's findings were independently confirmed by EFF security researcher Bill Budington. The two agree that there is no easy way for the user to remove the malware, so they are advising users to throw away the boxes.
Avoid mobile Android
The affected AllWinner and RockChip Android boxes for TVs are sold by Amazon in the US and other retailers around the world.
Despite having 'Android TV' in the name, these boxes run mobile Android with a modified user interface. Any manufacturer can load a TV box with mobile Android without oversight which increases the risk of malware.
In addition, mobile Android on a TV box offers a poor user experience. Not all TV streaming apps are compatible and many apps deliver low video streaming bitrates to the box as it identifies to the streaming server as a mobile device.
Example of AllWinner (left) and RockChip) (right) Android boxes
True Android TV and Google TV
True Android TV or Google TV media players and TVs are certified by Google, Netflix and other parties.
They have the same user interface, as Google prohibits manufacturers from making changes – only set-top boxes from TV broadcasters can have a modified user interface.
Such devices include Chromecast and Nvidia Shield as well as boxes from Nokia, Xiaomi, Strong and others. Most of these are also inexpensive. FlatpanelsHD only reviews true Android TV and Google TV devices.
- Source: TechCrunch