Connect with us

Hi, what are you looking for?


Malware & Threats

Backdoors Infiltrate Android-powered Smart TVs

Malware Hits Android-powered Smart TVs

Smart TVs running the Android operating system provide users with functionality beyond that of normal TVs, but they also create a security risk, Trend Micro reveals.

Malware Hits Android-powered Smart TVs

Smart TVs running the Android operating system provide users with functionality beyond that of normal TVs, but they also create a security risk, Trend Micro reveals.

The Internet of Things (IoT) market is fast growing and Smart TVs represent a central piece in this growth, as they are more than passive display devices, especially because they can run Android applications. A blog post authored by Trend Micro’s Ju Zhu explains that some of the most popular apps on Smart TVs allow users to watch channels from other parts of the world, but also break security.

According to the security researcher, some of these applications contain a backdoor that abuses a flaw in older versions of Android. The vulnerability (CVE-2014-7911) is found in Android releases before Lollipop 5.0 (ranging from Cupcake 1.5 to KitKat 4.4.2) and allows an attacker to execute arbitrary code on compromised devices.

The issue is that many of today’s Smart TVs run under older versions of Android, meaning that they are affected by the security flaw. Trend Micro has discovered vulnerable TVs from brands such as Changhong, Konka, Mi, Philips, Panasonic, and Sharp, but says that other Android devices that run under older versions of Android are also at risk, even if these apps are used mainly on Smart TVs or Smart TV boxes.

The offending applications are distributed through sites under the H.TV name, with most visitors located in the United States or Canada, the security firm says. Moreover, they discovered that the malware also uses a couple of download servers, namely meiz.le2ui(.)com and yaz.e3wsv(.)com.

To successfully distribute the malware, attackers lure users to websites that distribute it and get them to install the applications that are infected with the backdoor. As soon as the malicious applications have been installed, the attacker triggers the vulnerability in the system and use well-known exploit techniques like heap sprays or return-oriented programming to gain elevated privileges in the system.

Once they have achieved elevated privileges, the attacker silently installs other applications or malware onto the infected system. Furthermore, they are capable of remotely update apps or remotely push related apps to the television set, the security firm explains.

Advertisement. Scroll to continue reading.

Trend Micro also notes that the remotely installed apps are downloaded via HTTP and not HTTPS, which means that a second attacker capable of man-in-the-middle attacks can actually change the downloaded apps. Thus, a second attacker can actually override the payload of the first attacker and expose users to additional risks.

To stay connected, users are advised to install a security solution that can detect the threat, as well as to update their devices to newer Android versions that are not affected by the issue. However, this could prove an issue on Smart TVs, as updates are not that easily applicable, mainly because of hardware limitations, meaning that users should rely on security solution to stay safe, while also avoiding the installation of apps from third-party sites.

Earlier this month, the Samsung launched a three-layer security solution that will be loaded on all of its 2016 Tizen-based Smart TVs. According to Samsung, the security service is meant to provide consumers with the necessary protection across all areas of the Smart TV ecosystem, which includes services, software and hardware security.


Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.