Worth pointing out this isn’t any proper Android TV devices, but rather those cheap boxes that are often basically SBCs with AOSP installed on them which are predominantly sold as easy piracy boxes.
Edit: in fact, the article doesn’t currently have TV in the title
Leaving out the TV makes it less precise and more clickbaity because then it sounds like Android phones are affected.
I guess the problem is that “Android TV” is a specific thing that none of these devices actually are, they’re just dodgy boxes running Android that can be plugged into a TV.
For me it’s more clickbaity because Android TV isn’t actually involved here at all.
I’d say it would be more clickbaity if you just removed the “TV”, because it’d make you think of smartphones, and those would be much more concerning
Yeah I’m not sure what the correct headline is, but at least for me I definitely clicked because I thought it was to do with Android TV, which it wasn’t. It was about those cheap boxes that anyone reading Ars already knows are probably filled with malware
Aren’t the boxes running “Android TV”, the set top box oriented flavor of Android, with e.g. the launcher designed to be operated with a TV remote and not a touch screen?
They are not themselves TVs, though, and I guess nowdays it might be most common for “Android TV” to run on the TV instead of on a separate device.
That’s the problem, they’re not running Android TV at all. Just regular phone Android with some third party launcher.
Are you sure? One can definitely build images of the actual “Android TV” for various SBCs and the sorts of SOCs in these TV boxes, and then load them up with malware. Why wouldn’t they use that?
Honestly, I’m not entirely sure why, but for whatever reason these boxes are always running a pretty old version of regular Android. (Edit: in fact googling a couple of the devices in the article seems to confirm that)
Maybe there are more protections preventing this kind of malware on newer versions? Maybe someone just made the images a long time ago and people are just reusing them
Those boxes are in a skin for normal Android to make it work with the TV. The only device you likely come in contact with with Android TV is the new Chromecast or a Sony TV. Other than the Nvidia shield and the Chromecast most actual Android TV devices still come with malware from the manufacturer. Even the Sony TVs, but basically every Smart TV comes with malware to spy on what you’re doing too.
I think the new dish network’s at top box also runs Android TV, maybe you found one of those wild.
Why not just find a different website reporting the story with a better headline? Rather than sharing the one with the headline you fear is misleading?
It’s only slightly misleading and Arstechnica writes really good articles. It’s pretty much the only news site I regularly browse.
Is there a better article to find?
Can you even get an actual Android TV device now that isn’t a Chromecast or an Nvidia shield? Other than a few TVs that mostly come with malware (tcl, Sony, Hisense) I can’t think of anything else that has actual Android TV you can buy as a consumer.
Xiaomi makes one, also Walmart carries one called Onn.
I miss having a dumb tv
If I don’t connect it to the internet they don’t get to sell ur data innit
I only watch pirated content. What data are they selling?
Your viewing habits. Nature shows? Show this guy camping gear ads on his phone!
You know, if I did get relevant ads from all of these places that are supposedly tracking everything that I do and monitoring my likes, I wouldn’t mind ads so much. But the fact that even though Google, for example, knows everything that I do and everywhere that I go and everything that I like, they still serve me irrelevant ads that I would never care about in a billion years. All of this touted targeted ads bullshit technology and it doesn’t even work. So I don’t care, harvest everything that I like and everything that I do. Because it doesn’t work anyway.
Removed by mod
Very well said I agree this needs to be taken more seriously. I recently bought a laptop that when booting into the BIOS displayed a message box saying that the device had persistent technology installed on it. With a little google search I found many computer companies come preinstalled with this rootkit and that it was not installed on the hard drive but into the motherboard instead and removing it was next to impossible. Almost every major computer company now are coming pre-installed with this. (mine was a 2020 Levono Thinkpad T490)
Removed by mod
Bro being a regular sucks and it even sucks more when you don’t know what you’re taking about. They will sell you Nike while making you think that you’re life sucks because you’re fat.
Ah well goodluck google. I haven’t seen a single ad from past 6-7 years. Next DNS on my router, Linux mint with Firefox (ublock origin) and same for android.
Nice! I do pretty much the same except for the dns part. I’ll look into it.
Having said that, I’ve always said that we should be able to purchase dumb TVs, and when people say “just don’t connect it to the net,” they’re missing the point, because they’re still enabling these companies (this is not directed at you specifically. It’s just an argument I keep hearing.)
Shit will want to connect some way. If I ever have to buy a smart TV for myself, I’m opening it up and swapping the brain board or removing the antenna.
LOL I’m still using an old CRT TV because it just won’t die and I barely watch TV
Walmart sells Sceptre 4k tvs which are dumb, sure they aren’t OLED or have amazing refresh rates but they are the perfect TV for most people, it’s much easier to chuck and buy a new $20 streaming device when updates make it crawl to a near stop than it is to do the same with a $600+ TV.
These new Led backlit tvs die like every 2 years and need led strip replacement. I had to repair mine 3 times now while my old lcd tv never died in 15+ years and I gave it to my dad who is using it for past 8 years daily.
I’m annoyed that they don’t sell them and that even if you don’t connect a smart tv to wifi to keep it dumb it’ll still not just be a display and it’ll try to shove stuff in your face
I bought a Hisense and it had the option during setup to disable most smart features and leave it in “basic mode”. I was already going to put an Apple TV in it so I just left it there and I’ve been happy. Only thing a tv needs is settings and the ability to change inputs.
android tv has this option at setup, like Sony and whatever else
your Hisense has android tv pre-installed
Any Smart TV can be a dumb TV if not connected to the internet
And what you will do with the preinstalled malware and bloatware?
Whats the malware going to do?
Lock you out? Instant refund and negative review. Steal your info? Cant send info out without internet.
But it will still be a bloat and take up resources like any deamon/service and resources are already very low on these devices!
Not connecting to internet is not a solution but buying dump TV is.
Removed by mod
I gave mine up when I had to move cross country. I miss it dearly.
That’s why you should build your own media center from an old machine. Much safer and more private.
How?
- Connect old PC to TV. Both can be 15 years old.
- (optional) For better performance, get a small SSD alongside the big HDD (a 64GB
/
partition will do), maybe have a homemade NAS ready too - Install Lubuntu, Mint XFCE, Puppy Linux or any other distro of choice
- Set up KDE Connect, qBittorrent and VLC
- Enjoy
Cheers, I’m using this as a jump off point for a weekend project maybe. Would anything change if I was interested in casting content too?
I think Kodi does some casting… Not 100% sure.
Make sure
TearFree
is enabled in the graphics configuration (google it).The hardest part in my project was recalibrating the colors because my TV in HDMI-RGB mode (as opposed to YCbCr) displays everything below 10% brightness as black. The rest was done very quickly. I don’t even need a sequential-chunk torrent software because I use FreeRapid Downloader and ulozto.net (can download fast enough to play while downloading at reasonable 720p/1080p bitrates, otherwise
ulozto-downloader
and a 10min wait is needed).Kodi supports DLNA, a media library sharing/casting standard.
Stremio on a old windows laptop is a good easy alternative
Could you use a pi ? Do you have any recommendations on ssd / hdd
You can use a relatively cheap Pi as a NAS (network-attached storage - there are ready-made solutions but expensive and don’t get updates for nearly as long), and possibly add Kodi media server capabilities (useful for smart TVs). Check if that model supports a sufficiently fast disk interface (USB 3.0, SATA etc.) and Ethernet (100 Mb/s or better if 4K is required). Boot from an SD card and use a 2TB+ HDD (1TB could be enough if you barely store anything). Most disks from the past 10 years will be good enough to play 4K video from if no OS is running from them. Go for a lower-end one but not ridiculously cheap, and check that people aren’t frequently complaining about the model or product line.
I don’t know which Pi models can smoothly play HD video without overheating, I don’t own any. But those that can are likely a lot more expensive than old PCs you could use otherwise. I would just get a cheap one for a NAS and probably some other common network use cases (web server, Pihole etc.)
My RPi 2B plays HD vids without stuttering or overheating. 4K doesn’t work tho, so if you want that, get a newer model. I don’t think they even sell the 2B anymore because it’s so old.
Are dedicated media-centered OSs (fast boot, remote control) available?
Yes, I’m using libreelec, I and friends control the display from our phones using the Kore app. Makes searching and typing easy, works great on my Pi. Fun game, which of you will select a movie first on your phones lol.
Note: pi3B can do 1080p but it struggles a little if the codec is anything other than h264, because Kodi decided to stop supporting closed source drivers. If you’re playing anything above 1080 and anything other than h264, go for a pi 4 or better.
Yes just research how to install Plex or Kodi on your pi. I just did it this evening for an update. For that I used docker with Linuxserver/Plex. It takes some time to get all the settings but there are good YouTube tutorials on how to do it.
Great news. I have a pi I’m not really using. Be a good project for it.
You’d be better off with a used office pc, something with a 4. Or 6. gen Intel CPU is usually cheaper than a RPI and way more versatile. Only thing you lose on is size and power consumption.
I’ll need to look into that then
OK I’ve tried in the past to make a decent streaming box from both windows media center edition and various Linux distros. But I need something that is simple, can be controlled entirely from a remote, and has the major streaming apps (Netflix, disney, etc). I haven’t really found any solution that’s easy enough for non techie people to use. I have a standalone roku box that works ok we also have a roku TV which is a giant piece of garbage, and I’m considering buying an external roku or nvidia shield as a streaming box instead, I do have a couple of raspberry pi 4s I could use one but again I’m faced with the same issues.
This may seem like a bit much, but it pretty much holds your hand to guide you through the install.
Have you tried Kodi?
deleted by creator
Look into Plex servers, that should keep you busy for the next six months till you get it up and running.
Or Jellyfin. Because free.
That will keep you busy for a full year.
What are you talking about. First time I set it up, had it running on my local network in less than 5 minutes. 5 more minutes for external (granted, already had the infrastructure for that in place).
Then maybe 20min going through the settings to personalize my account? And maybe another 20min looking if there are any plugins I wanted to use.
People pull shit out of their asses to feel superior about things they don’t actually know anything about.
It’s true, the setup with docker is easy and reliable. However, sorting and taking your media takes very long.
Not even docker, I just pulled it from the aur, lol.
And yeah, that’s fair. Though not really Jellyfins fault if it’s not sorted already. Same goes for Plex.
I don’t think it’s a year to setup the software. Rather a year to load it lol. I’ve spent probably close to 4 years loading content into my Plex server and I don’t see any end in sight.
Radarr/Sonarr :)
Is jellyfin a better alternative?
Yes
Yeah, it’s free and open source. I just pointed it at a few folders of TV, movies and music that I downloaded years ago, and it catalogued them all, downloaded all the blurbs and posters.
Like a mini Netflix that you host yourself.
Sounds great. I’ll just need to take the time to actually do it
There are jellyfin, Plex and emby shares you can subscribe to for cheap, try it out before blowing money and time on a set-up that needs constant tinkering, it’s easy to just download an app and connect to your remote library somewhere that someone else spends time on. I use a shield I got 6 years ago, but now also the Amazon fire stick 4k max on another TV and everything is just easy and seamless while using a Plex share that’s 9 euro per month.
The Android TV app seems better too.
It’ll only take a few minutes to setup. Once you get hooked you’ll spend a lot more time automating everything and adding more storage.
I swear shit like this is why Lemmy is so incredibly out of touch with the real world. I can’t take the community seriously anymore.
So my home media center is not real world enough? I only expressed an opinion; you are free to ignore it. Also, there is nothing that keeps you here. Please kindly keep in mind that most Lemmy users right now are interested in technology, you can’t take that away from them and there is nothing wrong with it. If you want to stay away from “shit like this”, then, with all respect, you probably should not be in a technology sub in the first place.
I think the difference is folks confuse the general public with the general lemmy user. And I can’t tell if the fediverse and lemmy are supposed to be attempting to be a front page for general folks or lemmy early adopter folks.
People have been using old computers as media centres for decades at this point. Not sure what you’re on about.
but where does the media come from? and how do most folks get their media legally?
Legally would be DVDs, Blurays, and DRM-free sources.
I’ve torrented movies I have physical copies of before. It’s faster than ripping and encoding it myself. And notice I didn’t say “pirated”?
You can’t pirate something you legally own a copy of. That fast was a major factor in some of the high profile lawsuits against individuals. If the person being sued owned a copy of the movie/song then they dropped it from the list.
Because something is not popular and not available in typical electronic store doesn’t mean it’s not real.
I know having a private life may seem unreal in recent ~10 years, but it surely can be done without giving up modern life. All it takes is a little time for research and saying “no” sometimes. The hardest part are always areas where more people like that are needed to say “no”.
I agree. Too many comments and threads are hijacked or over represented by the pro piracy crowd. I wish more communities would just ban the shit post of “yar, time to sail the high seas” that seem to be the top comment on any media related post.
You’re going to build your own smart TV that can handle new HDMI and Displayport advancements too?
This is going to come as a shock to you, but HDMI has been a thing since 2004. You can find 15 year old dumb TVs with HDMI. If the TV had HDMI, it can handle any format that the screen can physically show and newer versions are backwards compatible.
Or you could just use a new tv with smart features and never connect it to your network. It’s what I’ve done with all the TVs in my house and I simply use an external device I trust to stream.
This is going to be such a nightmare as smart devices become the majority.
Didn’t connect your TV to the Internet? Don’t worry, it’ll spy on you by connecting to the neighbor’s tv. Or the built-in WiFi in the modem. Or the power company’s smart meter via powerline-networking.
Products are going to be engineered to sell backdoor access at a hefty price, if they aren’t already.
Things are going to get scary.
Just like anything with technology though, there will be people in the other side too. Does that magic TV with a mind of it’s own have a USB port? If they take away the USB , they will have to add some way to maintenance it. There will always be a way to get at the kernel if you know what you’re doing.
It’s going to become this horrible game of cat and mouse, for anyone who actually values privacy.
Sure, you could open the device up, remove any antennas. You could add powerline filtering. You could find the jtag or debug ports. You could find a way to hack it. Jam a signal. Make an ultrasonic white noise machine. Wrap the thing in foil. Cover the cameras.
The individual has to block every channel of “attack”. The data miners only need to get lucky once.
Newer “smart” sets, particularly from Vizio and a couple other brands, will not let you exit the setup or use the inputs without an internet connection
Wow, I would immediately return any TV that pulled that bs. I have used Sony TV’s for a very long time and have never encountered this issue, I even bought a new one in summer 2022 and it did not require Internet connection to function.
LTT reviewed a Roku one like that recently and for some reason didn’t recommend immediately binning it.
Pff sure. How hard can it be? Few resistor thingies and some capaci-whatsists, and Arduino, done.
The correct answer is usually Raspberry pi + github.
Although I have no idea what those mean
You can easily configure those with block-chain based AI.
Don’t forget to setup the transistor receptors!
Almost any ARM SBC and a dumb TV will do, install linux/a minimal wayland compositor and waydroid and youre laughing
Any time there’s a advancement you just update the board, instead of the whole TV (which its not like normal smart TV’s update their ports anyways?)
Wait, smart devices might not be secure?! I’m shocked!
Are non smart TVs even still a thing nowadays? I don’t own or watch any TV so I honestly don’t know how the market currently looks like.
Yes. They are sold for commercial use, e.g., McD’s menu, and are quite pricey.
I think you meant to say not subsidized by ad tracking lol
Yes, not subsidized…and therefore pricy.
Depends on your definition of “quite pricey.” There’s no equivalent of a $250 50" Insignia FireTV, but I’ve seen Samsung signage displays on Amazon for about a $75-$100 premium over their comparable Smart TVs. They also don’t come with a stand, so if you weren’t already buying a VESA mount you’ll need to add another $40-80. There is a significant premium, but it’s not necessarily orders of magnitude.
And they’re made better… To be on 24x7. So you’re also paying for a better quality display. That’s worth paying for too.
Apparently “smartness” has not invaded projectors…per a comment I read here on kbin a while back from a projector owner. This really encourages me to buy one.
It did though, last time I went to a tech store, there was a samsung smart projector that had all the capabilities of a smart tv
I hope it is not ubiquitous.
Not yet, but it is definitely heading that direction
Although a projector would need you to have a home with a whole spare wall. And would force you to dim the lights all the time.
They’re harder to find, for sure. Especially if you want a large screen.
When I was shopping around a few years ago, the only 65" TV I could find without smart features was a Sceptre, which is Walmart’s electronics brand. Speakers so bad that I had to buy a sound bar, and the display isn’t that great, but it gets the job done and I don’t need to worry about it being an attack vector.
They get called “monitors” a lot (depending whether you need them to pick up cable/airwaves of course)
Yepp - hop on Ebay or some surplus auction site, and search for commercial/signage displays. Don’t bother buying new unless you have the money for it IMO, they are expensive unless you get them used
Edit: typo
Not really but you can always get a “smart” tv and never connect it to the Internet. If you want to stream just use an external device you trust like a PC
China hacked my fucking coffee mug.
deleted by creator
These are just generic Android TV devices that use Allwinner board. Allwinner made these kind of generic boards for Android TV and Android Auto head unit and sell them to OEMs. The OEMs then “customize” it by adding their APKs into the ROM provided by Allwinner. I doubt the malware come from Allwinner. Maybe it’s just one (or more) OEM that include whatever APK they found on the internet without checking.
deleted by creator
Who? The guy with questionable “methodology”?
So you do know him!
Bro his gf/wife is Chinese
Thanks for the super relevant info 🤦♂️
Do you realize that a person can be from a country without having any involvement with the industries and government of that country?
She’s not, you can figure it out, but let’s stick to generalisation
I think she’s from real China, Taiwan!
Removed by mod
Do modern TVs even come in non-smart variants anymore?
Removed by mod
But they’re expensive.
A 50" TV is about $220. (smart TV)
A 50" monitor is $650.
Removed by mod
It doesn’t really matter, just don’t connect them to the internet. Our TV just has a 14 year old computer that plays media perfectly, and is completely cut off from the internet.
If they allow you to do that without any loss in functionality.
It takes some research if youve never done anything like it before, but you can drip feed it the internet via a pihole, and starve it specifically of ads and data collection. Keep the functionality, kill the leech.
Google smart tv pihole, theres a few guides, for anyone interested.
But why? It doesn’t need that for anything. Just plug an old computer in via HDMI and bookmark movie-web.app or download/stream stuff from anywhere. Much better quality, interface, and no jank.
Just depends on what you need it for, and what youre trying to plug into it.
For example, some people dont have spare computers to turn into a mini server, but do have $60 and the time to fiddle with a raspberry pi.
Mines a 14 year old gateway you could prolly get for free or under 100, much more powerful than a RPi. Using Windows 10 on it with zero issue.
I do have a couple Pis next to it but those don’t hook up to any screens, I just tunnel into em. One is a PiHole and one is a server. :3
Curious, what functionality would I lose? All it needs to do is turn on and display video through an HDMI port.
Samsung historically has had a habit of poaching features from their Smart TVs as they age, eventually leaving you with a not so smart TV after a decade or so. Not sure if other manufacturers do the same
What a realistic approach! A thing getting dumber as it ages, what a great idea!
/s
Aha! Yeah that’s okay with me, since we just disable their internet hook computers up, to use them as dumb monitors.
no.
It’s hard to buy a dumb TV now
Removed by mod
Above 35" monitors aren’t that common, and the ones that exist are basically TVs with TV software.
Commercial displays are the only real alternative. Some of them even come with a slot for a Raspberry Pi compute module.
I heard Sceptre still sells them. Never bought one so can’t vouch for quality
new Moto G phones come to mind lol
just got one and dear lord so much adware
deleted by creator
Admittedly I haven’t been looking that hard, but I don’t think I’ve seen a TV for sale in the past 10 years that wasn’t a “smart” TV.
Removed by mod
I rememberLinus Tech Tips talking about that month ago:
Do you have a credible source instead?
Lmfao
Still more credible than 90% of random tech outlets.
3/10 is still not a good rating, even if strictly better than 2/10
Woah, I just checked, and apparently they are back to releasing videos.
The video is based in mentioned sources. I don’t see a reason why every video from LTT should be non-credible.
Oh, many many reasons is why.
They aren’t tech experts. They’re tech entertainers.
Here is an alternative Piped link(s):
https://piped.video/1vpepaQ-VQQ?si=t52OHvJ79nnXSsYC
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.
Good bot
Isn’t his gf/wife Chinese ?
In total the researchers confirmed eight devices with backdoors installed—seven TV boxes, the T95, T95Z, T95MAX, X88, Q9, X12PLUS, and MXQ Pro 5G, and a tablet J5-W.
The other thing discussed is fraudulent android apps that have been removed from the play store.
Its called google and it infects all stock android devices
Anyway I actually have one of those devices. It was support to be a birthday present but it came with some baggage. By the time I realized it I couldn’t return it
Chinesium devices, anyone?
You have a device not made in China?
I have a tv built in 1978, it was made somewhere in Michigan dont know where the sticker is faded in that part.
Cool. 500W worth of lamps for (maybe) 32" of terrible quality picture?
Its actaully widescreen and the picture quality is surprisingly decent.
Except that old CRT cannot display modern digital images.
Yeah, I was making a joke. Do love that bastard though, also its fun to daisy chain adapters and run firesticks and shit on it. Good for old movies and games that were intended for CRT.
I tried to make that shit work with Raspberry pi. All attempts were futile.
Here it is: https://discuss.tchncs.de/post/2626604
This is the best summary I could come up with:
This week, cybersecurity firm Human Security is revealing new details about the scope of the infected devices and the hidden, interconnected web of fraud schemes linked to the streaming boxes.
“They’re like a Swiss Army knife of doing bad things on the Internet,” says Gavin Reid, the CISO at Human Security who leads the company’s Satori Threat Intelligence and Research team.
“This is a truly distributed way of doing fraud.” Reid says the company has shared details of facilities where the devices may have been manufactured with law enforcement agencies.
In the second half of 2022, Human Security says in its report, its researchers spotted an Android app that appeared to be linked to inauthentic traffic and connected to the domain flyermobi.com.
When Milisic posted his initial findings about the T95 Android box in January, the research also pointed to the flyermobi domain.
The company’s report, which has data scientist Marion Habiby as its lead author, says Human Security spotted at least 74,000 Android devices showing signs of a Badbox infection around the world—including some in schools across the US.
The original article contains 455 words, the summary contains 180 words. Saved 60%. I’m a bot and I’m open source!
Every laptop, mobile phone, TV, smart home devices and their mothers have an unkillable backdoor. What’s new?
Usually get patched and fixed ¯\_(ツ)_/¯ In this case they sell them like this and most take advantage of it.
My OctoPrint server runs on one of these (previous homeowners left it lying around), but I completely nuked Android and installed the Armbian distro for the Inovato Quadra (itself just a carefully sourced and rebranded TV box). It was tedious though, and I’d never buy one for that purpose when there are dedicated SBCs.
Removed by mod
4k though
Removed by mod
Ok but for the rest of us it means that it’s categorically NOT better than any Smart TV…
Removed by mod
Where are the hackers when you need them?