LG Smart TV Infected with Android Ransomware

Meet the future: an LG smart television infected with Android ransomware.

In-brief: Just in time for the annual Consumer Electronics Show: news of an LG Smart TV infected with ransomware, raising the specter of widespread malware infections affecting both consumers and businesses. 

With the Consumer Electronics Show (CES) due to kick off in Las Vegas after the New Year, there’s lots of talk about the cyber security implications of millions (billions?) of Internet connected but insecure consumer products. And now, just in time for the show, is a great object lesson: news of an LG Smart TV infected with ransomware.

The report comes by way of Twitter user Darren Cauthon of Olathe, Kansas, who tweeted a picture of an infected LG smart TV on December 25th. “Family member’s tv is bricked by Android malware. #lg wont disclose factory reset. Avoid these “smart tvs” (sp) like the plague.”

The photo shared by Cauthon shows a large screen flat TV with what appears to be an FBI warning displayed.

“As a result of full scanning of your device, some suspicious files have been found and your attendance of the forbidden pornographic sites has been fixed. For this reason your device has been locked.”

The malware appears to be Android Locker A, a form of ransomware that was first observed spreading between Android devices in 2015. The Locker ransomware typically spreads via malicious attachments, updates to software like Adobe Flash or mobile web browsers or mobile applications. Once installed, it locks the device, disables the start button and demands a $500 ransom to unlock the device.

In the case of the LG TV, a malicious mobile application appears to be the source of the ransomware, according to Cauthon.

The possibility of ransomware infections on smart TVs – or any other devices running the mobile Android operating system – have long been known. An experiment by Symantec in November, 2015, showed how ransomware could be installed on a smart TV running a custom version of the Android mobile operating system and adapted for use against other “smart” and connected devices running operating systems like Tizen, Web OS and Firefox OS, according to a report by Candid Wueest and published on Symantec’s research blog.

In Cauthon’s case, restoring the TV to working order was not straight forward. Resetting it required access to a menu that was locked by the ransomware. Cauthon said he could not locate a firmware file needed to reflash the infected TV with new software.

As of Wednesday evening, Cauthon said that LG had reached out to him and given him instructions on resetting the smart television, however he had not yet followed the company’s instructions. “My little daughter refuses to sleep! I’ll be trying it out as soon as I have a quiet house,” he said. 

LG did not respond to an email request for comment on the incident.


  1. Pingback: Security Flash News from the 26th to 30th of December, 2016 - 2-viruses.com

  2. Pingback: Quelles cybermenaces en 2017 ? | Confiance numérique, sécurité des nouveaux usages, objets connectés, etc.