Smart TVs are ruling the roost when it comes to television sets. A TV becomes smart when it is able to support and run TV optimized apps like Skype, YouTube, etc. The OS that runs in most TVs currently is Android.
According to Trend Micro, smart TVs running older versions of Android are being targeted by several websites offering apps containing malware. The security vendor wrote on Thursday that it found a handful of app websites targeting people in the U.S. and Canada by offering the malicious apps.
The apps are exploiting a flaw in Android that dates to 2014, showing that many smart TVs do not have the latest patches. "Most smart TVs today use older versions of Android, which still contain this flaw," wrote Ju Zhu, a mobile threats analyst with Trend. "While most mobile Android devices can easily be upgraded to the latest version, upgrading smart TV sets may be more challenging for users because they are limited by the hardware."
The vulnerable Android versions are Cupcake 1.5 through Kitkat 4.4W.2, Zhu wrote.
Smart TVs are rising in popularity and are essentially large versions of mobile phones. The devices have operating systems and networking capabilities and hardware features such as USB ports, all of which present opportunities for hackers. The malicious apps exploit the Android vulnerability when a user downloads one. Zhu said TV users are lured to the app sites but didn't describe if there are other tricks involved in getting people to download the apps.
Once a malicious app is installed, it is possible for the attackers to install other apps on the smart TV. “The app websites do not use SSL/TLS (Secure Sockets Layer/Transport Layer Security), which encrypts the connection. It would be possible then for a second attacker to intercept the unencrypted connection and conduct a man-in-the-middle attack in effect overriding the payload of the first attacker," Zhu wrote.