Certain Android TV Box models from manufacturers AllWinner and RockChip, available for purchase on Amazon, come pre-loaded with malware from the BianLian family, a variant of which we investigated last year. The malware, discovered by security researcher Daniel Milisic, adds your smart set-top box to a botnet for initiating coordinated attacks. Affected models include the AllWinner T95, AllWinner T95Max, RockChip X12-Plus, and RockChip X88-Pro-10.
By looking at the traffic being sent by these devices, the researcher was surprised to find a number of DNS requests being sent for domains publically known to be botnet Command and Control (C&C) servers. The researcher also extracted a Stage-1 payload for the malware and contacted Linode, who had been hosting some of the C&C servers, getting them to shut them down. Having reached out to AllWinner, the researcher received a response denying the presence of malware and attributing the malicious traffic observed to the presence of Logcat on the system—a fact which is wholly unrelated. EFF was able to independently confirm the researcher’s findings.
What’s more, the T95 smart set-top box came out-of-the-box with the Android Debugger (adb) wide open and available over WiFi. The Android Debugger gives access to control a device, including issuing commands and installing apps. The device firmware was signed with a testing key, and no clean or production-ready firmware was made available to consumers. Without access to a clean version of the system firmware, consumers are left without a clear way to clean thei
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: