Google and a handful of cybersecurity companies have uncovered and partially disrupted a sophisticated botnet operation known as BADBOX 2.0 that has compromised over 1 million off-brand Android TV devices.
BADBOX 2.0, targets off-brand Android Open Source project devices globally, including TV streaming boxes, tablets, projectors, and car infotainment systems. The devices are primarily manufactured in China and distributed worldwide, and many had the backdoor embedded during the manufacturing process, according to Google, HUMAN Security, Trend Micro, and others.
According to researchers at HUMAN Security, the BADBOX 2.0 operation is an evolution an original operation under the same name, but that only affected about 74,000 devices. However, BADBOX 2.0 represents a significant escalation in both scale and complexity, with the cybercriminals behind it targeting a broader range of devices and employing more sophisticated methods to infiltrate the supply chain. This latest iteration is particularly insidious because it is pre-installed on devices, making it nearly undetectable to the average user.
Devices compromised by BADBOX 2.0 are typically backdoored during the manufacturing process or through malicious applications distributed via third-party marketplaces. Once infected, these devices become part of a botnet, enabling threat actors to remotely load and execute various fraud modules. The primary malicious activities include:
According to reserchers, the BADBOX 2.0 operation has impacted devices in 222 countries and territories, with significant concentrations in South America, particularly Brazil. The infected devices are predominantly low-cost, uncertified AOSP devices, lacking the security assurances of Play Protect-certified Android devices. These devices are often sold through online marketplaces, discount retailers, and direct-to-consumer channels, making them difficult to regulate.
Lightapalooza took place in late February, and the growth of the event has mirrored the rapid ascension lighting fixtures and controls.
The open-source nature of the Android operating system exacerbates the issue. While Android’s flexibility allows manufacturers to customize devices, it also creates opportunities for malicious actors to introduce vulnerabilities during the manufacturing process, the companies say.
In response to this threat, Google, Human Security, Trend Micro and other tech companies worked to disrupt the BADBOX 2.0 infrastructure. Google has taken measures such as removing 24 malicious apps from the Google Play Store, terminating associated publisher accounts, and enhancing Google Play Protect to warn users and block apps exhibiting BADBOX-related behavior on certified devices.
These efforts have partially mitigated the threat, but the scale of the operation underscores the need for continued vigilance, companies say.
The BADBOX 2.0 scheme (and recently discovered Vo1d scheme) has significant implications for the professional audiovisual (Pro AV) and smart home industries, where Android-based devices are increasingly used for streaming, control systems, and IoT applications. Compromised devices could serve as entry points for cyberattacks on connected systems, putting entire networks at risk.
For integrators and installers, this underscores the importance of sourcing devices from reputable manufacturers and conducting thorough security assessments before deployment. It also highlights the need for ongoing firmware updates and security monitoring to mitigate the risk of embedded malware.
According to the companies involved, consumers and businesses should follow these best practices to protect themselves:
For more information, including a list of off-brand devices implicated, read HUMAN Security’s blog post.
The post 2024 Lighting Controls and Fixtures Report appeared first on CEPRO.