A botnet targeting smart TVs is one of the most widely detected malwares, according to a first-quarter report from cybersecurity firm WatchGuard Technologies.
The company, in its Internet Security Report for the first quarter of 2024, says its DNSWatch service found evidence of PandoraSpear, an IoT botnet that targets smart TVs running on open-source ANdroidOS. The malware appeared in a list of the company’s top 10 most widely detected malwares.
Specifically, the company says two of the domains in the top 10 list were associated with PandoraSpear, which is known to target smart TVs since at least May 2021.
The report cites research from Chinese cybersecurity firm QiAnXin, which earlier this year sounded the alarm on the large botnet campaign targeting Android OS smart TVs and set-top boxes.
Essentially, hackers entice users to install free or cheap audiovisual apps or firmware updates and embed backdoor components to transform those devices into part of the botnet to carry out further malicious activity, such as traffic proxying, DDoS attacks, OTT content provision and pirating traffic.
Lightapalooza took place in late February, and the growth of the event has mirrored the rapid ascension lighting fixtures and controls.
Unlike a typical botnet, this one extends far beyond DDoS attacks, using Android TVs and set-top boxes to disseminate visual or audio content. One example was a network attack on set-top boxes in the United Arab Emirates in which attackers substituted regular broadcasts with footage of the Israel-Palestine conflict, according to QiAnXin.
Researchers say the hacking group, which has successfully hidden themselves for eight years, infects user devices via pirated movie and TV apps on Android devices, backdoored generic OTA firmware on Android devices, and backdoored “SmartUpTool” firmware on eCos devices.
Researchers say the peak daily active bots in the campaign were around 170,000, primarily in Brazil. Nodes are primarily distributed across Brazil, amazing over 1.3 million distinct IPs since August, the company says.
While a botnet of that size is alarming enough, researchers believe the actual size may be larger due to observational limitations and the fact that TVs or STBs might not be powered on all the time, leading to data omissions.
Watchguard Technologies cautions organizations with smart TVs deployed in their environment to take action, including updating the firmware to protect from known vulnerabilities, segmenting it from the trusted network, and using a gateway security device to block any attacks or malware.
While the report is marketed to IT professionals in enterprise settings, integrators and their customers should take the same actions.
Corey Nachreiner, chief security officer at WatchGuard, says any internet-connected device should be secured, regardless of its purpose. While his comments are also aimed at IT professionals, they ring true for the service providers installing and managing systems in high-value homes of important and powerful people.
“As we have seen in many recent breaches, attackers can gain a foothold in an enterprise network through any connected device and move laterally to do tremendous damage to critical resources and exfiltrate data,” Nachreiner says. “It is now imperative for organizations to adopt a unified security approach, which can be governed by managed service providers, that includes broad monitoring of all devices and endpoints.”
The post 2024 Lighting Controls and Fixtures Report appeared first on CEPRO.