Catalin Cimpanu, for Bleeping Computer, details Lockdroid’s novel use of TTS functions as part of the post-payment unlocking process: Android Ransomware Asks Victims to Speak Unlock Code. Based on a report from Symantec that I haven’t seen yet.
Lockdroid’s current campaigns appear to be focused on China, but that doesn’t mean its innovations won’t be seen elsewhere. Symantec’s Dinesh Venkatesan noted implementation bugs and that it might be possible for a victim to recover the unlock code from the phone.
Software engineer Darren Cauthon tweeted about how: ‘Family member’s tv is bricked by Android malware. #lg wont disclose factory reset. Avoid these “smart tvs” like the plague.’
To put this into some perspective, this isn’t a recent model: he explains that ‘It was one of the first google tvs.’ (Google TV is no longer supported, and LG smart TVs now run on WebOS, apparently. However, Google is said to be working on another Android-based platform.)
Catalin Cimpanu reports for Bleeping Computer that ‘Cauthon says he tried to reset the TV to factory settings, but the reset procedure available online didn’t work.’ When contacted, it seems that LG suggested that an engineer could reset the TV at a cost of $340. Cimpanu suggests that the malware is probably FLocker (a.k.a. Dogspectus).
Commentary by David Bisson for MetaCompliance here.