EFF urges U.S. to halt sales of botnet-linked Android TV devices

Mike Wheatley

The Electronic Frontier Foundation is trying to escalate the investigation into Chinese-made Android TV boxes that it alleges come pre-installed with malware.


A report from FlatPanels HD says the EFF wrote an open letter to the U.S. Federal Trade Commission, asking it to get involved in the matter and investigate the concerns it has raised over the products.

Reports of the malware-infected Android TV media players first appeared in the media earlier this year. Independent security researchers discovered the malware in a number of devices made by cheap and cheerful Chinese electronics firms such as AllWinner and RockChip, which are sold in the U.s. via websites such as Amazon.com and AliExpress.

The set-top boxes are said to be based on the open-source version of Android, and that the software has been customized to run on TVs. It’s not the official Android TV platform.

In a statement last week, the EFF, which is a nonprofit digital rights organization, urged the FTC to take action and prevent the devices from being sold, in order to protect consumers.

The affected products, including the AllWinner T95Max, RockChip X12 Plus and RockChip X88 Pro 10, are said to be shipped with malware that integrates them with a large botnet that’s made up of thousands of similar devices. The botnet is currently believed to be running a clickbot that generates ad revenue by secretly clicking on ads in the background, without the user’s knowledge. Such activity can impact the performance of TV hardware.

However, while this is bad enough, one of the security researchers who first discovered the malware said that its design means the creators could choose to use it for even more insidious purposes, such as stealing user’s personal information.

"We believe that the sale of these devices presents a clear instance of deceptive conduct: the devices are advertised without disclosure of the harms they present,” the EFF said. “They also expose the buyers to an unfair risk which starts after simply powering the device on and connecting it to the internet.”

Moreover, the EFF wants to make consumers aware that the AllWinner and RockChip boxes do not provide the genuine Android TV experience. This is because they run a modified version of the standard Android platform that’s designed for mobile devices. The open-source Android can be loaded onto any kind of device without oversight, which is what makes it possible to pre-install the malware. These unofficial Android variants offer a subpar experience compared to the official Android TV platform, because it was never meant to be used with televisions. A large number of TV streaming apps are not compatible with the mobile version of Android. So instead they run the mobile versions of popular apps, which deliver lower streaming bitrates.

The main advantage of AllWinner’s and RockChips’ devices is that they cost far less than most genuine Android TV hardware does.

Most likely, the companies choose to use the open-source variant of Android because of Google’s strict rules around the official Android TV software. Google insists on certifying all such devices, and demands they run the Android TV UI without any branding or modifications. Only a select number of broadcasters have made agreements to customize Android TV.

The EFF is calling on the FTC to sanction the Chinese brands, saying that this will act as a powerful incentive for them to avoid selling their malware infected products. The organization also sent its letter to the U.S. Cybersecurity and Infrastructure Security Agency Director Jen Easterly. "This is the very essence of consumer protection: ensuring that the products we bring into our homes aren't preset to be hijacked for malicious purposes," the EFF wrote. "We urge the Federal Trade Commission to take swift action."

For consumers who have already purchased one of the affected set-top boxes, the advice from the EFF is simple and effective: Throw it out with the rubbish.

Genuine Android TV devices include the Nvidia Shield, Chromecast with Google TV, and other set-top boxes made by the likes of Nokia and Xiaomi.