When asked about smart home devices, cybersecurity experts will generally say to be wary of them, or at least make sure they’re segmented from the home’s main network or on a VLAN. And, when asked about which devices gives them most pause, they will largely agree that smart TVs are the most insecure devices that can appear on a home’s network. Now, a Chinese cybersecurity firm is confirming those suspicions and is sounding the alarm on a large botnet campaign called “Bigpanzi” that is targeting Android OS smart TVs and set-top boxes and has been active since 2015.
QiAnXin, a cybersecurity service and anti-virus software firm says the hackers entice users to install free or cheap audiovisual apps for firmware updates and embed backdoor components to transform those devices into part of the Bigpanzi botnet to carry out further malicious activity, such as traffic proxying, DDoS attacks, OTT content provision and pirating traffic.
Unlike a typical botnet, Bigpanzi’s activities extend far beyond DDoS attacks, using Android TVs and set-top boxes to disseminate visual or audio content.
One example was a network attack on set-top boxes in the United Arab Emirates in which attackers substituted regular broadcasts with footage of the Israel-Palestine conflict, according to QiAnXin.
“The potential for Bigpanzi-controlled TVs and STBs to broadcast violent, terroristic, or pornographic content, or to employ increasingly convincing AI-generated videos for political propaganda, poses a significant threat to social order and stability,” company researchers write in a blog.
Researchers say the hacking group, which has successfully hidden themselves for eight years, infects user devices via pirated movie and TV apps on Android devices, backdoored generic OTA firmware on Android devices, and backdoored “SmartUpTool” firmware on eCos devices.
Researchers say the peak daily active bots in the campaign were around 170,000, primarily in Brazil. Nodes are primarily distributed across Brazil, amazing over 1.3 million distinct IPs since August, the company says.
While a botnet of that size is alarming enough, researchers believe the actual size may be larger due to observational limitations and the fact that TVs or STBs might not be powered on all the time, leading to data omissions.
“In the face of such a large and intricate network, our findings represent just the tip of the iceberg in terms of what Bigpanzi encompasses,” researchers write, adding that they welcome insights and collaboration from the cybersecurity community.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
'Bigpanzi' Botnet Campaign Targets Android TVs, Set-Top Boxes - CE Pro
Read More
No comments:
Post a Comment