back to article Chinese smart TV boxes infected with malware in PEACHPIT ad fraud campaign

Bot defense software vendor Human Security last week detailed an attack that "sold off-brand mobile and Connected TV (CTV) devices on popular online retailers and resale sites … preloaded with a known malware called Triada." Human named the campaign to infect and distribute the Android devices BADBOX. The infected devices were …

  1. Martin Summers

    Even the government are warning people against dodgy streaming boxes with billboard advertising campaigns saying "you're letting criminals in". Was quite surprised to see them. No-one is going to listen of course, so long as the box streams what they want. Most people are gleefully ignorant of what happens in the world around them and they will always be that way.

    1. Gene Cash Silver badge

      Actually, I think most people will remember the BPI's "HOME TAPING IS KILLING MUSIC" and ignore the billboards as more of the same.

      1. Martin-73 Silver badge

        That was precisely my response to seeing one this morning.

    2. Anonymous Coward
      Anonymous Coward

      In the good old days, of course the retailer was liable for dodgy products (in the UK at least), and the consumer or trading standards could hold them to account. But with online retailers and marketplaces that no longer works. The bigger and very well known ones try and keep their own retail sales clean - with only varying degrees of success - but when it comes to "marketplace" sales, then they insist they are not the retailer, merely an intermediary, perhaps a fulfilment house, but no, not a retailer. So they take the money but wash their hands of all accountability. And if the consumer wants to take it up, they'll need to take it up with whatever cowboy outfit in the back of beyond. If you're dealing with a marketplace that has little or no UK presence, then there's little the authorities can do.

      That's true for anything bought online, whether we're talking cheapo incendiary e-bikes, malware loaded IoT devices, unsafe phone chargers, counterfeit goods, or stuff that's simply non-compliant for example through inadequate product labelling. There's a consultation on changing the rule to give regulators more power to address things like this, and you can have your say before 24 October and pass it on to others - do read the consultation before responding, some is dull but that's the nature of policy consultations:

      https://www.gov.uk/government/consultations/smarter-regulation-uk-product-safety-review

      1. garwhale Bronze badge

        I would be surprised to see that the "not a retailer" defence stand up in court. On-line is legally no different from the old days, where you ordered stuff from a mail order catalogue by snail mail or telephone. If they say they are just a facilitator, you should transfer the payment direct to the seller.

    3. sanmigueelbeer
      Facepalm

      `tis all fun-n-games until somebody pokes an eye

      Would it make any difference?

      How many oil refineries, power plants, manufacturing/industrial plants, etc get hacked every year?

      The most fundamental question is still left unanswered: If these critical network infrastructure (CNI) are deemed "critical", then why is the CNI network connected to the internet?

      `tis all fun-n-games until somebody pokes an eye.

  2. garwhale Bronze badge

    So what are Amazon, AliBaba, AliExpress etc. doing about it? Are they recalling the devices, and if not why not?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like