Close

What are you looking for?

cancel
Showing results for 
Search instead for 
Did you mean: 

Original topic:

Persistent Malware / Virus Infected TV. Targeted Youtube App First. Web Server of Samsung Smart Hub Infected?

(Topic created on: 23-09-2020 04:55 PM)
RendCycle
Journeyman
Options
TV

We have the UA40KU6000 Smart TV and either the recent TV's Firmware update has bugs or the TV got infected with a Malware / Virus. First, we started noticing slowdown issues on our home network and constant SYN Flood, LAN-side UDP Flood, as well as TCP/UDP Port Scanning activities were being reported in our Modem's logs. The time reported for these malicious activities coincide with the TV being turned on. Aside from this, I got really suspicious when the Youtube App pre-installed in the TV suddenly changed some of its interface icons into Chinese characters. Then slow loading of the Youtube App videos and sometimes the app actually hanging by displaying a black screen made me decide to reset the app. It worked for a few days.

 

But when the problem came back, it was worse. I needed to totally reset the Smart Hub App and tried securing my account on Samsung's website. The strange thing is, we don't have the option in the TV to strengthen the login feature. It only uses Profile Image selection as a crude security measure. That means any hacker can easily guess from a limited number of Profile Images and he/she will get to login on the TV successfully using my Samsung Account. The Two-factor Authentication (2FA) security feature does NOT actually exist on the TV and it's just for Samsung's website. ☹️

Anyhow, after resetting the TV to factory settings and reactivating my Samsung Account in the TV, our home router's Firewall has now totally blocked the TV from accessing the network. I had to connect the TV directly to the modem for it to be able to access the Internet and work again. But I know that our Samsung TV is now part of a Botnet who does constant Distributed Denial Of Service (DDOS) attacks in the Internet because Samsung can't seem to fix their TV's security feature. The TV's built-in Virus Scanner is useless. Due to this, I guess it's only a matter of time before our Internet Service Provider (ISP) will block our Internet access.

I hope Samsung will provide a fix soon. I need to access the Steamlink App through our home network soon and I cannot do that if the TV is not connected to our home router.  Please Samsung, fix this and help reduce worthless Internet traffic like DDOS attacks for the sake of the netizens of the world.

7 REPLIES 7
TessM
Moderator
Moderator
Options
TV

Hi @RendCycle . 

I can see that you've got a non EU model TV.  With Samsung support being localised and this being a European forum (the English language part is supported by the Samsung UK & Ireland team, for example), we're limited in what we can do for you in terms of direct support.

 

Have you been in touch with Samsung in your region to see if others are reporting the same? 

0 Likes
RendCycle
Journeyman
Options
TV

Hello, I did try to look for a Samsung community/forum site in my country but couldn't find one to see whether others have reported having the same issues. I also did try contacting Samsung tech support locally but the email function on their site is not working yesterday. I was able to Chat with someone though but according to the support personnel, he/she only can help w/ mobile phones and asked me to contact Live Chat in the morning. So my only choice was to post here in case someone can help.

Anyhow, I just checked the email option again in the local Samsung site to try and screenshot the error but found out it seems to be working now. So will see if someone can help me there.  I appreciate the reply, thanks!

0 Likes
ChrisM
Moderator
Moderator
Options
TV

Do let us know how you get on, @RendCycle.

0 Likes
RendCycle
Journeyman
Options
TV

I was able to talk to someone from local Samsung Tech. Support phone line. But as expected, they couldn't solve our TV's problem. My TV's Firmware version is 1242 and I noticed in the official Samsung website, the available downloadable firmware version is only 1241.5. That's strange.  Anyhow, I recently repeated the tests in trying to run these apps: Youtube, Youtube Kids, Vimeo, Netflix, and Steamlink. Here's my result:

  • After doing a Factory Reset on the TV and the Smart Hub App, the TV will work normally. When you switch the TV off and turn it on again, the problem with the apps will start to occur.  
  • Netflix runs normally.
  • Steamlink seem to still work normally using LAN Cable.
  • Vimeo will stop running and just display an error message like "corrupt TV configuration" or something similar.
  • When clicking either the standard icons (under the TV's Main Bottom Dashboard and in Smart Hub->My Apps page) for Youtube or Youtube Kids to try and run the apps, the TV screen displays an error message about "Invalid Certificate..."  and there is a Deny and Allow Buttons visible as well as a check box to remember my preference.  See image below.

    samsung-tv-ua40ku6000_malware2.jpg

  • The Malware seems to be learning. Before, I was still able to access the real Youtube by clicking the search result in the Main Bottom Dashboard and Smart Hub App. Now, I cannot do that.
  • The fake Youtube App with random Chinese characters will not show any preview of a video nor be able to play them. It just shows a blank box / screen. See image below.
  • I checked the Youtube App Settings and I've tried  selecting the English (US) & also English (UK) as Language but the random Chinese characters are still there. The fake Youtube App seem to indicate a Version Code (web_20200916_00_RC00) that sort of have a date of last update and it says September 16, 2020. But the version indicated in the Youtube App under Smart Hub says version 2.1.490 and it was last updated on January 10, 2019. See image below.

samsung-tv-ua40ku6000_malware.jpg

 

  • I also discovered, when connecting through WiFi instead of LAN Cable (after a TV restart - on/off) and using same Router and ISP, seem to remove the random Chinese characters from the Youtube App and I can watch/play the videos therein as normal. But some apps like Vimeo remained not working and needed a reinstall. Steamlink is also quite slow and unusable using WiFi.

    I hope we can totally uninstall Youtube and the other bundled apps in the Samsung TV.  An available option to re-download, refresh, and re-install them through the Smart Hub App would be a nice feature that might help remove any "embedded" malware infections. Any non-critical app that comes from a third-party should be removable from the TV's operating system.

    Another suggestion would be to have a more active Virus definition database updates for the Virus Scanner that came with the TV so it might be able to detect any malicious activity and stop them early. 

 

0 Likes
RendCycle
Journeyman
Options
TV

UPDATE: I think my old Asus Router has been infected with a persistent Malware that cannot be fixed by any firmware upgrade / replacement nor a hard / factory reset. I replaced the Router with a brand new one and the problems with the Youtube App disappeared. This  can also mean the TV might still be infected and the security features of the new Router is just blocking it as I guess its a two-way street how the Malware works. An allowed data query from the TV gets hijacked by the Router. In return, it grabs an edited content from a specific masked address in the Internet before displaying them on the screen. I hope Samsung will strengthen the security features of their TV to help prevent this kind of issues.

 

EDIT: I spoke too soon. The Malware is back!!! See next post.

0 Likes
RendCycle
Journeyman
Options
TV

ANOTHER UPDATE: After turning on the TV this morning I discovered the problem is back!!! So this means there is no problem with the Router and this is solely caused by an infected Youtube App, Youtube Kids App, Vimeo, and probably the Smart Hub App installed on the TV. But there is a high chance that this could also mean the Web Server hosting the Smart Hub App (serving the software downloads) is somehow also totally infected with Malware as even a factory and app reset on the TV itself, the Malware infection comes back.  If you own a Samsung Smart TV, I suggest you DO NOT DOWNLOAD ANY NEW APP for now.

 

This is a major problem and have already affected a lot of vulnerable Samsung TVs. I've noticed there are already similar reports as far as 9 months ago especially in other websites like Reddit, etc. Why has this not been fixed until now?


I don't know what to do at this point. I hope Samsung can help soon. 

0 Likes
RendCycle
Journeyman
Options
TV

It looks like people are experiencing similar issues since 2018. Here's the related thread in this same forum site. But the issue initially posted therein is just half of the problems I experienced. Last time, I was just not able to connect to the Internet after "denying" the security certificate warning. But I didn't see whether there are still random Chinese characters on the Youtube Apps because I was not able to access it.

 

I just followed the solution marked in that post and I was able to connect to the Internet. Hoping this would last.

0 Likes