Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Broadcasting & Cable
Broadcasting & Cable
Business
Daniel Frankel

Google: Malware Infected Streaming Devices Are Built on Android Open Source Project, Not Android TV

AllWinner T95 Android TV device

Google said Android-branded streaming devices sold through popular e-tail channels including Amazon, and loaded with adware out of the box are powered by Android Open Source Project software and not Android TV. 

"We have recently received questions regarding TV boxes that are built with Android Open Source Project and are being marketed to appear as Android TV OS devices," Google said in a blog posted late last week. 

"Some of them may also come with Google apps and the Play Store that are not licensed by Google, which means that these devices are not Play Protect certified," Google added. "To help you confirm whether or not a device is built with Android TV OS and Play Protect certified, our Android TV website provides the most up-to-date list of partners. You can also take these steps to check if your device is Play Protect certified."

The devices in question, marketed under brand names like T95Max, RockChip X12 Plus and RockChip X88 Pro 10, are based on system-on-a-chip hardware from AllWinner and RockChip. 

On Amazon, the T95 is listed as a "Android 10.0 TV Box. Nowhere is a distinction made between "Android Open Source Project" and "Android TV."

Ontario, Canada-based IT pro Daniel Milisic published last year on GitHub  his experience with a T95, which has a four-star rating on Amazon amid 744 reviews. 

Milisic said the device began connecting out of the box with a botnet network of thousands of other infected Android TV gadgets around the world. The device, he said, immediately sought out a command and control server, which downloaded additional malware to his gadget.

The malware enabled the T95 to begin conducting ad-click fraud, clicking on ads in the background. 

In his GitHub post, Milisic published the script he used to "defang" what he described as a "no good, awful, nasty little ARM-powered TV/hobby box." 

Milisic's findings were confirmed by Electronic Frontiers Foundation security researcher Bill Budington in this report

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.