There’s a wave of consumers who are buying Android-powered TV “set-top boxes” – devices that allow them to upgrade their existing "dumb" TV to become more like a “smart” TV. The box allows them to watch all the streaming services that are available like Netflix and Hulu and take advantage of Google's new 800+ channel app.
And the price makes sense, too. Typically for less than $50, you’re set up to watch hundreds of channels that your old VHF/UHF TV just can't handle. What you probably don’t desire, though, is the venomous digital bite that can make you wish you'd never bought the darn thing.
“However, rather than delivering extra channels, some of these boxes are delivering malware on demand,” Adrianus Warmenhoven, a cybersecurity advisor at NordVPN, told ConsumerAffairs. “As well as harvesting users’ personal data this software, once enabled, means the box can also connect with a wider network of bots and be used by cybercriminals to gain revenue by mining cryptocurrency or clicking on ads.”
“Worryingly, our research indicates that a quarter of Americans do not take any protective measures when using one of these Internet of Things (IoT) devices,”
Not even the FBI can stop this
Warmenhoven said that people need to be aware of the dangers involved when buying these boxes from untrustworthy sources. As more people buy the devices the problem could grow.
Try as it may, even efforts by the FBI to crack down on data marketplaces have not been entirely successful, as it has pushed these cybercriminals underground.
“Android TV boxes may be the next entry point to find your personal details and sell them on the Dark Web,” Warmenhoven said.
What boxes to stay away from and how to protect yourself
NordVPN said certain Android boxes should be approached with caution. It said some devices found to contain malware were being sold on Amazon and made by the China-based companies Allwinner and RockChip.
According to TechCrunch some of the specific models found to have malware preinstalled were the AllWinner T95Max, RockChip X12 Plus, and RockChip X88 Pro 10.
If you’ve bought one of these products or if you want to protect your network from the risks posed by an Internet of Things device, a Nord spokesperson suggested installing a VPN on your router. Another plus of installing a VPN on your router is that it would also protect IoT devices that don't support VPN coverage on their own, such as a Ring Doorbell. Here is a guide on NordVPN's blog.
Another way of avoiding the risk of a "bad box" would be to make sure you get Android TV with the official Google operating system, which powers set-top boxes, dongles and some smart TVs. The certified Android TV set-top boxes should come with other Google apps like Google Assistant installed. According to USA Today’s reviewers, those include Google Chromecast (3rd Generation), Roku Express 4K+, and Roku Ultra 4802R.