PREINSTALLED MALWARE comes standard with IoT for Android TV Box!

DarkReading.com reported that “Hardware being sold with preinstalled and often unremovable malware is an ongoing issue for consumers.” The January 13, 2023 article entitled “Malware Comes Standard With This Android TV Box on Amazon” (https://www.darkreading.com/threat-intelligence/malware-standard-android-tv-box-amazon) included these comments:

At $39.99 with a $3 coupon option for Amazon Prime members, the T95 Android 10.0 TV box might seem like a good value. But when an unsuspecting but cybersecurity-savvy customer ordered one up, he said it came "festooned" with malware — no extra charge.

Daniel Milisic warned consumers in Reddit and GitHub posts that he just happened to have bought the box to run Pi-hole tracker blocking — and that he immediately made a startling discovery. His first clue something was funky with the device's security was that it was signed with Android 10 test keys.

"If test keys weren't enough of a bad omen, I also found ADB wide open over the Ethernet port — right out of the box," Milisic added.

Then he let Pi-hole go to work.

To make things worse there really no laws to protect you!