Anatel finds malware on the best-selling TV Box in Brazil

Anatel finds malware on the best-selling TV Box in Brazil

A malicious software was found on the HTV, IPTV device that was the best seller according to the National Telecommunications Agency (Anatel). In partnership with the Brazilian Pay Television Association (ABTA), the TV Box Working Group found the plague in the device.

  • US retailer sued for selling pirated IPTV
  • What is IPTV?

The pirated equipment is sold in online stores for around R$1,000 and has the attraction of several released channels without the user having to pay the original subscription, based on illegally retransmitted content. According to TeleSíntese, Wilson Wellisch, superintendent of inspection at Anatel, informed that the agency sought engineers and experts from ABTA to contribute with the reverse engineering.

To verify all functionalities, it was necessary to build similar equipment that would allow simulations of real use of the device — subscription to HTV packages is not allowed for the investigation. “We had difficulties because we need the equipment working. Not enough it disconnected. The partnership with ABTA allowed us to carry out tests with live equipment and, from there, we verified the vulnerabilities”, highlights Wellisch.


Canaltech Podcast: from Monday to Friday, you can listen to the main headlines and comments about technological happenings in Brazil and in the world. Links here: https://canaltech.com.br/360/

While user watches, HTV malware collects data (Image: Replay/Envato/stockasso)

So far, the agency has identified that, when turned on for the first time, the HTV looks for a port to connect, without the user’s consent, to an unknown server. From there, the malware starts receiving updates from other ports that can be used if discovered.

In addition, user data is captured and sent to servers. The device retransmits pay TV content captured in Brazil without a license. Once captured in the country, the material is transmitted in a masked form to servers abroad and then brought back to local customers. According to Anatel, the content is captured both when programmers are sent to distributors and directly from distributors (pay TV operators, such as Sky or Claro, for example).

Everything is done through the user’s IP connection from applications that simulate pay TV or over-the-top (OTT) media services, which distribute online content in a direct connection between the platform and the end user. It is an illegal activity and the user pays to access it.

Cryptocurrency mining

The malware is able to take control of the TV Box, but it doesn’t. It works in the background, without the user noticing it. Wellisch explains that it connects to a malicious botnet that has the ability to perform coordinated denial of service (DDoS) attacks. “Since there is a lot of this equipment distributed, they can be used to take down sites, including public services”, he says.

Agency suspects that IPTVs can be used to mine cryptocurrencies (Image: Reproduction/Pixabay/WorldSpectrum)

This year, Wellisch said there were suspicions that these boxes were used in cryptocurrency mining without the user’s knowledge. Anatel has not yet performed tests to verify this hypothesis. “For now, we’re dedicated to cybersecurity, but I still think mining is possible because these TV Boxes don’t use all the available capacity.”

Anatel intends to improve piracy combating strategies and go beyond the apprehension of non-approved equipment. The working group’s conclusions will be sent to the Cyber Working Group, dedicated to cybersecurity. The proposal is to understand if it is possible to work together, since the identified problems go beyond intellectual property theft and lack of hardware approval.

Read the article on Canaltech .

Trending at Canaltech:

  • When will Matrix Resurrections be released on HBO Max?
  • The universe is self-taught and changes the laws of nature on its own, says study
  • Learn why the Python language will be the most demanded on the market in 2022
  • Who invented the internet? Discover the complete history of the Cold War to the WWW
  • Tesla Model 3 catches fire during charging and turns on warning signal in US

This content was originally published here.

Laat een reactie achter

Het e-mailadres wordt niet gepubliceerd.