STOP Buying ANDROID TV Boxes!

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
subscription streaming services are getting to the point where they cost as much as a cable subscription used to I mean it's no wonder people are setting sail for the streaming seas that is where this morally ambiguous plastic box comes in it can be had for about the price of a family outing to McDonald's and Promises to provide cheap or even free access to copyrighted content for anyone no technical skills required I mean there must be a catch right oh now that's a yikes desktop Echoes discovery of a pre-installed back door on the t95 made us wonder is it a one-off or does it impact the plethora of similar Android boxes available on Amazon AliExpress and nearly every other Online Marketplace to find out we bought a whole stack of them and as it turns out the t95's back door is only the tip of the iceberg so then are any of these things worth buying or do they all need to go straight to the landfill like I'm gonna go straight to this Segway to our sponsor iFixit is your battery not lasting as long as it used to looking for a new project iFixit has you covered stay tuned to the end of the video to learn more about their battery replacement kits legally questionable set top boxes are nothing new way back in 2009 I talked about the popcorn hour c200 whose big party trick was the ability to stream from torrents rather than waiting for them to finish downloading there's a big market for this kind of stuff and as part of the Napster generation I may or may not have dabbled myself at some point no judgment however it's important to remember that the kinds of folks who are willing to help you circumvent copyright law tend to be the same kinds of folks who don't care about other laws either like privacy or data collection laws to what you might think come on minus how bad could it be let's have a look booting up any one of these boxes you're going to be greeted with a friendly setup process and brought to a home screen that looks at least vaguely like Android TV if you're running a pie hole like desktop Echo was this might be the point where you start to see red flags in what seems to be a best case scenario the Box might be trying to Ping an address with fota in the URL fota stands for firmware over the air and is relatively standard Android Behavior what isn't relatively standard is that if you look up the IP that URL is going to point to a place that at least someone refers to as China now this isn't a problem in and of itself but with China's looser regulations especially with respect to foreign Nationals it means that there are no guarantees that the firmware that you download will be clean or that it will even be firmware at all in a much worse scenario your experience will mimic desktop Echoes who found countless attempts to contact URLs that were made up of jumbled letters and lesser used top level domains that were attempting to dump payloads into the now notorious core Java directory this matters because this directory appears to be a relative of CopyCat an Android malware with truly terrifying capabilities the original infected an estimated 14 million devices and was designed primarily to generate and steal ad Revenue but given that it can root your device inject itself alongside apps that you launch and control your network activity it can be used for all kinds of Nefarious activities coming back to our devices then when inspecting their file systems using Android debug Bridge we found almost half of them had the same core Java folder and open preferences file even if they didn't immediately try to access any questionable URLs another one had the core Java folder though it was empty as if the firmware image that they used contained the same malware at some point but it was removed did they have a change of heart did they accidentally break the malware's functionality or did they remove it to install something worse we don't know another possibility is that it's a Remnant from borrowing someone else's homework there's evidence that at least half of the units that we bought use modified versions of Android that started off their lives as Android for Google pixel phones one such image calls itself big Droid OS the lack of Google results for big Droid seems to indicate that it exists only for use on Android set-top boxes and could even be an internally developed Fork at a manufacturer of these devices now now we did find big Droid OS installed on three different boxes that seem to come from different manufacturers but all three of them share the same all winter SOC model and the same specs and also we have no way to confirm that they actually came from different places at least not without flying to China to track the factories down in person which is a lot of time and expense for a throwaway Scooby-Doo reveal bit and besides it doesn't really matter because we've seen enough at this point to say definitively that you shouldn't plug any of these things into your home network at least not without precautions I mean what if we could meddle with the box and prevent the malware from getting away with whatever it's trying to do could we make any of these into useful devices most of them do have four gigs of RAM the ability to Output in 4k Bluetooth Wi-Fi well that's a tough one blocking the bad behavior that we know about won't protect us against the unknown and there's a lot that we don't know most of these came pre-rooted with alternative app stores and a rebranded version of Kodi that does not Inspire confidence they could easily contain payloads that Target other devices on your local network or persistent malware that steals login credentials and no amount of monitoring is enough to say for sure that everything has been found and eliminated a backdoor in the system for example could lay dormant for months or even years only to awaken when a bad actor needs your zombie device to join a large DDOS attack or something like that now one option would be to find a clean ROM and install it in place of the stock operating system I mean they are rooted devices after all but unfortunately our attempts at this were frustrating at best and downright impossible at worst it seems like all the resellers that offer flashable firmware images are content posting the files on Mega Dropbox or OneDrive so if those files expire they either don't notice or they don't care and when you do find a ROM and you figure out how to flash it onto your device odds are good that you will end up right back where you started core Java folder and all oh and also I mean if you bought this thing for the pirated content that's not going to survive a clean Android installation anyway there does seem to be one project going to make custom firmware for Android set-top boxes but it only works if they have amlogic socs and certain streaming apps are going to be very limited in functionality if they work at all but hey you might say they're still able to do 4K right right no aside from lagging super badly this image is clearly not 4K and when we went in with ADB and checked the screen size being reported by the system all of these boxes were either stuck at 1080P or even 720p which is hilarious because this one says 8K not even 4K so do they have any redeeming qualities are they lying about what's inside the box as well yeah even though this advertises four gigs of RAM even though Android reports four gigs of RAM and even though the chips on the board appear to be for a four gig set with a searchable part number and everything it's not four gigs only half of that will ever be usable and the system properties seem to corroborate that this probably explains why the text on these Micron memory chips look so faded as though it was cheaply printed at the factory this issue is not just limited to Android TV boxes either as some car stereos running Android apparently also have the fake Ram problem which means that these and those are all essentially manufactured E-Waste unless you know your way around Android very well and can get a clean image onto yours there is nothing to guarantee that it won't eventually engage in illicit activities on your network or try to steal your Google login so for just about anyone it's not worth the risk especially when these things cost about the same as a Chromecast with Google TV even the 4K model in some cases I mean sure that's not a perfect device either internal storage is limited to eight gigs a new power brick and dongle is required to add USB or MicroSD support and it only has two gigs of RAM but come on at least it's not Trojan horsing its way into your living room to live across the coffee table from your stylishltdstore.com fro pillows if you want something more powerful the Nvidia Shield is definitely that offering up 1080p to 4K upscaling regular software updates and the ability to act as a Plex Media Server though it does come at a significantly higher price both of these Alternatives can run Kodi without too much issue if that's what you're into both are capable of 4K but for real and most importantly both come free of malware we're gonna have links in the description below if you want to pick up one of those back to these then streaming services can be really expensive setting up and tweaking reliable trusted devices can be frustrating especially if it's for an elderly or less tech savvy relative and I'm not going to stand here and tell you to Pirate or not to pirate I'm just going to tell you to practice safe computing and this ain't it what this is is a segue to our sponsor iFixit iFixit wants to help you keep your devices powered like they are brand new iFixit has a wide range of battery replacement kits for your mobile devices kits for laptops cell phones tablets smart watches and even the Nintendo switch and you don't need to be an expert to repair your devices each kit has a simple to follow step-by-step guide with photos that'll help walk you through your replacement so you can learn a new hobby while also saving yourself time and money check out ifixit.com LTT to find fix kits for your devices today if you like this video maybe check out our Roundup of dash cams the Android TV boxes of the car
Info
Channel: Linus Tech Tips
Views: 3,553,504
Rating: undefined out of 5
Keywords: android, android tv, t95, t95max, t95q, android malware, tv malware, malware, android security, corejava, kodi, xbmc, piracy, media center, hack
Id: 1vpepaQ-VQQ
Channel Id: undefined
Length: 10min 20sec (620 seconds)
Published: Thu Apr 13 2023
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.