STREAMING TV illegally through so-called “dodgy boxes” or modified Amazon Fire and Roku sticks is no victimless crime.
And those partaking in streaming piracy could be the next casualty.
Households that have purchased modified streaming gadgets that allow them access to premium services, such as Sky and Premier League, are often unaware of the wider consequences.
But when 1.3million Android smart TVs were hacked last month, experts warned that Brits weren’t taking the risk seriously enough.
And jailbroken TV boxes and sticks can heighten that risk, while helping to place peoples personal and financial information into the hands of cyber criminals.
“Android-powered set-top TV boxes are hugely popular at the moment, particularly as they are relatively inexpensive and can be customised to viewer’s requirements,” Marijus Briedis, Chief Technology Officer at NordVPN, told .
READ MORE ON ILLEGAL STREAMING
“Much to the anger of streaming companies, they are often corrupted to become ‘dodgy boxes’ that allow users to access multiple services for free.
“Little do Brits know the security implications of having one of these, let alone the legal issues that could follow.”
What is a ‘jailbroken’ Fire Stick?
When an Amazon Fire Stick is ‘jailbroken’, it means a third-party media server software has been installed on it.
It’s not just Fire Sticks that can be modified to stream content for free.
The software most commonly used on Fire Sticks is called Kodi.
It can grant users unrestricted access to new features and apps the normal version of the device wouldn’t allow – but it is not legal to use in the UK.
The government outlined in 2017 that adapted Amazon Fire sticks and so-called ‘Kodi’ TV boxes were illegal.
This is because they breach intellectual property laws in not paying for the media content being watched.
“These devices are legal when used to watch legitimate, free to air, content,” the government said at the time.
“They become illegal once they are adapted to stream illicit content, for example TV programmes, films and subscription sports channels without paying the appropriate subscriptions.”
If users are watching content that would usually be free, however, then they would not be breaking any laws.
Cyber criminals can use jailbroken streaming gadgets to break into your Wi-Fi and then onto other electronic devices on the same network.
As costs climb for streaming service subscriptions like Netflix and Disney+, households are increasingly purchasing products that have third-party software installed.
It’s this software, installed by operators that often have ties to wider criminal networks, that lets households subvert paywalls.
Yet, most people wouldn’t realise if there were malicious third-party software installed on their device, alongside the software that lets them watch Sky shows for free.
‘A wider network of bots’
A Wi-Fi hack can be devastating, as it gives hackers a key into every device that’s connected to the internet.
It means a hacker can spy and gain access to any information sent out from all of the devices on your hacked network.
As well as harvesting users’ personal data this software, once enabled, means the box can also connect with a wider network of bots and be used by cybercriminals to gain revenue by mining cryptocurrency or clicking on ads
Marijus Briedis, Chief Technology Officer at NordVPN
This can include login credentials and passwords, as well as other personal and financial information.
Hackers can even use your electricity to mine cryptocurrencies, according to Briedis, which can ramp up your energy bills.
“As well as harvesting users’ personal data this software, once enabled, means the box can also connect with a wider network of bots and be used by cybercriminals to gain revenue by mining cryptocurrency or clicking on ads,” he said.
While cyber crooks are best known for hacking into smartphones and PCs, hawk-eyed hackers are always on the prowl for fresh prey.
As Briedis explained: “Devices such as computers and phones will always be more coveted by cybercriminals looking to steal your personal data, as they contain the most amount of information about the user.
“They contain access to your mobile and internet banking, identification details, contacts, email and messaging history, even notes apps that may contain passwords and hastily scrawled pin numbers.
“The trouble is that most people are now aware of the dangers of criminals accessing our mobile phones and PCs and have layers of security to minimise the risks of being hacked.
“Something like your TV, your Wi-Fi or your smart home devices are much less likely to have any protections and can be an easy entry point for cyber crooks.”
Ties to organised crime
The renewed warnings follow the biggest illegal streaming bust by police and IP protection organisation FACT to date in July, where 40 illegal streaming operators got stung with warnings.
Cease-and-desist notices were delivered to operators in person, through post and email by FACT and police.
Some of this has organised crime behind it, not all of it, but some of it does… which is why when we prosecute people they get such long prison sentences as you can see from previous cases we’ve sent to court
Kevin Sharp, CEO of FACT
Only the worst offenders, such as the large-scale distributors, will face prison time.
Speaking to after the record bust, FACT CEO, Kevin Sharp, said: “Some of this has organised crime behind it, not all of it, but some of it does… which is why when we prosecute people they get such long prison sentences as you can see from previous cases we’ve sent to court.”
FACT also trawls social media to hunt down distributers, and their customers, plus it uses “creative software” to detect law-breakers.
The organisation’s partners, like Sky, Premier League, TNT Sports, Virgin Media, also have their own ways to sniff out content poachers.
However, Sharp – who headed the economic crime team at Interpol – remained tight-lipped as to his agency’s more sophisticated methods of detecting illegal streamers.
Suspect you have fallen victim?
If you suspect you have fallen victim to malware through your TV, Briedis recommends going through this check list:
- Disconnect the TV from your Wi-Fi
- Factory reset the TV in Settings
- Update to latest software
- Update apps to latest version
“Disconnect the TV from the internet, factory reset it, and update its operating system and apps,” he said.
And if you want to be extra secure, Briedis added: “You should also consider changing your Wi-Fi password and scanning your network for other compromised devices.”
If you think a modified streaming gadget is the culprit, it’s best to disconnect it from your network and dispose of it.