Smart TV virus scan

[esetsmarttvuser42 0]

Product installed via Google Play Store 

After install, got an upgrade screen Good.

Not able to do scan exited app

opened app again 

This time, got blank screen (some noticeable hesitation before app loaded the first time)

Did the app get patched somehow and executed via a non standard path in the code with otherwise normal UI? Functionality looks impaired but have no UX (first look) 

Rinse and repeat on blank screen UX.

Bank screen persisted called support 

Deinstalled  and reinstalled app per support.

Verified software version and licensing with support agent after account not found? This is not mutual authentication handshake so MITM software install not ruled out, just working through threat model of IOT.

So not out of potential MITM woods? Does support resolve issue? Sort of. A newly reinstalled version no longer has a blank screen. Is it functional? Remaining to be seen while support person does research with a potential follow up TBD.

Product UX question? Where is a verification step for software? Where is digital signature or minimal sha 256 checksum? It’s a 📺? Is the Android OS a problem or another App.  One of my other IOT devices just went total  TCP-IP TITSUP so it might be an undocumented network packet of doom that disabled it from another device. Thus making the Android TV a subject of interest to validate with ESET product

Reloaded software then does a scan. 1 file.

huh? That’s shaky. Run it again and it does 255  ish files. No error, no 🛠 tools. No verdict of infected or not. Definitely no display of infected status, (demoed in screen shot nicely provided)

Going deeper into the UI shows additional features of the freemium feature set. Scanning and virus database of course provided as expected, but 30 day trial is advertised as being full featured. And here comes the really suspicious forensic UX issue.

Right at the UI functionality.

Smoking gun feature UI failure.

 

Malicious app scanning defense in depth feature is an option but can not be enabled? This is supposed to look for key loggers etc.  So Detect potentially unsafe applications is disabled at both Smart and in depth level.

Clearly this is a binary point of using the app, to establish a clean status, since unlike a computer, the files are not immediately accessible on a Smart TV, but being Android one assumes it can be rooted. 

Selecting  the “in depth scan” increases the scan depth to 984 files. Without knowing exactly how many files are normally on Android OS plus Apps? Are we checking for root kits. Well no, so is some malware disabling ESET?  What examples are there, or is this typical user error based on first impressions.  

The first scan only does one file!  And finishes. 

Engaging the button again scans more files. Same GUI action different result. 

The subject of interest is a Sony 4K XBR

Version is 7 running on Android

Feb 1 2019 Android security patch level

kernel version 3.10.79  from root@buildhost79 #1 Fri Mar 8 22:14 JST (Sony Bravia) Build SVP4KDTV15_UC-user 7.0 NRD91N.S34 5.433 release-keys which should be verifiable somehow in terms of the underlying Android image if that has been potentially mangled in a supply chain update attack?

Not sure how, but ASUS had a problem with their update servers?