Cheap tv-devices

unmesh · 8 October 2023 15:35

Wired Magazine has an article on backdoored Android TV boxes.

Does CE rely on running any of the Android code that comes with the boxes?

Vasco · 8 October 2023 19:49

Do you see any of the devices officially supported by CoreELEC in that (recycled) article?

unmesh · 8 October 2023 22:03

No, nor do I see the three unsupported Android boxes that I’ve purchased over time that are happily running CE.

It just got me wondering whether CE relies on some of the Android code in its operation.

Thanks

copyer · 9 October 2023 05:00

CE is Linux based, so can not mixed with android, i think…

jkbee26 · 15 November 2023 00:55

In the Wired article, they report 200 backdoored Android devices (at the factory or before arriving at users’ homes). And that would mainly concern tv boxes.

It’s huge, it’s a lot of models, it’s strange that no one has seen anything before.

Kill_Bill · 15 November 2023 14:29

200 backdoored devices is not much, when you realize, they make millions of them, every year.
But as Edward Snowden reported, secret service agents always install backdoors on devices shipped to suspicious (that means almost all) customers.

jkbee26 · 17 November 2023 23:43

The article talks about 200 device models not 200 devices. On the contrary, it is a number that seems enormous.

Vasco · 17 November 2023 23:53

This is going on for months. I can’t see anything new on the reports.

Ittizi · 5 December 2023 16:12

After reading this I gave my old S905X the once over , it is pretty obvious really I’m surprised I didn’t notice it before.

clarkss12 · 5 December 2023 16:41

Awesome!!

scjet · 7 December 2023 11:02

Hey all,
I’m not sure If I should post this youtube link but it’s title is “STOP Buying ANDROID TV Boxes”, on the Linus Tech Tips channel. (let me know and I’ll post that youtube url if I’m allowed).

Anyway, they pointed out some very interesting and scary finds regarding many of these cheapo Android TV Boxes, and their potential security risks from their custom rooted Android OS/firmware, especially regarding AllWinner, …, whereas Amlogic seems to be a safer bet.

(In hindsight, this is why an Odroid-C4 is still one of best/cheap, clean, and secure devices for running CoreELEC/Kodi).

Nevertheless, my question here is two-part so please bear with me, but:

1./ If I install CoreELEC on my SDcard and then boot my TV box from it am I secure enough since, obviously, I’m running in a Linux distro now and therefore I don’t have to worry about any Google-Apps, …, and (email)login insecurities, …?

2./ They also talk about potential security, malware, backdoor vulnerabilities in Android TV Box “firmware” “ROM”- but is this firmware that they’re talking about akin to a desktop/laptop uefi/bios firmware per say?
Meaning, there must be some Android firmware switching responsible for boot strapping CoreELEC up, and if so, is there anything to worry about that embedded “firmware”.? -or, did I misunderstand what they meant about Android TV box “firmware” / “ROM”.?

Update:
thanks to mods for moving my original post over to this “Cheap tv-devices” thread.

scjet · 7 December 2023 14:21

this too, is a reasonable ask.

Portisch · 7 December 2023 15:29

CoreELEC is open source, please feel free to answer your question by yourself:

Ittizi · 9 December 2023 11:36

I’ve always thought CoreElec was very safe I guess there is some code to get it booted up but I’m sure that isn’t a problem. I never used android on my cheap S905X box above anyway, I bought it solely for CE to play local files. It had to have a homemade cooling fan but it worked faultlessly for a few years before I upgraded.