<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head><body text="#000000" bgcolor="#FFFFFF">Is there a way to update
the firmware on a Smart TV <span style="font-style: italic;">other than</span>
by downloading it across the Internet (I'm less worried about WiFi /
wired network distinctions)? I don't even know if my Sony TV <span
style="font-style: italic;">has</span> a USB port, or whether Sony even
mails out off-line updates.<br>
<br>
It strikes me that Stan may have somehow installed a "hacked" version of
the Prime Video app.<br>
<br>
My TV has been urging me to allow it to update its firmware for several
weeks. I don't know what's the bigger risk: NOT updating firmware that
might fix existing security flaws, or installing new firmware (or apps,
from Google Play) that might have been hacked. On balance, I think
allowing the firmware update is the better choice.<br>
<br>
Ken Pogran<br>
<br>
<br>
<span>Robert Primak wrote on 10/17/22 4:32 PM:</span><br>
<blockquote type="cite"
cite="mid:1238364421.2387032.1666038754511@mail.yahoo.com">
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<div class="ydpf3010648yahoo-style-wrap" style="font-family:Helvetica
Neue, Helvetica, Arial, sans-serif;font-size:13px;">
<div dir="ltr" data-setdir="false">Stan -- </div><div dir="ltr"
data-setdir="false"><br></div><div dir="ltr" data-setdir="false">I
assume all your devices, especially that Smart TV, have their own
internal security, receive signed firmware updates only, and do not do
WiFi "over the air" updates. And that all devices are using WPA2 or WPA3
encryption. I also assume that WPS (WiFi Protected Setup, which can
bypass your network security and has known malicious exploits) is turned
off in your router and on all connected devices.</div><div dir="ltr"
data-setdir="false"><br></div><div dir="ltr" data-setdir="false">If any
of these conditions was not met, you may have your answer right there. </div><div
dir="ltr" data-setdir="false"><br></div><div dir="ltr"
data-setdir="false">Otherwise, somewhere, somehow you may have clicked
on something else which was not genuine, or downloaded and installed a
malicious app into the smart TV. Without auditing your Smart TV and your
network in person,we can't offer anything more definite or more
specific. </div><div dir="ltr" data-setdir="false"><br></div><div
dir="ltr" data-setdir="false">Hiding the network SSID no longer works
for providing extra security. Hackers know how to unhide hidden networks
these days. </div><div dir="ltr" data-setdir="false"><br></div><div
dir="ltr" data-setdir="false">There are security appliances you can buy
for $$$ but these really are leveraging the same security measures we
can apply for ourselves. We can limit the number of open ports in our
routers and modems, but this is a bit more tedious and technical than
many of us want to do for ourselves. Some home network security suites
include port stealthing. Most of these apps cost subscription money. </div><div
dir="ltr" data-setdir="false"><br></div><div dir="ltr"
data-setdir="false">-- Bob Primak </div><div dir="ltr"
data-setdir="false"><br></div><div><br></div>
</div>
<div id="yahoo_quoted_6057383425" class="yahoo_quoted">
<div style="font-family:'Helvetica Neue', Helvetica, Arial,
sans-serif;font-size:13px;color:#26282a;">
<div>
On Monday, October 17, 2022 at 12:05:20 PM EDT, Stan
Rose <a class="moz-txt-link-rfc2396E" href="mailto:stan_rose@alum.mit.edu"><stan_rose@alum.mit.edu></a> wrote:
</div>
<div><br></div>
<div><br></div>
<div><div id="yiv2077652845"><div><div>I am usually
extremely careful in recognizing and avoiding scams but was caught by
one last month, and not by an email, text message or web pop up.</div><div><br
clear="none"></div><div>We were about to watch a movie on Amazon Prime
via the Prime Video app on our Sony Smart TV. When we started the app, a
very real looking message came up on the TV that we needed to renew our
Prime subscription. It gave an 800 number to call to expedite renewal.
When I called that number, the person offered a 2 year discount for $190
instead of the usual $119 per year.</div><div><br clear="none"></div><div>After
giving him the card info, the TV went through the normal process of
asking me to enter it's displayed code into my phone's prime video app.
That all looked normal.</div><div><br clear="none"></div><div>After
that, I checked if my Prime subscription was extended the promised 2
years and saw it wasn't. It was only then that I rememberd I had renewed
my subscription in April so it had not expired. I called Chase and they
reversed the charge and have subsequently been told they made the
refund permanent.</div><div><br clear="none"></div><div>I guess I was
sucked in by believing this couldn't happen on the TV but now I know it
can. I don't know how they did it, but they did. I thought I had done
everything to protect my network, such as changing the WiFi SSID and
password and even changing the normal 192.168.1.1 address to something
else. I've changed the password on all Iot devices.</div><div><br
clear="none"></div><div>Anyone know how they pulled that off?</div><div><br
clear="none"></div><div>Stan</div><div><br clear="none"><div
class="yiv2077652845gmail_quote"><div id="yiv2077652845yqt89384"
class="yiv2077652845yqt5312766750"><div dir="ltr"
class="yiv2077652845gmail_attr">On Mon, Oct 17, 2022 at 12:51 AM Robert
Primak <<a rel="nofollow noopener noreferrer" shape="rect"
ymailto="mailto:bobprimak@yahoo.com" target="_blank"
href="mailto:bobprimak@yahoo.com" moz-do-not-send="true">bobprimak@yahoo.com</a>>
wrote:<br clear="none"></div><blockquote style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-style:solid;padding-left:1ex;border-left-color:rgb(204,204,204);"
class="yiv2077652845gmail_quote"><div><div
style="font-family:Helvetica, Arial, sans-serif;font-size:13px;">
<div dir="ltr" style="font-family:Helvetica, Arial, sans-serif;">There
are also scams very similar to this one revolving around hurricane
relief from Ian. There was one billionnaire who did pledge direct relief
to homeowners affected by Ian, but I think that was Elon Musk, andf it
was not in the form of free Internet, though he also is offering that
for a few areas of SW FL. </div><div dir="ltr"
style="font-family:Helvetica, Arial, sans-serif;"><br clear="none"></div><div
dir="ltr" style="font-family:Helvetica, Arial, sans-serif;">You have to
be very careful about everything these days. None of these charitable
foundatiuons will use email as their first method of contact, out of the
blue. Nor a phone call, especially to a cell phone. If it looks too
good to be ture, check with the original source. Use an independent
direct link or contact method. And don't be in a rush -- there is never
so much time pressure that you can't use some well-known method to
verify an offer. Or a threat. </div><div dir="ltr"
style="font-family:Helvetica, Arial, sans-serif;"><br clear="none"></div><div
dir="ltr" style="font-family:Helvetica, Arial, sans-serif;">That said, I
have had to deal with a couple of truly insider scams in recent years.
Some of these problems originated with actual fraudulent accounts opened
with my personal information, probably obtained through data leaks from
places I should have been able to trust, like in one instance, a
medical billing service. Yeah sure, they apologized, paid and offered
credit monitoring -- but the damages were already done. </div><div
dir="ltr" style="font-family:Helvetica, Arial, sans-serif;"><br
clear="none"></div><div dir="ltr" style="font-family:Helvetica, Arial,
sans-serif;">Be safe out there! </div><div dir="ltr"
style="font-family:Helvetica, Arial, sans-serif;"><br clear="none"></div><div
dir="ltr" style="font-family:Helvetica, Arial, sans-serif;">-- Bob
Primak </div><div dir="ltr" style="font-family:Helvetica, Arial,
sans-serif;"><br clear="none"></div><div dir="ltr"
style="font-family:Helvetica, Arial, sans-serif;"><br clear="none"></div><div
style="font-family:Helvetica, Arial, sans-serif;"><br clear="none"></div>
</div><div
id="yiv2077652845m_3216857231903204993yahoo_quoted_6117285019">
<div style="font-family:Helvetica, Arial,
sans-serif;font-size:13px;color:rgb(38,40,42);">
<div style="font-family:Helvetica, Arial, sans-serif;">
On Sunday, October 16, 2022 at 10:09:14 PM EDT,
<<a rel="nofollow noopener noreferrer" shape="rect"
ymailto="mailto:carllazarus@comcast.net" target="_blank"
href="mailto:carllazarus@comcast.net" style="font-family:Helvetica,
Arial, sans-serif;" moz-do-not-send="true">carllazarus@comcast.net</a>>
wrote:
</div>
<div style="font-family:Helvetica, Arial, sans-serif;"><br
clear="none"></div>
<div style="font-family:Helvetica, Arial, sans-serif;"><br
clear="none"></div>
<div style="font-family:Helvetica, Arial, sans-serif;"><div
id="yiv2077652845m_3216857231903204993yiv7713810109"
style="font-family:Helvetica, Arial, sans-serif;"><div
style="font-family:Helvetica, Arial, sans-serif;"><div
style="font-family:Helvetica, Arial, sans-serif;"><p
style="font-family:Helvetica, Arial, sans-serif;">Here is a new scam. I
received an email that says I am pre-qualified for the Scott Mackenzie
Foundation relief fund, and there is an email address I am to contact
for more details. I think they meant Mackenzie Scott, ex-wife of Jeff
Bezos, but you can’t get everything right. Her foundation is giving
grants to many causes, but I doubt they are getting ready to give me
money.</p><p style="font-family:Helvetica, Arial, sans-serif;"> </p><p
style="font-family:Helvetica, Arial, sans-serif;">-- Carl</p><p
style="font-family:Helvetica, Arial, sans-serif;"> </p><p
style="font-family:Helvetica, Arial, sans-serif;">Carl Lazarus</p><p
style="font-family:Helvetica, Arial, sans-serif;">H: 617-964-7241</p><p
style="font-family:Helvetica, Arial, sans-serif;"><a rel="nofollow
noopener noreferrer" shape="rect"
ymailto="mailto:carllazarus@comcast.net" target="_blank"
href="mailto:carllazarus@comcast.net" style="font-family:Helvetica,
Arial, sans-serif;" moz-do-not-send="true">carllazarus@comcast.net</a></p><p
style="font-family:Helvetica, Arial, sans-serif;"> </p></div></div></div>===============================================<br
clear="none">::The Lexington Computer and Technology Group Mailing
List::<br clear="none">Reply goes to sender only; Reply All to send to
list.<br clear="none">Send to the list: <a rel="nofollow noopener
noreferrer" shape="rect" ymailto="mailto:LCTG@lists.toku.us"
target="_blank" href="mailto:LCTG@lists.toku.us"
style="font-family:Helvetica, Arial, sans-serif;" moz-do-not-send="true">LCTG@lists.toku.us</a>
Message archives: <a rel="nofollow noopener noreferrer"
shape="rect" target="_blank"
href="http://lists.toku.us/pipermail/lctg-toku.us/"
style="font-family:Helvetica, Arial, sans-serif;" moz-do-not-send="true">http://lists.toku.us/pipermail/lctg-toku.us/</a><br
clear="none">To subscribe: email <a rel="nofollow noopener noreferrer"
shape="rect" ymailto="mailto:lctg-subscribe@toku.us" target="_blank"
href="mailto:lctg-subscribe@toku.us" style="font-family:Helvetica,
Arial, sans-serif;" moz-do-not-send="true">lctg-subscribe@toku.us</a>
To unsubscribe: email <a rel="nofollow noopener noreferrer" shape="rect"
ymailto="mailto:lctg-unsubscribe@toku.us" target="_blank"
href="mailto:lctg-unsubscribe@toku.us" style="font-family:Helvetica,
Arial, sans-serif;" moz-do-not-send="true">lctg-unsubscribe@toku.us</a><br
clear="none">Future and Past meeting information: <a rel="nofollow
noopener noreferrer" shape="rect" target="_blank"
href="http://LCTG.toku.us" style="font-family:Helvetica, Arial,
sans-serif;" moz-do-not-send="true">http://LCTG.toku.us</a><br
clear="none">List information: <a rel="nofollow noopener noreferrer"
shape="rect" target="_blank"
href="http://lists.toku.us/listinfo.cgi/lctg-toku.us"
style="font-family:Helvetica, Arial, sans-serif;" moz-do-not-send="true">http://lists.toku.us/listinfo.cgi/lctg-toku.us</a><br
clear="none">This message was sent to <a rel="nofollow noopener
noreferrer" shape="rect" ymailto="mailto:bobprimak@yahoo.com."
target="_blank" href="mailto:bobprimak@yahoo.com."
style="font-family:Helvetica, Arial, sans-serif;" moz-do-not-send="true">bobprimak@yahoo.com.</a><br
clear="none">Set your list options: <a rel="nofollow noopener
noreferrer" shape="rect" target="_blank"
href="http://lists.toku.us/options.cgi/lctg-toku.us/bobprimak@yahoo.com"
style="font-family:Helvetica, Arial, sans-serif;"
moz-do-not-send="true">http://lists.toku.us/options.cgi/lctg-toku.us/bobprimak@yahoo.com</a><br
clear="none"></div>
</div>
</div></div>===============================================<br
clear="none">
::The Lexington Computer and Technology Group Mailing List::<br
clear="none">
Reply goes to sender only; Reply All to send to list.<br clear="none">
Send to the list: <a rel="nofollow noopener noreferrer" shape="rect"
ymailto="mailto:LCTG@lists.toku.us" target="_blank"
href="mailto:LCTG@lists.toku.us" moz-do-not-send="true">LCTG@lists.toku.us</a>
Message archives: <a rel="nofollow noopener noreferrer"
shape="rect" target="_blank"
href="http://lists.toku.us/pipermail/lctg-toku.us/"
moz-do-not-send="true">http://lists.toku.us/pipermail/lctg-toku.us/</a><br
clear="none">
To subscribe: email <a rel="nofollow noopener noreferrer" shape="rect"
ymailto="mailto:lctg-subscribe@toku.us" target="_blank"
href="mailto:lctg-subscribe@toku.us" moz-do-not-send="true">lctg-subscribe@toku.us</a>
To unsubscribe: email <a rel="nofollow noopener noreferrer"
shape="rect" ymailto="mailto:lctg-unsubscribe@toku.us" target="_blank"
href="mailto:lctg-unsubscribe@toku.us" moz-do-not-send="true">lctg-unsubscribe@toku.us</a><br
clear="none">
Future and Past meeting information: <a rel="nofollow noopener
noreferrer" shape="rect" target="_blank" href="http://LCTG.toku.us"
moz-do-not-send="true">http://LCTG.toku.us</a><br clear="none">
List information: <a rel="nofollow noopener noreferrer" shape="rect"
target="_blank" href="http://lists.toku.us/listinfo.cgi/lctg-toku.us"
moz-do-not-send="true">http://lists.toku.us/listinfo.cgi/lctg-toku.us</a><br
clear="none">
This message was sent to <a rel="nofollow noopener noreferrer"
shape="rect" ymailto="mailto:rosesta@gmail.com" target="_blank"
href="mailto:rosesta@gmail.com" moz-do-not-send="true">rosesta@gmail.com</a>.<br
clear="none">
Set your list options: <a rel="nofollow noopener noreferrer"
shape="rect" target="_blank"
href="http://lists.toku.us/options.cgi/lctg-toku.us/rosesta@gmail.com"
moz-do-not-send="true">http://lists.toku.us/options.cgi/lctg-toku.us/rosesta@gmail.com</a><br
clear="none"></blockquote></div></div></div>-- <br clear="none"><div
dir="ltr" class="yiv2077652845gmail_signature">Stan Rose<br clear="none"><br
clear="none"><a rel="nofollow noopener noreferrer" shape="rect"
ymailto="mailto:stan_rose@alum.mit.edu" target="_blank"
href="mailto:stan_rose@alum.mit.edu" moz-do-not-send="true">stan_rose@alum.mit.edu</a></div>
</div></div></div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">===============================================
::The Lexington Computer and Technology Group Mailing List::
Reply goes to sender only; Reply All to send to list.
Send to the list: <a class="moz-txt-link-abbreviated" href="mailto:LCTG@lists.toku.us">LCTG@lists.toku.us</a> Message archives: <a class="moz-txt-link-freetext" href="http://lists.toku.us/pipermail/lctg-toku.us/">http://lists.toku.us/pipermail/lctg-toku.us/</a>
To subscribe: email <a class="moz-txt-link-abbreviated" href="mailto:lctg-subscribe@toku.us">lctg-subscribe@toku.us</a> To unsubscribe: email <a class="moz-txt-link-abbreviated" href="mailto:lctg-unsubscribe@toku.us">lctg-unsubscribe@toku.us</a>
Future and Past meeting information: <a class="moz-txt-link-freetext" href="http://LCTG.toku.us">http://LCTG.toku.us</a>
List information: <a class="moz-txt-link-freetext" href="http://lists.toku.us/listinfo.cgi/lctg-toku.us">http://lists.toku.us/listinfo.cgi/lctg-toku.us</a>
This message was sent to <a class="moz-txt-link-abbreviated" href="mailto:pogran@alum.mit.edu">pogran@alum.mit.edu</a>.
Set your list options: <a class="moz-txt-link-freetext" href="http://lists.toku.us/options.cgi/lctg-toku.us/pogran@alum.mit.edu">http://lists.toku.us/options.cgi/lctg-toku.us/pogran@alum.mit.edu</a>
</pre>
</blockquote>
<br>
</body></html>