might push this to one of the security forums I'm part of. Its an interesting story 🙂 We are always told to keep devices up to date. But its not the first time that a u[date server has been compermised
Dear Forum members and fellow Virgin Telly Tablet owners.
I understand from reading this thread that many of you are concerned by the erratic behaviour being exhibited by your Virgin Telly Tablet with cases starting up to a few weeks ago.
There are mixed conceptions about what appears to be going on with these tablets and everyone seems to be blaming their device and rendering them useless.
To summarise my understanding of the issue is that the tablets are preloaded with a System update app built into the operating system that was customised by the Manufacturer (Virgin or whomever built the tablet on behalf of Virgin) that system update app is going online and checking for updates/patches for these tablets every time the tablet is connected to the internet. This feature was designed for the best of intentions to keep your devices up to date.
BUT it appears a few weeks ago a company called Gigaset has had their update servers hacked/compromised and their servers are PUSHING dodgy/malware-based updates to many owners of Gigaset devices, but not just Gigaset any other device that was either jointly built by them but also tablets that are being hosted for updates on the same server (I feel the latter is the case)
These viruses are piece of cake to uninstall, it’s not actually hard to uninstall the app and there are people talking about flashing / reloading the entire operating system onto the tablet. We've tried this approach and it won't solve anything. Because unless you're using 3rd party software/recovery, the original vanilla Virgin android software will have the same system update app built in.
When the tablet is factory data reset and rebooted WITHOUT internet access, the virus is deleted and gone and there are no more pop ups. This means the tablet recovery/reset feature is enough to get rid of this virus. By attempting to look for 3rd party operating system recovery images or hacks you could risk bricking / damaging your device. The sheer fact that the tablet operates perfectly fine after a factory reset without an internet connection assures us that the virus DOES get deleted when the tablet is reset. The issue currently is that when you connect the tablet back online for the first time after a reset, the tablets background system update app is connecting to a compromised/hacked update server and pulling a load of s**t back onto your tablet.
I personally feel of my technical assessment that this issue will continue till Gigaset (or their 3rd party update provider) has cleansed their update servers of the virus/malware apps being pushed to our tablets.
I've tried several tablets after factory reset and they work in offline mode perfectly fine, its only when we put the internet connection back on (i.e. give the tablet system update app access back to the internet, is that when the unwanted malware is redownloaded to the tablet) This I feel is creating confusion as there is people who have posted thinking that the virus isn't deleting when you reset the tablet, it is deleting, you just don't realise by putting the tablet back on the internet you're reloading the same crap back onto it.
Now you understand what is happening there is only in my personal opinion a few paths moving forward, we wait for the severs to get fixed and then reset our tablets once more and then use as normal, but if we cannot live without the tablet then reset the tablets, set them up without WIFI internet to start with, then use developer mode to disable updates, and also use ADB commands to uninstall the system update package. Then once the tablet is connected online after this the tablet should run fine without any virus reinstalling, but note when you factory reset your tablet again these settings/adjustments will be undone and you'll be open to viruses redownloading to the tablet if the server issue has not been fixed.
As of 20th April 2021 the tablets are still downloading crap from the system update servers so the issue on the update service providers end is not sorted.
The other issue is that there is so many companies involved in the supply chain and not just Virgin Media and the updates are clearly not being hosted by Virgin or anyone in the UK so getting this issue resolved will take patience.
My best advice is to not use the tablet on the internet whilst this issue is happening, I know that defeats the purpose of the product, but for the interim weeks ahead till the update servers are cleaned I think it’s safe to use these products in offline usage only and only put them online after the reset and taking the steps to disable and uninstall the system update app using ADB if you're tech savvy enough to do that.
I just wanted to put together a post that would give a better understanding of what was going on as a lot of telly tablet owners seem to be really concerned that this issue will require the tablet to be receive new software from Virgin, at the present moment I disagree, I feel the tablet just needs to stop being fed fake new software in the form of malware from the update service providers.
We're still conducting our investigation, and we've been asked to capture some information to help our security teams in the work they're doing. If you've been affected, would you please mind posting with answers to the following information?
How did you update the Telly Tablet, was it via Settings > System Updates, or was it prompted by a pop-up?
Can you confirm if the update you downloaded was a system update or an update within a specific app?
Can you confirm the build version of your device please?
Our teams are monitoring the forum thread, so as soon as we get this information it will be factored into the investigate.
I completely understand the concern being expressed, please rest assured we're doing all we can to address this update. The information provided will help us get to a resolution.
P.S. This is being marked as a Helpful Answer to ensure everybody sees the information we're asking for, we aren't considering this issue resolved.
For anyone who has read my post and is interested in the steps I would take to TEMPORARILY fix this (this is just a quick highlight and happy to help anyone who requires more detailed steps)
1. Full factory data reset the tablet but do not connect the tablet to your internet network after the reset 2. Go to "settings" in your android app menu, then "about tablet" click "build number" 7 times 3. go back into the menu and select "developer options" and turn them ON from the top of the menu, scroll down and disable/turn off "AUTOMATIC SYSTEM UPDATES" and enable "USB debugging" 4. in Developer settings click "running services" find "system updates" and disable the services running for system update, there might be more than 1 entry. 5. I would then proceed a step further and uninstall the system update app all together - but this requires a install of ADB android toolkit on your desktop computer and some tech savvy to send the following command through the ADB interface to uninstall the system update app all together, the command is:
***After some further testing this afternoon 5th step is most essential to disabling this software from reinstalling to the tablet.*** For most this may be quite complicated but I've attached a general YouTube guide on how ADB works and how to set it up (credits to the author of the content)
Please note and remember that if you factory reset your tablet all the above changes will be undone but these are relatively safe steps to get your tablet working for the interim but it will involve and start with a full factory data reset which means you'll lose your data, apps and saved files.
Once the above is all done you can then connect the tablet to the WIFI/internet and enjoy it and I've so far not seen the malware reinstall.