infected Family member wants to buy an Android Box (pretty sure it's infected) for movies, I need help for some informations

[Fracteller]

Hi everyone, I hope y'all fine.

Here's the situation: A family member wants to buy one Android box for some movies and series, the problem is that we live in the same house, I work from home so i'm scared that by giving this android box access to our Internet it could lead to problems. This family members really wants this box. 

I decided to buy a year subscription for a 4G network (yearly) to seperate my Personal and Workstation from the main internet soruce (going to buy it tomorrow).

My questions: 

What happens when you connect the android box to a network? Does these boxes have full access on the computers, phones, everything connected to the infected network? 
Will my new Internet 4G network be safe if I don't connect that android box on it? Is there a risk?
Is there something that I should do before installing that android box? Something to change/update/wipe? I'm really concerned.


Thanks

[RONOTHAN##]

3 minutes ago, Fracteller said:

Does these boxes have full access on the computers, phones, everything connected to the infected network? 

Depends on how you have their firewalls setup, but they can see the machines, yes. 

 

What you could do though is setup VLANs or something along those lines to effectively isolate that box from everything else, having it so it still can see the internet but can't see anything else on your network. This will require your router/switch support that, though most off-the-shelf and ISP provided routers I'm aware of support guest networks or IoT specific networks designed for this sort of thing which are effectively this exact technology. 

[manikyath]

the idea that buying a somewhat reputable android TV box will infiltrate your network and puke virusses everywhere is exaggerated to extremes.

 

some of them are caked with shady software, but if you buy something that is *not a no-name piece of garbage from ebay* the worst that can happen is probably some hilareously insecure software having access to whatever you log into on the android box.

[Fracteller]

1 minute ago, manikyath said:

the idea that buying a somewhat reputable android TV box will infiltrate your network and puke virusses everywhere is exaggerated to extremes.

 

some of them are caked with shady software, but if you buy something that is *not a no-name piece of garbage from ebay* the worst that can happen is probably some hilareously insecure software having access to whatever you log into on the android box.

LTT's video surely made my paranoid about them. That family member is surely going to buy a no-name piece of garbage as you say, he can't pay for all streaming services. If it's only restricted to what happens in the android box I really dont care, but if there's a risk of infecting my family member's PCs and Phones, would be cool to know at least what's happening and how to protect them.

 

10 minutes ago, RONOTHAN## said:

Depends on how you have their firewalls setup, but they can see the machines, yes. 

 

What you could do though is setup VLANs or something along those lines to effectively isolate that box from everything else, having it so it still can see the internet but can't see anything else on your network. This will require your router/switch support that, though most off-the-shelf and ISP provided routers I'm aware of support guest networks or IoT specific networks designed for this sort of thing which are effectively this exact technology. 

If they can see me but can't access my pcs and workstations with the new 4G network i'm going to get i'm totally fine, i don't care.

Can an Android Box access my 4G network (in some way)?

[Fracteller]

@manikyath sorry I marekd the response as a Solution, misclic. 

[manikyath]

1 minute ago, Fracteller said:

LTT's video surely made my paranoid about them. That family member is surely going to buy a no-name piece of garbage as you say, he can't pay for all streaming services. If it's only restricted to what happens in the android box I really dont care, but if there's a risk of infecting my family member's PCs and Phones, would be cool to know at least what's happening and how to protect them.

the chance of these devices containing malware that is capable of penetrating other devices on a network is essentially zero. that is really high profile stuff, and this family member using a computer is probably at least equally dangerous. if you're scared of them bringing a shady android TV box into your network, you should be scared of what they're doing on their computer just the same.

 

so.. if you insist, you can segment your network in some way (either physical or with VLANs), but this android TV box should not be your reason to do so.

[Sauron]

43 minutes ago, Fracteller said:

What happens when you connect the android box to a network? Does these boxes have full access on the computers, phones, everything connected to the infected network? 

They have the same access as other devices on your network. Meaning none, unless they have credentials. Is there a reason you refer to them as "infected" as though they were guaranteed to come with a ransomware or something?

46 minutes ago, Fracteller said:

Will my new Internet 4G network be safe if I don't connect that android box on it? Is there a risk?

A risk of what exactly? If it's a completely separate network then there can be no cross access.

 

My primary concern with these boxes would have nothing to do with other devices on the network but rather with the box itself; if it's a really shady unbranded box that comes from who knows where there's a decent chance it's collecting (and selling) at least some usage data. Not that reputable companies don't also collect and sell your data... but at least you know who you're giving it to, and most of them are held to data protection compliance which means they have to delete your information if you ask them directly.

 

Also if this is a pirate box you, or your family member, or more likely whoever paid for either the box or the internet connection, could incur in whatever legal sanctions are in place in your country...

[Alex Atkin UK]

21 minutes ago, Sauron said:

Is there a reason you refer to them as "infected" as though they were guaranteed to come with a ransomware or something?

You also have to consider that whatever shady services these boxes are connected to could get you reported to your ISP for piracy.

 

It varies by country, but they can absolutely in some cases get your Internet connection cut-off if you repeatedly get flagged.  In theory you could even get taken to court, its rare but the movie industry do occasionally target people as a deterrent.

 

Its also possible your ISP will simply block access to the services these boxes use.

[Fracteller]

17 minutes ago, Sauron said:

come with a ransomware or something

Yep, these kind of worries. Also data privacy

 

43 minutes ago, manikyath said:

you should be scared of what they're doing on their computer just the same

?
The family member doesn't have a PC and will just be using that android box to watch movies on a TV. He's pretty old, not good with electronics.


So basically, since i'm going to have my own 4g network anyway, I will just warn him to be careful (like not to clic on ads, if there's any). His friend will bring this android box to install it

[Sauron]

15 minutes ago, Alex Atkin UK said:

 

Do note that even if the box itself has malware it doesn't mean it's able to do anything dangerous to your other devices. Although I will admit I didn't know this was a common issue.

13 minutes ago, Fracteller said:

Yep, these kind of worries. Also data privacy

well again, it would be mainly the data on the box that would be exposed, not data from your other devices.

 

although, if you want to be extra sure you could just create a guest network and connect the offending box to that rather than your "normal" network, after all I assume the box only requires access to the internet in this case.

[Fracteller]

Thank you all for your advices and informations. I will mark this post as resolved. 

Goodnight

[Alex Atkin UK]

21 minutes ago, Sauron said:

Do note that even if the box itself has malware it doesn't mean it's able to do anything dangerous to your other devices. Although I will admit I didn't know this was a common issue.

well again, it would be mainly the data on the box that would be exposed, not data from your other devices.

 

although, if you want to be extra sure you could just create a guest network and connect the offending box to that rather than your "normal" network, after all I assume the box only requires access to the internet in this case.

Its likely not your network that is the main worry (though if your router has a poor password or known exploit it can be), its that these boxes can become part of a botnet.  The malware can sit idle indefinitely until its activated.

[djksm]

2 hours ago, Fracteller said:

Yep, these kind of worries. Also data privacy

 

?
The family member doesn't have a PC and will just be using that android box to watch movies on a TV. He's pretty old, not good with electronics.


So basically, since i'm going to have my own 4g network anyway, I will just warn him to be careful (like not to clic on ads, if there's any). His friend will bring this android box to install it

hmmm friend you say... or mayb- aaa

[Sauron]

11 hours ago, Alex Atkin UK said:

Its likely not your network that is the main worry (though if your router has a poor password or known exploit it can be), its that these boxes can become part of a botnet.  The malware can sit idle indefinitely until its activated.

Sure, but then the issue becomes having the device at all (which in this case is apparently non negotiable) and not really what other devices might be sharing the network it's connected to.

 

By the way @Fracteller since you're clearly willing to pay some money to avoid problems it might be "diplomatically" advantageous to offer to pay the difference for a reputable brand box

[Alex Atkin UK]

1 hour ago, Sauron said:

Sure, but then the issue becomes having the device at all (which in this case is apparently non negotiable) and not really what other devices might be sharing the network it's connected to.

 

By the way @Fracteller since you're clearly willing to pay some money to avoid problems it might be "diplomatically" advantageous to offer to pay the difference for a reputable brand box

Absolutely negotiable IMO, no putting devices on the network that can cause you legal problems!

[Fracteller]

@Sauron @Alex Atkin UK Thank you for the responses!

I would love to pay all the different subsriptions for him too but I didn't even do it for myself, it is getting too expensive, i'm not financially stable right now. It is cheaper for me to get a new network. 

About the legal problems: We live in a country where there's no legal problems that could happen, and in my country, we're kinda forced to use pirated content since we cannot pay services/objects with our currency ($ or euros, or anything else), ours isn't recognised as one, our country is that poor. Please it is a very long and complicated story so let's not dive in this. I am legally be able to pay for the different subscriptions but I really can't now, and since he legally can't, we're in this situation. 

I have two more questions please, thank your time again:

-What kind of reputable brand box are you talking about? Like those normal Android TV thingies? 
-If one day i'm financially stable and I can buy all the different subsriptions + a reputable brand box, what should I do to "clean" that network? Just change the passwords? 

Thanks

[ewitte]

I still like the Nvidia Shield if I wanted an Android box, but I've just been using Roku, they do pretty much what I need.

[Sauron]

21 hours ago, Fracteller said:

-What kind of reputable brand box are you talking about? Like those normal Android TV thingies? 

Certainly something from roku, nvidia, xiaomi or really anyone else you have head of before would be a better option than random nonamers.

21 hours ago, Fracteller said:

-If one day i'm financially stable and I can buy all the different subsriptions + a reputable brand box, what should I do to "clean" that network? Just change the passwords? 

If there is malware on the device and it is capable of attacking and infecting other devices on the network (not necessarily a given) then you'd have to format those devices. Although again my impression is that at worst you might have your box participate in a botnet, which should not affect your other devices.

 

As I mentioned, creating a guest network is free and sufficient to fully separate the box from your other devices.

[Needfuldoer]

Does the Android TV box need to be connected to the network at all? Are they playing local files off a flash drive, or are they using streaming services of some kind?

 

What other kinds of hardware can you get your hands on? Is a Roku an option?

[Fracteller]

47 minutes ago, Needfuldoer said:

Does the Android TV box need to be connected to the network at all? Are they playing local files off a flash drive, or are they using streaming services of some kind?

Yes, he will just use the streaming services (not a legal one, it's called Streamio I think) 

 

49 minutes ago, Needfuldoer said:

What other kinds of hardware can you get your hands on? Is a Roku an option?

Sadly It is unavailable where I am.

 

1 hour ago, Sauron said:

Certainly something from roku, nvidia, xiaomi

I think there's the Xiaomi box where I live.

 

1 hour ago, Sauron said:

 

As I mentioned, creating a guest network is free and sufficient to fully separate the box from your other devices.

Yes, I will defenately try this, I hope it's not complicated. 

Thank you again for your suggestions and informations!

[Agret]

Hi Fracteller I have a very simple suggestion for you.

 

Login to your router using a web browser which is normally accessed at http://192.168.0.1 or http://192.168.1.1 - the username and password will either be admin/admin or admin/password on most routers, if that doesn't work look on the router itself there should be a sticker with the web address and login details.

 

Go into the wi-fi settings. On 95% of routers there is a setting to enable a second guest wireless network, tick the box to enable guest network and you can give it a separate network name and password to your normal wifi network, there should also be a box to 'isolate devices' or 'host separation' or something similar for the guest network, tick to enable this. This makes it so that when devices are connected to the guest network they can't see any other devices on your network and totally seperates them out. You setup the Android box on that guest network instead of your main one and you should have no problems since it can't even see your other devices.

 

You can test the guest network on your phone by downloading the app Fing and performing a network scan, you'll notice when you scan on your main wifi you see all devices but when you scan on the guest wifi the only device that should showup is your phone and the router.