• Welcome to DOSBODS

    Please consider creating a free account to be able to access all the features of the DOSBODS community. It only takes 20 seconds!

DTMark

Help! Possible DNS hijack

Recommended Posts

Mystified as to what's going on here.

Panasonic Viera TV, about 6 years old
Samsung Galaxy S8, about a week old

We were watching YouTube through the TV app last night. Worked fine.

Tried this morning. App closes itself after 10 seconds or so. May be relevant that a new section in the interface has appeared called "jump back in" which I've not seen before.

Tried BBC iPlayer. That also closes after 10 seconds.

Try a search on my phone. Click a promising link - I think, which.co.uk. That then forces a redirect to a page warning about viruses with a modal dialog box with only one button. Apparently the phone will more or less self-destruct in a few minutes.

Close that (didn't click on it). Open Chrome again. It remembers the last page. So back up it comes.

Close that, Force Stop, Clear All Data. Bookmarks and logins gone, but Chrome works now and starts with a blank page. I skip the "login to Google account" thing. All OK.

I then wonder if these two things are related. Quite a coincidence.

We were out just prior to this starting, so phone was on 4G briefly.

I try some more searches. Hijack happens again. So basically, Chrome is now useless as it can be manipulated and when it is, the only option is to force a total reset.

It surely cannot be possible for this to have "infected" the OS, the app and the OS cannot be linked like this. I have authorised the install of absolutely nothing. 

Yet, when the popup appears, the battery life drops sharply and the phone continually vibrates. Again this surely cannot be even possible. A web page cannot make a smart phone vibrate. Can it?

Phone is now very hot and about to run out of power.

Back to the TV. That's still "broken". the So-Called BBC News app works. The iPlayer and YouTube ones don't work for more than 10 seconds.

Might this be a router DNS hijack? I'd thought this exploit was caused by malicious ads in Google's ad network, but a network level thing may explain why both are having problems.

Nothing I can see in the router. Software version as it was. Try with VPN on and off. Makes no difference.

OK, I'm in IT, but more programming, not network support.

Nothing new installed on phone. OS and app updates all disabled. I don't update things if they aren't broken. There surely cannot be any way for the browser to "infect" the OS.. can there? It isn't 1995 any more.

Install AVG antivirus. Finds no issues. Though it pops up lots of notifications to invite me to pay for that. Uninstalled that.

PC on same connection is working perfectly. No sign of anything odd at all. I can run the same searches and click the same results that make the phone redirect and they're fine on there.

So I've installed nothing and all of a sudden I have a partially useless and perhaps untrustworthy phone and a partially broken TV. Annoyingly, the Fire Stick doesn't have YouTube any more, so it's back to using the laptop to watch TV.

Any ideas..

 

Share this post


Link to post
Share on other sites

Had a quick look - try this with your phone first. (Combination of some of the suggestions). Chrome is the culprit here for having a loophole.

"Browsers never allow websites to vibrate mobile devices. However this is not the case with Chrome in Android. It has this vulnerability which allows websites to vibrate mobile devices."

 

https://www.quora.com/Why-does-my-browser-vibrates-my-phone-with-a-virus-message?share=1

 

Edited by onlyme

Share this post


Link to post
Share on other sites
8 minutes ago, stokiescum said:

could you run youtube on the tv via yourlap top

Yes, certainly possible.

However I'm more concerned about the TV being partly broken and the brand new mobile being infested with a virus..

3 minutes ago, onlyme said:

That is exactly the exploit that's happening here.

However it happens randomly - the browser is being hijacked.

The target link might be dosbods.co.uk but the browser will open a malicious site instead.

Edit to add: my Windows PC will open the same link perfectly without being hijacked.

I suspect the TV and Android/Chrome issues are purely a coincidence. It is odd, though.

Edited by DTMark

Share this post


Link to post
Share on other sites

You want peace of mind that not something really nefarious going on. My guess is that Panny/YT failed / kaput for some reason and you have gone to phone route (not used before) and visited site not done before and just bog standard malware - hence suggesting check phone first. 

Share this post


Link to post
Share on other sites

1. Clear your Chrome browser internet cache of everything - all cookies, all data, the works. Go into settings and clear everything out. Reboot the phone and tell us what happens. Do this with any other web browser you have on the phone.

 

I am confused by your first post in that you have something wrong with your TV and something wrong with your phone and you think they are both connected because they began happening at the same time?

 

 

Share this post


Link to post
Share on other sites
Just now, onlyme said:

You want peace of mind that not something really nefarious going on. My guess is that Panny/YT failed / kaput for some reason and you have gone to phone route (not used before) and visited site not done before and just bog standard malware - hence suggesting check phone first. 

That was exactly what I was thinking.

Until it happened again the second time clicking an entirely different link.

This exploit is, as I understand it, perpetrated through malicious ads on Google's network.

It is possible that the two pages I hit both feature Google advertising and both have the problem.

If I go to the one I think started it, which.co.uk, directly, I can navigate around that and it's fine.

I can't reproduce this on demand. But it has happened twice now.

Share this post


Link to post
Share on other sites
2 minutes ago, The Masked Tulip said:

1. Clear your Chrome browser internet cache of everything - all cookies, all data, the works. Go into settings and clear everything out. Reboot the phone and tell us what happens. Do this with any other web browser you have on the phone.

 

I am confused by your first post in that you have something wrong with your TV and something wrong with your phone and you think they are both connected because they began happening at the same time?

 

 

Yes, that's right - only in so far as:

- both worked perfectly last night
- it Is vaguely possible that some network level hijack could break both of them (e.g. TV tries to get next chunk of streamed data and gets something unexpected back because the DNS points is elsewhere, so it crashes)

I think it more likely that some component of the TV shared by both iPlayer and YouTube has been updated and that update has broken those two apps on the TV and that these issues are unrelated.

But it is a big coincidence and possible that there is some common link here.

I did as you suggest in the first para and that cleared it, but it has come back again clicking a different search result in Google. Basically, the Chrome browser on the phone is able to be manipulated somehow in a way that my partner's iOS/Safari browser and this Windows PC's Edge browser is not.

Which then points away from a shared network level cause.

Share this post


Link to post
Share on other sites

Te

Just now, DTMark said:

Yes, that's right - only in so far as:

- both worked perfectly last night
- it Is vaguely possible that some network level hijack could break both of them (e.g. TV tries to get next chunk of streamed data and gets something unexpected back because the DNS points is elsewhere, so it crashes)

I think it more likely that some component of the TV shared by both iPlayer and YouTube has been updated and that update has broken those two apps on the TV and that these issues are unrelated.

But it is a big coincidence and possible that there is some common link here.

I did as you suggest in the first para and that cleared it, but it has come back again clicking a different search result in Google. Basically, the Chrome browser on the phone is able to be manipulated somehow in a way that my partner's iOS/Safari browser and this Windows PC's Edge browser is not.

Which then points away from a shared network level cause.

 

I suspect that the TV and phone are just, as you say, a conincidence. There are a lot of posts online about iplayer or youtube apps suddenly stopping working on Panasonic TV's. But this is a common problem with all brands of smart TV's. One day it they are working fine and the next they do not work and never work again.

You may have had an update to the firmware or the apps that has broken something. This is very common. I would suggest having a look in the settings to see when the firmware was last updated and when the apps were last updated. If you can clear the cache of iplayer and youtube do so.

Unfortunately the OSes of these smart TV's are so different from model to model of the same manufacturer let alone from manufacturer to manufacturer that I can't offer nay more advice than this. Some TV's allow you to revert to originial settings or even - and this is not something to do lightly - to the original firmware.

Share this post


Link to post
Share on other sites
5 minutes ago, DTMark said:

I did as you suggest in the first para and that cleared it, but it has come back again clicking a different search result in Google. Basically, the Chrome browser on the phone is able to be manipulated somehow in a way that my partner's iOS/Safari browser and this Windows PC's Edge browser is not.

Which then points away from a shared network level cause.

 

Sounds like it is somewhere else in the Google app.

Go to Play Store, download Malware Bytes and run it. Let's see if that finds anything. Report back.

Share this post


Link to post
Share on other sites
17 minutes ago, DTMark said:

That was exactly what I was thinking.

Until it happened again the second time clicking an entirely different link.

This exploit is, as I understand it, perpetrated through malicious ads on Google's network.

It is possible that the two pages I hit both feature Google advertising and both have the problem.

If I go to the one I think started it, which.co.uk, directly, I can navigate around that and it's fine.

I can't reproduce this on demand. But it has happened twice now.

Sounds like it is redirecting - that would be in the realm of having different proxy set for example so that no matter what site you tried to visit the proxy delivers up one of its own. Maybe try the play store app and download Firefox for example (one of the suggestions) and try that. That would tell you whether the issues is just with Chrome which I suspect it is.

Share this post


Link to post
Share on other sites

Chrome - menu - Settings -Site setting - Notifications -  uncheck the box marked "vibrate" 

(but it should be set to 'ask first' already)

Share this post


Link to post
Share on other sites

Here's a quick way to check that it is not your router / DNS - turn off Wifi on phone and switch to mobile data, if still getting redirects then definitely not Route/DNS, just the phone you need to sort out, that you don't get the same with PC suggests this anyway.

 

Share this post


Link to post
Share on other sites

Cant say this is the same but i had similar this morning i thought it was from cricfree but also used youtube 

I tried the usual restore point it would not complete said i had anti virus software still running 

After much faffing about i cleared chrome history/cache that fixed it (i think ,well the page has gone )

The offending item was something like https;// networking 935-info 

 

Edit this was on a laptop and was an issue with chrome i think as Firefox  Microsoft edge worked fine with a different search engine 

Edited by Long time lurking

Share this post


Link to post
Share on other sites

Ok, it seems to have stopped redirecting on the phone. Have installed Edge to replace Chrome for now.

The TV may have a hardware fault but it is odd that it impacts YouTube and iPlayer but not the other apps on it. It isn't that the apps don't work at all, they do, but they crash after a few seconds of play.

Have come across others with the same issue on Panasonic Tvs with similar model numbers but from a fair while ago.

It's out of warranty now so we will presumably have to pay for it to be fixed.

Share this post


Link to post
Share on other sites
6 minutes ago, DTMark said:

Ok, it seems to have stopped redirecting on the phone. Have installed Edge to replace Chrome for now.

The TV may have a hardware fault but it is odd that it impacts YouTube and iPlayer but not the other apps on it. It isn't that the apps don't work at all, they do, but they crash after a few seconds of play.

Have come across others with the same issue on Panasonic Tvs with similar model numbers but from a fair while ago.

It's out of warranty now so we will presumably have to pay for it to be fixed.

My Samsung TV, which runs Tizen, does exactly the same thing.  It opens, then after 10 to 20 seconds, it has a habit of closing itself.  When mirroring via Chromecast, its absolutely fine.

Edited by Dave Beans

Share this post


Link to post
Share on other sites
8 minutes ago, DTMark said:

Ok, it seems to have stopped redirecting on the phone. Have installed Edge to replace Chrome for now.

The TV may have a hardware fault but it is odd that it impacts YouTube and iPlayer but not the other apps on it. It isn't that the apps don't work at all, they do, but they crash after a few seconds of play.

Have come across others with the same issue on Panasonic Tvs with similar model numbers but from a fair while ago.

It's out of warranty now so we will presumably have to pay for it to be fixed.

 

It won't be fixed. Once the apps no longer work on a smart TV that is usually it. The manufacturer blames the software company and vice versa. Part and parcel of owning a smart TV nowadays. Big con IMPO.

Out of interest, NOW TV apparently have had to update their app in the past 24 hours as it began to no longer work on certain TV's and PC's.

Share this post


Link to post
Share on other sites
10 minutes ago, DTMark said:

Ok, it seems to have stopped redirecting on the phone. Have installed Edge to replace Chrome for now.

The TV may have a hardware fault but it is odd that it impacts YouTube and iPlayer but not the other apps on it. It isn't that the apps don't work at all, they do, but they crash after a few seconds of play.

Have come across others with the same issue on Panasonic Tvs with similar model numbers but from a fair while ago.

It's out of warranty now so we will presumably have to pay for it to be fixed.

Why wouldn't you just pay £20 for a chromecast or Kodi box and do all the smarts on that?

[I actually don't understand why people want smart TVs -- to me they're just a monitor and anything extra built-in is just an obsolescence waiting to catch you out.]

Share this post


Link to post
Share on other sites

We have a Fire TV stick which used to have the YouTube app, but now, it doesn't.

There is a YouTube app on the Apple box which we never really used before (neither the app, nor that box, it just sits there), that still works. For now.

 

Share this post


Link to post
Share on other sites
26 minutes ago, dgul said:

Why wouldn't you just pay £20 for a chromecast or Kodi box and do all the smarts on that?

[I actually don't understand why people want smart TVs -- to me they're just a monitor and anything extra built-in is just an obsolescence waiting to catch you out.]

Yep, totally agree. Unfortunately it is getting very hard to buy non-smart TV''s.

Bugger - on Thursday John Lewis cleared out a load of non-smart Samsung and LG TV's for about £150 to £200 for 55 inch models. Absolute bargain for those who got one.

Share this post


Link to post
Share on other sites
48 minutes ago, The Masked Tulip said:

Yep, totally agree. Unfortunately it is getting very hard to buy non-smart TV''s.

Bugger - on Thursday John Lewis cleared out a load of non-smart Samsung and LG TV's for about £150 to £200 for 55 inch models. Absolute bargain for those who got one.

I just buy plasmas from people upgrading to LCDs (I'd accept that these are much thinner and have teeny bezels).  They're a bit heavy but pretty good contrast levels even for these days.

[I've got a Barco in the living room.  A bit big (well, huge) and low resolution for these days, but the picture looks impressive enough on the occasions when I want a cinema experience.  It cost £2].

Share this post


Link to post
Share on other sites
10 minutes ago, dgul said:

I just buy plasmas from people upgrading to LCDs (I'd accept that these are much thinner and have teeny bezels).  They're a bit heavy but pretty good contrast levels even for these days.

[I've got a Barco in the living room.  A bit big (well, huge) and low resolution for these days, but the picture looks impressive enough on the occasions when I want a cinema experience.  It cost £2].

I spose you don't need to put your heating on in the winter..

Share this post


Link to post
Share on other sites
4 hours ago, onlyme said:

Sounds like it is redirecting - that would be in the realm of having different proxy set for example so that no matter what site you tried to visit the proxy delivers up one of its own. Maybe try the play store app and download Firefox for example (one of the suggestions) and try that. That would tell you whether the issues is just with Chrome which I suspect it is.

It is an issue with Chrome..

At least, I had it twice in fairly quick succession with Chrome, but Edge hasn't done it once - I've been attempting to reproduce it with the same searches and links but to no avail. All good.

That the pop up box warns about your Android Samsung (in my case) device suggests that the exploit targets only Android users and the mechanism by which it does so, is Chrome. 

I don't use Chrome on the desktop because it has at least one known very serious security flaw (hidden form field filling - this may be fixed now) and a horrible UI. 

So today, on the phone - I've ditched Chrome for MS Edge, and also got rid of that shite GMail app, replacing it with a paid one called "Nine" which seems to work really well.

So far as the TV is concerned, I can only guess that the problem is related to the new section at the top of the app on the TV which wasn't there before.

Thus, the app has updated itself. There doesn't seem to be any way to turn off updates. Nor any "factory reset" option.

That must have happened at some point between about 11pm last night and midday today.

So an update has been downloaded by the TV and installed by the TV, with neither my knowledge nor consent, and in this manner, the TV has effectively "broken itself".

This is going to be a choice conversation with Panasonic on Monday.

Share this post


Link to post
Share on other sites
1 hour ago, Dave Beans said:

I spose you don't need to put your heating on in the winter..

Well, you are right.

But I don't really watch that much TV.  So efficiency isn't that big a deal.

Share this post


Link to post
Share on other sites
8 minutes ago, DTMark said:

So far as the TV is concerned, I can only guess that the problem is related to the new section at the top of the app on the TV which wasn't there before.

Thus, the app has updated itself. There doesn't seem to be any way to turn off updates. Nor any "factory reset" option.

That must have happened at some point between about 11pm last night and midday today.

So an update has been downloaded by the TV and installed by the TV, with neither my knowledge nor consent, and in this manner, the TV has effectively "broken itself".

This is going to be a choice conversation with Panasonic on Monday.

 

 

It's their way of saying that they value your custom and would like you to be a customer again.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.