Android Malware Comes Preinstalled From The Factory, For Your Convenience
The Hack Is Coming From Inside The House
In the past we have seen questionable software pre-installed by the manufacturer which has lead to unnecessary vulnerabilities, Superfish being a prime example. In most cases the software was not specifically designed to be malware, it just turned out to be insecure and rendered products vulnerable to attacks. Recent research done by Trend Micro has revealed that many low cost Android devices don’t just have software installed by the manufacturer that accidentally opened up vulnerabilities, they come with purposefully designed malware installed.
The Android malware, if you can call them that, are included within the firmware and companies are unwittingly exposing their customers to attacks. It turns out the the cost of purchasing firmware to run a device on has plummeted, to the point where reputable developers who charged money for their firmware were driven out of business by predatory developers who didn’t charge much, or anything, to use their firmware. The problem is, as an old Sci-Fi writer once put it, TANSTAAFL.
The free firmware comes with rather questionable and completely undisclosed plug-ins, which is where the developers actually make their money. One example mentioned in the article at The Register is the ability to ‘rent’ a device for five minutes by paying the company that provided the firmware a certain amount of money. In that five minute period the keystrokes, geographical location, IP address and data on a device can be harvested, without the user having any idea it happens.
While Samsung and Google devices use firmware developed in house, any lower cost knockoffs could well have that sort of Android vulnerability baked into it. It is also likely the vast majority of IoT devices all have firmware with these vulnerabilities, and seeing as how it is baked right into the firmware, it is not something that can be patched.
Miscreants have infected millions of Androids worldwide with malicious firmware before the devices even shipped from their factories, according to Trend Micro researchers at Black Hat Asia.
More Tech News From Around The Web
- Microsoft patches bypass for recently fixed Outlook zero-click bug @ Bleeping Computer
- Pure Storage: No More Hard Drives Will Be Sold After 2028 @ Slashdot
- CISA warns of critical Ruckus bug used to infect Wi-Fi access points @ Bleeping Computer
- Microsoft can’t stop injecting Copilot AI into every corner of its app empire @ The Register
- Fake Scientific Papers Are Alarmingly Common @ Slashdot
- YouTube’s ‘Ad blockers not allowed’ pop-up scares the bejesus out of netizens @ The Register
- Dealmaster: Big savings on last-minute Mother’s Day tech gifts @ Ars Technica