Skip to main content

Malware found preinstalled on some andriod phones

Malware has been discovered preinstalled on 36 Android phones belonging to two companies, security software maker Check Point reported on Friday.


"In all instances, the malware was not downloaded to the device as a result of the users' use -- it arrived with it," noted Oren Koriat, a member of Check Point's Mobile Research Team.

The malicious apps on the phones of a telecommunications company and a multinational technology business were not part of the official ROM supplied by the vendor, he explained. They were added somewhere along the supply chain.

Six of the malware instances were added by a malicious actor to the device's ROM using system privileges, meaning they couldn't be removed by the user and the device had to be re-flashed, Koriat added.

Most of the preinstalled malware consisted of information stealers and rough ad networks, he said. Included in the malicious software array was Slocker, a mobile ransomware program that encrypts all the information on a device and demands a payment to decrypt it.

Loki malware also was part of the mix. It not only generates revenue by displaying bogus ads, but also steals data about a device and can take control of it.

Customization Vulnerabilities

"Unfortunately, this isn't unexpected or even the first time we've seen this type of supply chain attack," said Mark Nunnikhoven, principal engineer of cloud and emerging technologies at Trend Micro.

The path from maker to user for a third-party Android phone typically entails four steps: First, a new version of the operating system is released. Then a phone vendor will test and customize the OS before passing it on to a carrier. The carrier also will test and customize the phone. Finally, it will end up in the user's hands.

"The problem is that when the phone is customized, malicious software or adware can be injected into it," Nunnikhoven told LinuxInsider. "This appears to have been the case here."

There is a law of computer security that physical access is always enough for an attacker to gain control of a device, said Craig Young, a senior security researcher at Tripwire.

"That means that anyone with physical access to the device -- either an intruder or an insider -- could connect the devices one by one to a computer and install malicious applications," he told LinuxInsider.

Consumers Helpless

Supply chain attacks like the one discovered by Check Point pose a serious problem to any consumer who receives such a phone.

"In a scenario like this, the only method to protect yourself from this threat would be to scan the phone right out of the box," said Troy Gill, a senior security analyst with AppRiver.

"Of course, this is a fairly disturbing proposition," he told LinuxInsider, "but unfortunately the only solution in this case."

Consumers are at the mercy of manufacturers in a case like this, said Michael Patterson, CEO of Plixer International.

"There is an expectation of trust, which in this case was broken," he told LinuxInsider.

"Given this situation where malware was installed as part of the supply chain, the only way for consumers to be protected is for manufacturers to begin to do a final quality assurance test of products before they are shipped to the consumer," Patterson suggested.

Hunting Mobile Users

Because Android is an open operating system, it can be more vulnerable to malware attacks than its chief rival, Apple's iOS. However, Android's openness isn't the culprit in this case, argued Patterson.

"In this case, the issue is one of a corrupt supply chain," he said. "This was not a matter of whether or not there are inherent vulnerabilities in Android -- this was a matter of a manufacturing process that failed the consumer."

While a ROM attack on an iPhone is unlikely, hackers have attacked the Apple supply chain successfully. One of the most notable forays was the poisoning of SDK kits used by Chinese iOS developers, which resulted in preinfected apps being uploaded to Apple's App Store.

Comments

Popular posts from this blog

What is ARP Monitor?

ARP MONITOR It’s FREE  tool like arpwatch but for Windows OS. This tool can help with ARP activity monitoring in computer networks.   It allows you to catch intruders on the network, track MAC-IP bundles, detect scans, monitor real-time ARP protocol activity in the segment, and much more. This windows software monitors ethernet activity like unix apwatch and keeps a database of ethernet/ip address pairings. new activity - This ethernet/ip address pair has been used for the first time. new station - The ethernet address has not been seen before. flip flop - The ethernet address has changed from the most recently seen address to the second most recently seen address. changed ethernet address - The host switched to a new ethernet address.  Download :   Mirror: http://www.binaryplant.com/binaryplant-arp-monitor.exe

Microsoft showing of its new xbox one dashboard

Microsoft revealed last week that it’s planning to  rebuild the Xbox One dashboard  with a focus on speed. While the software giant revealed common tasks will be faster, Mike Ybarra, head of platform engineering for Xbox, has now teased exactly what the new dashboard will look like. Microsoft is adding a new Xbox button part of the guide that slides into view, with the ability to quickly switch between recent apps or games without having to navigate back to the home of the dashboard. This subtle change could speed up the Xbox One dashboard significantly. One of the big issues of the current guide is heading back to home and watching the entire system slow down and lag, or refresh randomly. The new guide is accessible with a single button press, and it appears the old home concept will be replaced entirely with this quicker method. That should make the Xbox One guide a lot more like the Xbox 360 version, and just easier to use in general.  Windows Central  has ...