Android devices found sold complete with malware out of the box

happygeek 0 Tallied Votes 785 Views Share

Android-driven devices, including smartphones and tablets manufactured by the likes of Asus, LG, Motorola and Samsung, are being sold with pre-installed malware according to claims made by the CTO and Founder of Marble Security. David Jevans made the claim following complaints from a potential client that a mobile security platform from the vendor was mistakenly identifying a Netflix app as being malware. Upon further investigation, Marble researchers discovered that the apps in question were not only malware but were actively harvesting both passwords and financial data which were being sent to a Russian server. Although malware is nothing new, and Android malware distribution in particular is growing at a phenomenal rate year on year according to just about every bit of statistical evidence I have seen, what peaked the interest of Jevans was the fact that the victim in question insisted that the malicious apps were pre-installed on the devices and there when they purchased them.

This is, of course, nothing really new as regular readers of DaniWeb news might recall. It was all of seven years ago now that I broke the story of TomTom satnav devices being found infected with malware direct from the factory. That news story went on to win an IT Security News Story of the Year award at the BT Information Security Journalism Awards, and served as a warning of things to come. Given the proliferation of both Android devices and Android malware, the only surprise here is that it has taken so long for this 'malware pre-installed' revelation to be made.

Samsung, whose Galaxy Note, Galaxy 3 and Galaxy 4 devices were amongst the devices found to be compromised, has stated that neither it nor the carrier partners it uses across the US install any Netflix app before selling the phones and tablets. Which leaves us with something of an obvious question that needs answering, namely who did install the software? Jevans has yet to confirm who was involved in selling the specific devices his researchers found to be infected, although most security experts seem to agree it's likely that the malware is being installed unintentionally through a bundle package that contains the infected files or the handsets in question were refurbished units which were already carrying the distribution. This does, of course, raise further issues regarding the lack of proper device sanitation and security checking before sale.

Michael Sutton, VP of security research at Zscaler, says: "while such instances are rare, it is always possible that a less than reputable vendor, or someone with access to the devices along the supply chain knowingly installed malicious apps. It is also possible that the vendors involved in this situation were selling refurbished devices that had not been properly wiped. Regardless, as with web traffic, devices too should be considered untrusted until properly vetted. For most customers, buying from a reputable retail chain or ordering directly from the manufacturer is adequate to reduce the risk of purchasing an infected device. However, for those that want to be absolutely certain that their new device is clean, they should wipe the device and reinstall the operating system (o/s) from scratch before using it. Fortunately, the process for doing so with mobile phones is relatively simple. This is really only an issue with Android devices as the o/s permits apps to be installed from third party app stores which serve as the source for the vast majority of malicious applications."

rogerandre 0 Newbie Poster

Ebay, Amazon et all would be the ones to watch. I imagine they would be great platforms for shifting compromised devices at a 'reasonable price.'

rubberman 1,355 Nearly a Posting Virtuoso Featured Poster

Telecom companies that sell these devices often install applications that are not in the basic load from the device manufacturer. This is the most likely vector for such infections. Myself, I will NEVER purchase a phone directly from a phone company, but will purchase an unlocked one that I can use with my "preferred" phone company. It costs me more up-front, but much less in the long term since I am not paying a premium for my account and don't need to get a term-limited (2 year typically) contract. You know the old saying - you can pay me now, or you can pay me later... :rolleyes:

Using an unlocked Android phone means that I can get a SIMM in a foreign country, plug it in, and not have to pay international roaming charges. This has saved me hundreds of $$ in the past.

rogerandre 0 Newbie Poster

Yeah for the lay person it's important to make sure a 2nd device isn't signed into anything/wiped. The bad ad deliverence of malware, most likely to be happening too me thinks. What an ideal job it would be for a malware writter, to work coding apps for a phone company and create a boted harvesting mesh of some kind.

creamtown 0 Newbie Poster

Wow. This is definitely dangerous for most smartphone customers in the world, especially those who have important accounts like Paypal, Amazon affiliate, Google, Facebook or Twitter. I think we should buy smartphone from the official company stores, instead of retailers. My friend recently just bought an acer smartphone and its battery life is horrible, whereas it is a new smartphone. I suspect there are some malwares inside his smartphone.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.