Android powered devices are susceptible to major vulnerabilities out-of-the-box: Report

By Shubham Sharma | Published on Aug 12 2018
Android powered devices are susceptible to major vulnerabilities out-of-the-box: Report
HIGHLIGHTS

As per a security research firm, many Android-powered smartphones come pre-loaded with apps that could give an attacker total control over the device if the user is not careful.

Honor Band 5i

Here comes the hottest smart band in town! The USB-enabled HONORBand5i is now available on @Amazon.in. Run and get it now at Rs 1999 only.

Click here to know more

Android’s open nature is a boon for OEMs and developers alike. While this means that smartphone manufacturers can create their own versions on top of it, which they usually do, someone modifying the code can also cause harm by knowingly or unknowingly introducing vulnerabilities in the ecosystem. As per a report by the security firm Kryptowire, via Wired, many Android-powered smartphones are vulnerable to remote highjacking and many other worrying hacks even before one purchases them. The security firm analysed ten Android smartphones that support US network carriers and found that the firmware and pre-installed software, which we call bloatware, expose the end-user to some serious vulnerabilities, given that a user downloads a malicious app. 

Overview of the Kryptowire report states, “Our primary focus was exposing pre-positioned threats on Android devices sold by United States (US) carriers, although our results affect devices worldwide... The vulnerabilities we discovered on devices offered by the major US carriers are the following: arbitrary command execution as the system user, obtaining the modem logs and logcat logs, wiping all user data from a device (i.e., factory reset), reading and modifying a user’s text messages, sending arbitrary text messages, getting the phone numbers of the user’s contacts, and more. All of the aforementioned capabilities are obtained outside of the normal Android permission model.” 

Wired says that the Kryptowire study was funded by the US Department of Homeland Security (DHS) and was to be presented at the recently concluded Black Hat 2018 security conference. Devices from manufacturers like LG, Asus, ZTE and others are discussed at the event and DHS had previously suggested that the China-based company ZTE poses a security threat, but the agency didn’t provide any critical info to back the statement. As per Kryptowire, a remote attacker can gain total control of the ZTE ZMax smartphone, if a malicious app is downloaded. 

One should note that even though the aforementioned vulnerabilities come pre-baked in an Android device, they can only be exploited when a user has any third-party malicious app installed. As apps on Google Play Store go through a stringent review and test process, chances are slim of downloading a malware if one sticks to app downloads from the official source. However, downloading apps from other sources and unknown websites could lead an attacker to gain complete control over a device.

Videos

NotPetya Malware Everything You Need to Know  Digitin
logo
Shubham Sharma

Interested in tech, gaming, cyber-security, anime, and more

Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of Thinkdigit.com as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.

We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry.