Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Security Android Google

Malware Found In the Firmware of 26 Low-Cost Android Models (bleepingcomputer.com) 60

Posted by msmash from the security-woes dept.
An anonymous reader writes: Security researchers have found malware hidden in the firmware of several low-end Android smartphones and tablets, malware which is used to show ads and install unwanted apps on the devices of unsuspecting users. 26 Android device models have been found to be vulnerable. The common link between all these devices is that all are low-cost devices, mostly marketed in Russia, and which run on MediaTek chipsets.

According to security researchers from Dr.Web, a Russian antivirus vendor, the malware appears to have been added to the firmware by "dishonest outsourcers who took part in [the] creation of Android system images decided to make money on users." The security firm has informed MediaTek and the device vendors about this issue so the affected companies can inspect their distribution chain and find the possible culprits.
This discussion has been archived. No new comments can be posted.

Malware Found In the Firmware of 26 Low-Cost Android Models More

Malware Found In the Firmware of 26 Low-Cost Android Models

Comments Filter:

  • The list (Score:5, Informative)

    by fred6666 ( 4718031 ) on Tuesday December 13, 2016 @12:17PM (#53476147)

    These were cheaper than cheap. No well known brand such as Samsung or even cheaper brands such as Huawei, ZTE and Xiaomi.

            MegaFon Login 4 LTE
            Irbis TZ85
            Irbis TX97
            Irbis TZ43
            Bravis NB85
            Bravis NB105
            SUPRA M72KG
            SUPRA M729G
            SUPRA V2N10
            Pixus Touch 7.85 3G
            Itell K3300
            General Satellite GS700
            Digma Plane 9.7 3G
            Nomi C07000
            Prestigio MultiPad Wize 3021 3G
            Prestigio MultiPad PMT5001 3G
            Optima 10.1 3G TT1040MG
            Marshal ME-711
            7 MID
            Explay Imperium 8
            Perfeo 9032_3G
            Ritmix RMD-1121
            Oysters T72HM 3G
            Irbis tz70
            Irbis tz56
            Jeka JK103

    • That reads like a who's who list of crap I wouldn't waste my money on if I saw it in the store.

      • That reads like a who's who list of crap I wouldn't waste my money on if I saw it in the store.

        I bought a couple of these for my kids a few years ago when they were in their destructive stage and I was working on teaching them how to properly take care of things. At that point a $30 tablet that they could play angry birds on and look at wikipedia was all they really needed. I had suspected malware as one of them started having unwanted popups even after I reflashed it.

      • I would assume none of them can load apps from the Play store. Based on the now common wisdom - you're (more or less) safe if you only ever install apps from the Google Play Store, and if not, you're not ever going to get software updates, so consider yourself hacked - these things are all malware vectors from the get go. Their vendors just gave them a head start...

  • Mediatek, WHAT IS YOUR PROBLEM?! (Score:4, Insightful)

    by emil ( 695 ) on Tuesday December 13, 2016 @12:27PM (#53476215)

    Why is Mediatek installing malware to extract and send the owner's data to China [digitaltrends.com]?

    I just bought the latest BN Nooks as Christmas gifts. Now I have to tell EVERYONE who receives these gifts to use burner accounts, no credit cards, no sensitive gmail.

    None of these companies can be trusted.

    • Comment removed based on user account deletion

      • It most CERTAINLY IS Mediatek! (Score:5, Informative)

        by emil ( 695 ) on Tuesday December 13, 2016 @01:20PM (#53476595)

        They were caught red handed [cpbotha.net].

        When Google had previously updated its systems to check for ADUPS, MediaTek (they make the chipset in millions of low-end phones) simply modified their system software to evade Google’s checks. Nice one MediaTek!

        DO NOT BUY EQUIPMENT WITH MEDIATEK CPUS!

        • Re: (Score:1)

          by Anonymous Coward

          You represent exactly the kind of malice and misunderstanding the writer was hoping for: get people, and consequently product developers, to believe that MediaTek is bad. It's not MediaTek's chips that are bad, it's the next vendor in line who included ADUPS and evaded the checks for it.

          And all of these complaints are hilarious, because they boil down to people being mad because their malware is not stealthy enough. You never complain about Google, Microsoft, NSA etc. collecting your info secretly, but when

          • Re: (Score:1)

            by jofas ( 1081977 )
            Strawman. While they don't *directly* install malware, they have been called out NUMEROUS times for not patching vulns in subsequent generations of same hardware. The list above was one or two manufacturers in 2014 and is now as long as it is because they don't give a shit. Bottom line: they are not marketing to North American demographics of any kind.

        • Re: (Score:2)

          by thsths ( 31372 )

          Exactly this. They have been caught in questionable dealing way to often: violating the GPU, preventing updates that a technically perfectly possible, dealing with developers who install malware ... they certainly have a track record that should make you very worried.

          This is not to say that everybody else is doing great work, but with MediaTek you can be quite certain to be screwed one way and/or another.

        • I just checked the new tablet and found:

          /system/app/AdupsFota/AdupsFota.apk

          Is this the Mediatek malware in question?

    • Not sure which latest Nooks you are talking about, but since they are rebranded samsung tablets with qualcom processors and not mediatek processors, you shouldn't need to.

      • Re: (Score:2)

        by emil ( 695 )
        Uh, no [ebookfriendly.com].

        Processor MediaTek MT8163 ARM Cortex-A53 Quad-Core

    • Re: (Score:1)

      by trevc ( 1471197 )
      Why did you buy them; don't you like these people?

      Why is Mediatek installing malware to extract and send the owner's data to China [digitaltrends.com]?

      I just bought the latest BN Nooks as Christmas gifts. Now I have to tell EVERYONE who receives these gifts to use burner accounts, no credit cards, no sensitive gmail.

      None of these companies can be trusted.

  • There is no need to say "Low Cost Android Phones".... Mainly because there are no "Low Cost Apple Phones", and we already know that all "Low Cost Windows Phones" contain malware by virtue of being Windows.
    • There are still low-cost feature phones... and blackberry. Yeah.
    • And by the definition of malware as "used to show ads and install unwanted apps on the devices of unsuspecting users" there are NO phones that don't contain malware. Google Chrome, which used to be bundled with Java updates (as I recall, it might have been something else) is malware under that definition.

      • Re: (Score:2)

        by thsths ( 31372 )

        If a Java update installs Chrome, then Java is the malware here. Sure, Google paid for it, so they are complicit, but Oracle conveniently "forgot" to ask the user.

  • Google (Score:2, Insightful)

    by 110010001000 ( 697113 )
    Google needs to get a grip on Android, somehow. They are ultimately responsible for this mess. Stop fucking around with self-driving cars and do your job.

    • Re: (Score:3, Informative)

      by The-Ixian ( 168184 )

      Google needs to get a grip on Android, somehow

      They have, it's called a Pixel.

      If you buy an AOSP or Android device from any other manufacturer, your relationship is with that manufacturer, not with Google.

      Google just makes the OS that runs on the hardware.

    • That is basically "Google Play Services". With each Android revision a bit more of what you would actually want to use ends up provided by GPS rather than AOSP.

      On the plus side, this makes for better application compatibility for devices stuck on old Android versions by OEMs who don't give a damn. On the minus side, it provides no protection against malice; only applies if your device is a google vassal; and does absolutely nothing about the fact that embedded ARM is a balkanized shithole of gratuitously

    • Re: (Score:2)

      by fermion ( 181285 )
      Low cost is the key. No manufacturer is going to sell a product with no hope of making profit. We say this MS Windows machines many years ago. The cost of a MS Windows license was so great, and the pressures to keep cost low so intense, that they only way for the average OEM to generate a profit was to use the machines as promotional vehicles. In the end, every consumer MS Windows machine ended up being a means for MS to gain market share and third parties to generate profit, not a tool for useful work.

    • Telepathy exists [slashdot.org]

  • Kill the market for this crud (Score:5, Interesting)

    by anthony_greer ( 2623521 ) on Tuesday December 13, 2016 @12:34PM (#53476265)

    Google needs to start working with vendors in the markets that use these lower end phones to make secure and reliable hardware. If there are a couple vendors making reliable phones for the ultra low end, with Googles official support and endorsement, it could go a long way in killing the market for these sorts of devices and win them a lot of favor in places where they might not be so highly regarded.

    • Re: (Score:1)

      by Anonymous Coward

      Google _does_ work with the vendors in low end market, with the Android One initiative.

      Google's involvement inevitably pushes up the price -- but they do have a plan for this.

    • Re: (Score:1)

      by bgarcia ( 33222 )

      Google needs to start working with vendors in the markets that use these lower end phones to make secure and reliable hardware. If there are a couple vendors making reliable phones for the ultra low end, with Googles official support and endorsement, it could go a long way in killing the market for these sorts of devices and win them a lot of favor in places where they might not be so highly regarded.

      Google created Android One [androidcentral.com] as an attempt to do exactly this. But people who sell phones that are subsidized by malware creators are able to sell those phones for even less. Go figure.

  • Russian clickfarms were conspiring with cellphone network staff since prehistoric times (first heard of paid sms scams around year 2002, 2003 or so).

    Now they mostly sell access on sms validation market.

  • Androids with malware (Score:3)

    by TrixX ( 187353 ) on Tuesday December 13, 2016 @01:01PM (#53476443) Journal

    For a second I read the "Android" in the headline as talking of a humanoid robot instead of the smartphone OS, and it was a really good base for a sci-fi story

  • This shouldn't be a surprise. I mean, it's called Landfill Android for a reason. Landfills are riddled with god-knows what diseases. These devices are simply extending the metaphor.

  • Device makers to try to find the culprits (Score:3)

    by Streetlight ( 1102081 ) on Tuesday December 13, 2016 @01:27PM (#53476647) Journal
    Quote from OP: "The security firm has informed MediaTek and the device vendors about this issue so the affected companies can inspect their distribution chain and find the possible culprits."

    How about updating the OS in these cheap phones, even the ones already sold, with an uninfected OS. Why waste time looking for the miscreants, who may be well hidden? Just fix the OS.

  • Can we start calling all the preloaded crap that isn't stock android malware?

    all the shit that vendors load that spy on you all the time?

    tmobile
    verison
    att

    etc etc etc
    I can't uninstall that stuff

    • all the shit that vendors load that spy on you all the time?

      Vendors? You mean like Google?

      Right now I see "GoogleLocationManager", "ContextManagerService", GoogleLocationService", and "GcmService" all running on my tablet. This is with "Location Service" turned off and after I've explicitly stopped the Google Play Services app, on a device that is in airplane mode and not been used for any app that needs location. (Any my phone, which is a later version of Android, doesn't let me stop Google Play Services at all.)

      That ignores the google analytics service that sh

  • Sorry but if you buy a crap-tacular phone you can not expect it to be even safe to turn on. These companies are known for selling flash media pre loaded with malware.

  • Low end market (Score:3)

    by XSportSeeker ( 4641865 ) on Tuesday December 13, 2016 @02:46PM (#53477329)

    It's probably the case for generic low end devices here in Brazil too, and probably most other countries.
    Bought one of those earlier this year, something like 50 bucks for a quadcore tablet that performed pretty decently.
    If you try to root it, the whole thing factory resets itself after power down.

    It has several suspicious stuff pre-installed into it, and they'll always be back no matter which way you try to uninstall or delete them.
    Some apps are simply shovelware, but there's plenty of stuff that apparently had no purpose there.

    Crapshoot. I wanted a tablet to read some comics and do some of the basics, and also to experiment on rooting and making a device secure... ended up in the trash, going for a reputable brand instead.

Slashdot Top Deals

"What man has done, man can aspire to do." -- Jerry Pournelle, about space flight

Close