Slashdot Mirror
Malware Found In the Firmware of 26 Low-Cost Android Models (bleepingcomputer.com)
An anonymous reader writes: Security researchers have found malware hidden in the firmware of several low-end Android smartphones and tablets, malware which is used to show ads and install unwanted apps on the devices of unsuspecting users. 26 Android device models have been found to be vulnerable. The common link between all these devices is that all are low-cost devices, mostly marketed in Russia, and which run on MediaTek chipsets.
According to security researchers from Dr.Web, a Russian antivirus vendor, the malware appears to have been added to the firmware by "dishonest outsourcers who took part in [the] creation of Android system images decided to make money on users." The security firm has informed MediaTek and the device vendors about this issue so the affected companies can inspect their distribution chain and find the possible culprits.
According to security researchers from Dr.Web, a Russian antivirus vendor, the malware appears to have been added to the firmware by "dishonest outsourcers who took part in [the] creation of Android system images decided to make money on users." The security firm has informed MediaTek and the device vendors about this issue so the affected companies can inspect their distribution chain and find the possible culprits.
Google needs to start working with vendors in the markets that use these lower end phones to make secure and reliable hardware. If there are a couple vendors making reliable phones for the ultra low end, with Googles official support and endorsement, it could go a long way in killing the market for these sorts of devices and win them a lot of favor in places where they might not be so highly regarded.