Slashdot Mirror
Malware Found Preinstalled On 38 Android Phones Used By 2 Companies (arstechnica.com)
An anonymous reader quotes a report from Ars Technica: An assortment of malware was found on 38 Android devices belonging to two unidentified companies. This is according to a blog post published Friday by Check Point Software Technologies, maker of a mobile threat prevention app. The malicious apps weren't part of the official ROM firmware supplied by the phone manufacturers but were added later somewhere along the supply chain. In six of the cases, the malware was installed to the ROM using system privileges, a technique that requires the firmware to be completely reinstalled for the phone to be disinfected. Most of the malicious apps were info stealers and programs that displayed ads on the phones. One malicious ad-display app, dubbed "Loki," gains powerful system privileges on the devices it infects. Another app was a mobile ransomware title known as "Slocker," which uses Tor to conceal the identity of its operators. Check Point didn't disclose the names of the companies that owned the infected phones. Padon said it's not clear if the two companies were specifically targeted or if the infections were part of a broader, more opportunistic campaign. The presence of ransomware and other easy-to-detect malware seems to suggest the latter. Check Point also doesn't know where the infected phones were obtained. One of the affected parties was a "large telecommunications company" and the other was a "multinational technology company."
Then most likely it's yet another case of three-letter agencies doing it. They're not exactly fond of things that remove their rootkits after all.
I realize the extra physical exertion of a "swipe" versus a "tap" is just too much work for some, but at least I know my credit card doesn't come with malware preinstalled.
I thought all Android phones had spyware pre-installed by Google.
Buying devices, opening them up and altering them, then returning to store has been popular for decades. Is called 'pre-p0wnd'.
Trump isn't deranged. Why would you name a syndrome after him?
Perhaps Breitbart will pretend it's the CIA? I'm reminded of the recent Breitbart news , "CIA uses stolen malware to attribute cyber attacks to nations like Russia"...
Although Occams Razor suggests this is more to do with the investigation of Roger Stone of Breitbart, who apparently was coordinating propaganda with Russian government hacker Guccifer 2.0 during the election.
Watch him on RT, Russian propaganda TV. Party before country. Traitors who'd sell out America for power.
https://www.youtube.com/watch?v=sjMUyPwe38E
So let's see if Breitbart spins this into an anti-CIA, anti-America thing.
I like the idea of CyanogenMod and LineageOS but let's be serious; you have no idea what's contained in those distros. Malicious software could easily hide in source code and get built every night.
My MetroPCS ZTE ZMAX Pro came with Lookout preinstalled and it has been a pretty good app. I'm hoping that I won't pick up a piece of malware but Android and iOS are moving targets. It's not a matter of if, it's a matter of when.
You sound unhinged. His control is very limited. This is why we have 3 branches of government you know, there's no such thing as a dictator. You sound as crazy as the far right nuts that ranted that Obama was going to declare the election void and stay in office. Or the far left nut jobs begging him to do just that. Why don't you go see a doctor and get some Xanax? Chill out.
"We won't name the companies or devices"... because this is a FUD driven ad campaign for our services.
So obvious.
???
This is getting old.
I don't care if it's old, I just want want something that handle simple daily tasks and doesn't have 500 backdoors and 5000 agencies/hackers spying on it.
I'd think it'd be nice to know what companies and models it pertains to. A lot of people trust their phones for things like banking. I don't but I'm a little paranoid about money.
Ahh, I missed that he was a Trump advisor AT THE TIME he was doing his little co-ordinating with Guccifer. No wonder he's on RT attacking the CIA.
Interesting, Carter Page was also on RT, in December 2016... from his Moscow visit, he went to Moscow for a week to meet 'business leaders and thought leaders', announced it, met a bunch of Russians, and went on RT:
https://youtu.be/4ePHA4f7MNg?t=55s
Or his July visit which including meetings with Russian intelligence:
http://www.usatoday.com/story/news/2017/03/07/campaign-granted-page-permission-moscow-trip/98874648/
Which is odd, because this February he said he didn't have any meetings with Russian official in 2016
https://youtu.be/bsgSl8s2GeM?t=5m25s
All kinda of coming out in the last few days, since 4th March, yet you were distracted by Trump's allegation against Obama which came out March 4th.
I see.
It has been very clear for years that mobile phone operating systems are completely compromised. Either the company that sold them to you is in charge of monetizing your every breath or state security services are watching your every move (and not necessarily your own state either). A well set up PC connected to the internet is slightly better but basically anything connected to the internet is owned by a corporation or several nation states. It does not matter for most of us in our day to day lives but forget using any of this stuff if you are a journalist with information that someone powerful does not like. Whether this is a problem is something we will only find out in a few decades. Personally I would keep a very docile and obedient profile if you want to stay healthy in the coming 50 years. This is what makes hating migrants as security threats such a joke, you can be sure that the state can destroy any of them that look a bit dodgy just as soon as they feel like it.
Facts are history now plebs have politics for religion on social media.
just watching the data gping through the Wifi router suggests how bad a Android is and something has been crashing my Noroot Firewall apk that I wonder what goes through.
It has been suggested that CIA installs backdoors it plausibly denies as owning simply because they lease backdoors just like how computer owners lease Microsoft Windows.
A prior article about CIA installing backdoors into OpenBSD also had a reference to a security firm Kryptos Logic that sells exploits worldwide to anyone with money.
Reading comprehension failure. Parent said the psychopaths along for the ride could kill everyone, not that Trump would kill everyone. There's a massive difference between thinking the various Nazi, Fascist and KKK Trump supporters empowered by his ascent are dangerous and that Trump is personally is going to commit genocide. Maybe you're just really into strawmen, though.
Wrong. Per TFA title, "phones", and "devices" in the lead sentence, not "models". It does list 23 different models that presumably cover those "devices" (which include several Galaxy Tab models, so not all phones). And those models range over 8 brands from the last several years, such as Samsung's Notes 2/3/4/5 (even a "Note 8", but guessing that must have been a Tab since no Samsung phones at version "8" are available just yet ...). That seems to be way too much variety for any organization with any "reasonable" procurement/provisioning policies to be buying and providing to employees.
The variety makes me think these must have been from some surveys/audits of personal ("BYOD") devices some companies allowed employees to use for work purposes. I know I used several quite different phones/tablets my last few years of work (retired now) that had to meet security standards/monitoring via ActiveSync (AS), and which had to be dropped for that kind of use as the requirements evolved with the technology such as my Windows Mobile 6.x Verizon X6900 (HTC Touch) and a later Imagio, although it was annoyingly ironic when they refused to apply a MS AS server patch needed for the Windows Phone 8/8.1 phones I was considering since it was not needed for the preponderance of Android and iOS devices most of my colleagues used.
So I had to get yet another, newer Android 4. (now look at all the exposures those had, and still have!) Moto Razr HD phone just so it could run the requisite Touchdown app to work with the company's AS implementation to access their Exchange servers. Glad I am done with such strait-jacketing (imposed by employers at least).
Ulefones was found to have malware in the official stock rom in 9/2016, including the official downloadeble updates, and "only" took them 2 months to remove it. :/
But for sub $100 phones with all these feature where can you expect they are cutting corners.
Not everyone. I took some for a while but eventually I figured out the problem was me. The pills just made me live in a kind of fog. I decided I'd rather just quit worrying about shit I can't control. Not that I've entirely gotten over it, but I can get by now.