Slashdot Mirror

← Back to Stories (view on slashdot.org)

Millions of Android Devices Are Vulnerable Right Out of the Box (wired.com)

Posted by msmash on from the problem-persists dept.

Security meltdowns on your smartphone are often self-inflicted: You clicked the wrong link, or installed the wrong app. But for millions of Android devices, the vulnerabilities have been baked in ahead of time, deep in the firmware, just waiting to be exploited. Who put them there? Some combination of the manufacturer that made it, and the carrier that sold it to you. From a report: That's the key finding of new analysis from mobile security firm Kryptowire, which details troubling bugs preloaded into 10 devices sold across the major US carriers. Kryptowire CEO Angelos Stavrou and director of research Ryan Johnson will present their research, funded by the Department of Homeland Security, at the Black Hat security conference Friday. The potential outcomes of the vulnerabilities range in severity, from being able to lock someone out of their device to gaining surreptitious access to its microphone and other functions. They all share one common trait, though: They didn't have to be there. [...] "The problem is not going to go away, because a lot of the people in the supply chain want to be able to add their own applications, customize, add their own code. That increases the attack surface, and increases the probability of software error," Stavrou says. "They're exposing the end user to exploits that the end user is not able to respond to." Security researchers found 38 different vulnerabilities that can allow for spying and factory resets loaded onto 25 Android phones. That includes devices from Asus, ZTE, LG and the Essential Phone, which are distributed by carriers like Verizon or AT&T.

3 of 67 comments (clear)

  1. Blah blah blah Security Fatigue by Lije+Baley · · Score: 1, Insightful

    Yes, let's just keep piling on these alarmist, security-as-a-religion articles. It will only hasten the coming of the post-security world.

    --
    Strange things are afoot at the Circle-K.
  2. Re: Not surprising by peragrin · · Score: 4, Insightful

    Not only is it crapware it is uninstallable crapware. Let me uninstall samsung mail , calendar I don't use it anyway.

    Fine lock me into TouchWiz z but let me uninstall apps I don't actually use.
    Bewteen Samsung and att I have 30 unstallable apps

    Apps, not settings, or keyboards that I replaced just apps

    --
    i thought once I was found, but it was only a dream.
  3. Re: Not surprising by sjames · · Score: 3, Insightful

    So name the half decent device that isn't loaded with crapware they should have bought instead?

    Too often voting with your wallet is like voting in the old Soviet Union, you can choose any member of the Communist party you want.