Posted by
Message
AUFan2015
Auburn Fan
Oneonta, Alabama
Member since Oct 2013
491 posts
 Online 

Google Warning: Tens Of Millions Of Android Phones Come Preloaded With Dangerous Malware
Forbes

quote:

Millions of shiny new Android smartphones are being purchased with dangerous malware factory-installed, according to Google’s own security research team. There have been multiple headlines about the millions of harmful apps being installed from the Play Store, but this is something new. And the danger to unsuspecting users, trusting that new boxed devices are safe and clean, is that some of that preinstalled malware can download other malware in the background, commit ad fraud, or even take over its host device.

Android is a thriving open-source community, which is great for innovation but not so great when threat actors seize the opportunity to hide malware in basic software loads that come on boxed devices. New phones can have as many as 400 apps factory-installed, many of which we just ignore. But it transpires that many of those apps have not been vetted. The apps themselves will work as billed, providing a useful capability or service, so we can be forgiven for not considering the risk that might lurk within.
Google’s Maddie Stone, a security researcher with the company’s Project Zero, shared her team’s findings at Black Hat on Thursday. “If malware or security issues come as preinstalled apps,” she warned, “then the damage it can do is greater, and that’s why we need so much reviewing, auditing and analysis.”

The risk impacts Android’s Open-Source Project (AOSP), a lower-cost alternative to the full-fat version. AOSP is installed on lower-cost smartphones where cheaper software alternatives help keep prices down. This means owners of Android-badged devices from the likes of Samsung and Google itself are safe from this particular risk.
For an attacker, Stone warned, the benefit of supply chain compromise is that they “only have to convince one company to include their app, rather than thousands of users.” The Google team didn’t disclose any details of the brands of phones involved, but more than 200 device manufacturers fell foul of the testing, with malware allowing the devices to be attacked remotely.

Of particular concern were two particularly virulent malware campaigns: Chamois and Triada. Chamois generates various flavors of ad fraud, installs background apps, downloads plugins and can even send premium rate text messages. Chamois alone was found to have come installed on 7.4 million devices. Triada is an older variant of malware, one that also displays ads and installs apps.
Google is working to help device manufacturers screen for such vulnerabilities, and between March 2018 and March 2019, Stone claims such screening helped reduce the instances of devices infected by Chamois from 7.4 million to “only” 700,000. “The Android ecosystem is vast,” she warned, “with a diversity of OEMs and customizations—if you are able to infiltrate the supply chain out of the box, then you already have as many infected users as how many devices they sell—that’s why it’s a scarier prospect.”
In the meantime, the usual advice applies around downloading and installing apps from the Play Store. A healthy dose of skepticism does not go amiss when the app is from an unknown source. Not much users can do if those threats come preinstalled, though, and that’s why this revelation is so dangerous. For this one we need to rely on manufacturers to do the right thing and follow Google’s advice in screening software fully to eradicate such risks.



UltimateHog
Arkansas Fan
Springfield, MO
Member since Dec 2011
54784 posts
 Online 

re: Google Warning: Tens Of Millions Of Android Phones Come Preloaded With Dangerous Malware
Don't buy cheap phones?

quote:

The risk impacts Android’s Open-Source Project (AOSP), a lower-cost alternative to the full-fat version. AOSP is installed on lower-cost smartphones where cheaper software alternatives help keep prices down. This means owners of Android-badged devices from the likes of Samsung and Google itself are safe from this particular risk.


Replies (0)
Replies (0)
83
tlsu15
LSU Fan
Capital of Texas
Member since Aug 2011
7179 posts

re: Google Warning: Tens Of Millions Of Android Phones Come Preloaded With Dangerous Malware
People shite on Apple because they have premium pricing, but they've never had shite like this happen.

Although I don't see this at Google's fault at all. It's the manufacturers.


awestruck
Auburn Fan
outdoors
Member since Jan 2015
4488 posts

re: Google Warning: Tens Of Millions Of Android Phones Come Preloaded With Dangerous Malware
Google, they just be jealous at the thought of someone else harvesting your data.


gobuxgo5
Member since Nov 2012
6292 posts

re: Google Warning: Tens Of Millions Of Android Phones Come Preloaded With Dangerous Malware
Apple owners laughing they asses off


umop_apisdn
Member since Sep 2017
3133 posts

re: Google Warning: Tens Of Millions Of Android Phones Come Preloaded With Dangerous Malware
Tens of millions?

Guarantee this article was posted by an iPhone bot.


IllegalPete
USA Fan
Front Range
Member since Oct 2017
6980 posts

re: Google Warning: Tens Of Millions Of Android Phones Come Preloaded With Dangerous Malware
quote:

Guarantee this article was posted by an iPhone bot.


The article showed up on my phone's news feed yesterday and caught my attention since I use a Pixel. As soon as I got to the paragraph about it only affecting burner phones I X'd out.

Clickbait, typical Forbes.
This post was edited on 8/11 at 2:48 pm


Replies (0)
Replies (0)
80
Korkstand
LSU Fan
Plaquemine, LA
Member since Nov 2003
16057 posts

re: Google Warning: Tens Of Millions Of Android Phones Come Preloaded With Dangerous Malware
quote:

Apple owners laughing they asses off

Keep laughing


jmcwhrter
Member since Nov 2012
1443 posts

re: Google Warning: Tens Of Millions Of Android Phones Come Preloaded With Dangerous Malware
In today's world, this translates to:

"Cheap android phones dont have our Google data harvesting software so dont use them. They will make your dick shrink like Yellow-5"


Replies (0)
Replies (0)
31
CarRamrod
USA Fan
Spurbury, VT
Member since Dec 2006
48887 posts

re: Google Warning: Tens Of Millions Of Android Phones Come Preloaded With Dangerous Malware
quote:

People shite on Apple because they have premium pricing, but they've never had shite like this happen.
look at the retard.


TD SponsorTD Fan
USA
Member since 2001
Thank you for supporting our sponsors
Advertisement
TigerGman
LSU Fan
Center of the Universe
Member since Sep 2006
8035 posts

re: Google Warning: Tens Of Millions Of Android Phones Come Preloaded With Dangerous Malware
quote:

look at the retard.



Apple puts out iPhones with Malware installed? Do tell..



CarRamrod
USA Fan
Spurbury, VT
Member since Dec 2006
48887 posts

re: Google Warning: Tens Of Millions Of Android Phones Come Preloaded With Dangerous Malware
Do you really want to go down this road?


TigerGman
LSU Fan
Center of the Universe
Member since Sep 2006
8035 posts

re: Google Warning: Tens Of Millions Of Android Phones Come Preloaded With Dangerous Malware
quote:

Do you really want to go down this road?


Sure. Take your best shot.


CarRamrod
USA Fan
Spurbury, VT
Member since Dec 2006
48887 posts

re: Google Warning: Tens Of Millions Of Android Phones Come Preloaded With Dangerous Malware
do you even read threads you post in?


SG_Geaux
LSU Fan
Googolplex Posts
Member since Aug 2004
67084 posts

re: Google Warning: Tens Of Millions Of Android Phones Come Preloaded With Dangerous Malware
quote:

quote:
Apple owners laughing they asses off

Keep laughing






Replies (0)
Replies (0)
51
TigerGman
LSU Fan
Center of the Universe
Member since Sep 2006
8035 posts

re: Google Warning: Tens Of Millions Of Android Phones Come Preloaded With Dangerous Malware
quote:

do you even read threads you post in?


I'll take that as a no they haven't.

Thanks.


Replies (0)
Replies (0)
12
Dam Guide
New Orleans Saints Fan
Nooga
Member since Sep 2005
11912 posts

re: Google Warning: Tens Of Millions Of Android Phones Come Preloaded With Dangerous Malware
quote:

Keep laughing


It has little chance of ever doing anything besides being at a DEFCON now. Apple's closed system for better and worse allows them complete control of any app on the market. You need to get an app on the market and now that they know to look at anything accessing the contacts app, it's pretty much dead in the water.


This thread is addressing something that is effecting phones in the wild.
This post was edited on 8/12 at 12:31 pm


QuackerBacker
Oregon Fan
Portland
Member since Oct 2013
341 posts

re: Google Warning: Tens Of Millions Of Android Phones Come Preloaded With Dangerous Malware
you can smell the desperation of the apple fanboys in here


Replies (0)
Replies (0)
82
TexasTiger39
Member since Mar 2009
3576 posts

re: Google Warning: Tens Of Millions Of Android Phones Come Preloaded With Dangerous Malware
If you believe the two largest phone operating systems haven't been subjected to several security breaches a day for the past decade, you are naive at best.

Both Apple and Android have security breaches in the form of hacking, malware, etc. all the time. And FYI, they will continue to have breaches.

Another pro tip: Both windows and MacOS have security breaches via malware, hackings, and viruses.
This post was edited on 8/12 at 12:51 pm


TigerGman
LSU Fan
Center of the Universe
Member since Sep 2006
8035 posts

re: Google Warning: Tens Of Millions Of Android Phones Come Preloaded With Dangerous Malware
quote:

If you believe the two largest phone operating systems haven't been subjected to several security breaches a day for the past decade, you are naive at best.



Thought we were talking about phones coming pre installed with Malware...


Replies (0)
Replies (0)
01
first pageprev pagePage 1 of 2next pagelast page

Back to top

logoFollow TigerDroppings for LSU Football News
Follow us on Twitter, Facebook and Instagram to get the latest updates on LSU Football and Recruiting.

FacebookTwitterInstagram