In a recent publication by Check Point Mobile threat research team the company claims that over 36-plus high-end Android smartphones are compromised. These devices ranging from brands such as Samsung, LG, Xiaomi, ASUS, Nexus, Oppo to Lenovo were all found to be carrying malware on them. What is surprising is that the malware was not downloaded but came pre-installed on these devices.
The malware identified after a Check Point scan were: Loki and SLocker. Further analysis by the researchers claim that the malware was not part of the official ROM supplied by the vendor but rather injected somewhere in the supply chain. But in six instances these were added by a malicious third-party entity to the device’s ROM through system privileges. All in all the level of malware integration meant that to remove the infection, one has to flash the device. For a comprehensive list of infections per device and the identified devices, find them in this post on Check Point’s blog.
The two major malware isolated by the security firm are: Loki, identified in February 2016, a Trojan that injects itself inside core Android operation processes to gain root privileges. From here it behaves like a spyware, gathering data like the list of installed applications, browser history, contact list details, call history and location data of the device. SLockeris a ransomware that annexes control and locks of the device from the user until they pay a ransom to unlock it. To protect its users from being tracked, it uses the Tor network to throw off any trace attempts.
The malware presence on the ROM of the device itself means that malicious third-party entities are offered an easy backdoor access to these devices. Which allows them to further infect and compromise a device, delete and steal user data, disabling secure functions and much more. The level of integration also highlights the problems of an untrusted supply chain and experts in the field are rightly worried about the security of the ecosystem with over 20 incidents in the past where retailers and third-party’s have managed to pre-install malware on Android handset before they end up in the hands of the end-user.
This is not the first time that high-end smartphones have been compromised or being found running malicious shadow apps out of the box, endangering users, their data and privacy. Although the real tragedy here is the method of removing these vulnerabilities, which is to either root one’s device or to get it flashed with a clean ROM / firmware which may require the user to carry the device to an authorised service centre.
Follow us on our Social Media to know the latest in the world of Android and do share what you think about such vulnerabilities.