SoylentNews is people
SoylentNews
A commercial malware scanner used by businesses has recently detected an outbreak of malware that came preinstalled on more than three dozen Android devices.
An assortment of malware was found on 38 Android devices belonging to two unidentified companies. This is according to a blog post published Friday by Check Point Software Technologies, maker of a mobile threat prevention app. The malicious apps weren't part of the official ROM firmware supplied by the phone manufacturers but were added later somewhere along the supply chain. In six of the cases, the malware was installed to the ROM using system privileges, a technique that requires the firmware to be completely reinstalled for the phone to be disinfected.
"This finding proves that, even if a user is extremely careful, never clicks a malicious link, or downloads a fishy app, he can still be infected by malware without even knowing it," Check Point Mobile Threat Researcher Daniel Padon told Ars. "This should be a concern for all mobile users."
Most of the malicious apps were info stealers and programs that displayed ads on the phones. One malicious ad-display app, dubbed "Loki," gains powerful system privileges on the devices it infects. Another app was a mobile ransomware title known as "Slocker," which uses Tor to conceal the identity of its operators.
The infected devices included:
- Galaxy Note 2
- LG G4
- Galaxy S7
- Galaxy S4
- Galaxy Note 4
- Galaxy Note 5
- Galaxy Note 8
- Xiaomi Mi 4i
- Galaxy A5
- ZTE x500
- Galaxy Note 3
- Galaxy Note Edge
- Galaxy Tab S2
- Galaxy Tab 2
- Oppo N3
- vivo X6 plus
Nexus 5[Removed in updated list.]Nexus 5X[Removed in updated list.]- Asus Zenfone 2
- LenovoS90
- OppoR7 plus
- Xiaomi Redmi
- Lenovo A850
Check Point didn't disclose the names of the companies that owned the infected phones.
Source: ArsTechnica
(Score: 0) by Anonymous Coward on Tuesday March 14 2017, @03:45AM (2 children)
Well, let's see: It's probably not the OEMs or the problem would be widespread rather than generally limited to a couple of companies. It's probably not the carriers or the problem would be widespread rather than generally limited to a couple of companies. Odds are, then, it's something injected in transit, targeting those companies.
Who do we have documented evidence of intercepting computers equipment in transit, manipulating/infecting it, then setting it on its way? Let's see, it's a three-letter name, belongs to an increasingly-fascist country...
(Score: 2, Insightful) by anubi on Tuesday March 14 2017, @06:36AM
If anything, we need some mechanism to read and make a digest of the operating system so we can verify its a OEM load.
When I was first coming online with PC's, BIOS was usually shipped in a pair of UV-EPROMS ( i.e. 27128 and up ), which were programmed using a high voltage on a special EPROM writer. The high voltage required to program the part was not available on the EPROM socket on the motherboard. It was very common to identify the parts by their checksum, as one was the "LOW" byte, and the other one was the "HIGH" byte. I thought these were quite secure and could be trusted. Not only that, I was actually made privy to the source code in them... matter of fact the standard IBM BIOS Source Code was printed in the "IBM AT Technical Reference" binder, along with all the schematics of the hardware. Just about like an Arduino documentation package - but quite a bit more sophisticated.
I was sure hoping it would stay that way, as I knew no matter what happened to the software, the BIOS could not be corrupted. Even if you did suspect your BIOS, it could be accessed from hardware and you could checksum it to see what you had - with a program you probably wrote yourself... in assembler. Or, lacking that, a bunch of DEF SEG's, and PEEK loops in GWBASIC would do in a pinch.
( IIRC, the ROM BIOS was at (F000:C000) at the upper address space of the PC, which was why we had a "hole" in the address space between 640K and 1MB. "A Megabyte of memory should be enough for Anyone" did not last for long. Soon thereafter, 16MB, then it seemed the sky was the limit.)
I sure liked the way we used to start up a machine, with a hardware reset vector that went to a predefined address and started executing from there. It was completely neutral and verifiable as to exactly what the machine was to execute upon startup ( which was usually a loader to bootstrap in the operating system, but if you wanted the whole machine to do nothing but "hello-world" like an Arduino upon power-up, that was fine, too. ) And, given an EEPROM programmer, a decent primer on how to write assembler for a machine consisting of nothing but hardware.
But things did not stay that simple for long. When I saw the first flash-based boot BIOS coming out, I knew right then and there we were in trouble.
Seemed all the copyright people got so worked up trying to keep some kid from sharing some song that they have taken steps to work with Congress to insure the ignorance of the masses to how this stuff works. The deluge of malware that no-one seems to understand sure seems to prove my point. Its almost like a bunch of firemen setting fires so they can get paid to put them out, starting more fires elsewhere while on the way to put the current crop out to guarantee future employment.
While our Congress sits around with that shit-eating grin on their face, shaking the hands of lobbyists pushing this crap on us.
I want so much for our stuff to be public to the extent we can know what is in it. Personally, I would lobby for Congress to consider anything not revealed to be a "trade secret", and as such, not coverable by either patent or copyright.
I wish there was some physical switch on the phone which would reconfigure the USB port to HOST, and place USB at the top of the BOOT order.... so that the contents of the phone's operating system could be verified, or updated, via USB files *By The Owner of the Phone*. Not this sneaky behind your back when it finds an open connection to the internet kind of thing. If this thing is going to be writable, I would love to be able to back up a known trusted copy , as well as have a known trusted copy of a completely independent file verifier to vet the phone's code.
If I want to update my phone or install an app, let me visit the phone's manufacturer and get the new program load as a file. Have SHA and MD5 digests provided so one can vet his file. Download to phone. If you are still concerned, boot the phone on trusted USB stick ( which can be vetted on other machines ) and have it vet the contents of the phone's memory without running the phone's OS.
All this "background updating" has gotten so out of hand one would be hard pressed to tell if anything streaming through the back door is legitimate or not.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 3, Insightful) by goody on Tuesday March 14 2017, @02:53PM
Riiiiight. The US government is intercepting truckloads of equipment, opening each box up, reprogramming each phone with fairly easily detected malware written by third parties, repackaging without any signs of tampering, and sending them on their way, and of the hundreds or thousands of employees necessary to pull this off, each one is keeping quiet about the whole operation. A more plausible explanation is that it's just crappy supply chain company operations with poor practices and lousy quality control.