SoylentNews is people
SoylentNews
Phones for low-income users hacked before they're turned on, research finds:
Rameez Anwar's phone had serious problems. The device, paid for by the federally funded Lifeline program for low-income people, was overrun with pop-up ads that made it unusable. Despite multiple factory resets, the problem wouldn't go away.
"As soon as it detected internet," Anwar said, "it started doing the pop-ups."
[...] Anwar, who says he's tinkered with computers since childhood, suspected the phone had come with malware installed. So he sent it to Nathan Collier, a researcher at Malwarebytes.
Collier confirmed Anwar's hunch: The phone's settings and update apps contained code that allowed them to load malicious apps known as adware. The adware displayed ads that covered users' screens, no matter what they were doing on their phones.
[...] Evidence suggests pre-installed malware plagues inexpensive phones around the world. Earlier this year, Collier found pre-installed malware, a broad range of disruptive or dangerous apps, on a phone made by Unimax and distributed by the Lifeline program. Collier says he frequently sees similar malware on cheap phones outside the Lifeline program. A BuzzFeed investigation found inexpensive phones popular in African countries had similar problems.
Unimax said in a statement in January that it had created a security patch to fix a vulnerability in its settings app. However, it disagreed with Malwarebytes that the vulnerability in the app qualified as "malware." American Network Solutions couldn't be reached for comment.
When looking at Anwar's phone, Collier found the settings app and the update app could covertly install third-party software on the user's phone. Users can't uninstall either app without making the devices unusable.
Collier found a way to turn off the malcious code without completely uninstalling the apps, but it requires users to connect their phones to a laptop and run specialty software. For people in the Lifeline program, a laptop might not be available, and the instructions might be challenging for people without training.
[...] Collier found the update app was installing four different versions of adware, which may be why Anwar found the ads overwhelmed his device completely.
(Score: 2) by Mojibake Tengu on Tuesday September 08 2020, @07:42AM (1 child)
Never connect such devices to internet, whatever internet means for you.
Use it for phone calls only. That's the simple option.
My guess on mechanics: when connecting to network, a control web page for provider's VPN gateway pops up, pooping ads.
This may be done on any platform by anyone who controls the network and DNS, and proper web login is required for full access to network.
Thus, removal of this mechanism renders the device unusable for networking to particular provider.
However, the real problem is smart phones as such, an absurd contraption as a composition of computer and phone where the computer part of a device cannot be controlled by user completely.
In a world manageable by users, all kind of connectivity should be done by a separable peripheral.
The edge of 太玄 cannot be defined, for it is beyond every aspect of design
(Score: 2) by HiThere on Tuesday September 08 2020, @01:58PM
You don't always have an option. My phone, not a lifeline, but also not something I attend to much, has internet capability, which I never wanted and never intentionally enabled. But it *has* been enabled. Sometime messages from my doctor require internet access, and they open it. This makes it basically unusable, as the phone keypad is unusably small. So far I can phone the doctor, and handle things that way, but...
It is clear that internet access will soon be a mandatory feature. Not because it has to be, but because businesses find it more convenient. I'm wondering how I could hook up a standard keyboard to the phone...this will probably require enabling Bluetooth and buying another keypad. Were I operating on a tight budget, things would be a lot more difficult.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.