Stories
Slash Boxes
Comments

SoylentNews is people

Phones for Low-Income Users Hacked Before They're Turned On, Research Finds

posted by martyb on Tuesday September 08 2020, @04:13AM   Printer-friendly
from the big-spenders? dept.

upstart writes in with an IRC submission for nutherguy:

Phones for low-income users hacked before they're turned on, research finds:

Rameez Anwar's phone had serious problems. The device, paid for by the federally funded Lifeline program for low-income people, was overrun with pop-up ads that made it unusable. Despite multiple factory resets, the problem wouldn't go away.

"As soon as it detected internet," Anwar said, "it started doing the pop-ups."

[...] Anwar, who says he's tinkered with computers since childhood, suspected the phone had come with malware installed. So he sent it to Nathan Collier, a researcher at Malwarebytes.

Collier confirmed Anwar's hunch: The phone's settings and update apps contained code that allowed them to load malicious apps known as adware. The adware displayed ads that covered users' screens, no matter what they were doing on their phones.

[...] Evidence suggests pre-installed malware plagues inexpensive phones around the world. Earlier this year, Collier found pre-installed malware, a broad range of disruptive or dangerous apps, on a phone made by Unimax and distributed by the Lifeline program. Collier says he frequently sees similar malware on cheap phones outside the Lifeline program. A BuzzFeed investigation found inexpensive phones popular in African countries had similar problems.

Unimax said in a statement in January that it had created a security patch to fix a vulnerability in its settings app. However, it disagreed with Malwarebytes that the vulnerability in the app qualified as "malware." American Network Solutions couldn't be reached for comment.

When looking at Anwar's phone, Collier found the settings app and the update app could covertly install third-party software on the user's phone. Users can't uninstall either app without making the devices unusable.

Collier found a way to turn off the malcious code without completely uninstalling the apps, but it requires users to connect their phones to a laptop and run specialty software. For people in the Lifeline program, a laptop might not be available, and the instructions might be challenging for people without training.

[...] Collier found the update app was installing four different versions of adware, which may be why Anwar found the ads overwhelmed his device completely.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Phones for Low-Income Users Hacked Before They're Turned On, Research Finds | Log In/Create an Account | Top | 19 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.