These Android phones have security defects out of the box, researchers say


  • &roid
  • Sunday, 19 Aug 2018

At least 25 Android smartphone models — 11 of which are sold by major U.S. carriers — carry vulnerabilities out of the box, making them easy prey for hackers, according to a new study from security researchers. (Google)

At least 25 Android smartphone models – 11 of which are sold by major US carriers – carry vulnerabilities out of the box, making them easy prey for hackers, according to a new study from security researchers. 

Researchers from the firm Kryptowire found 38 vulnerabilities in 25 Android phones, according to Wired. They range from being able to lock someone out of their device to gaining unapproved and secret access to the smartphone's microphone. 

Ryan Johnson, Kryptowire's director of research, and Angelos Stavrou, the company's CEO, disclosed their findings recently at the Black Hat security conference in Las Vegas, according to Wired. Kryptowire's research was partially funded by the Department of Homeland Security. 

The 11 Android phones listed by Kryptowire as vulnerable and popular in the United States are a mix of foreign manufacturers – such as China-based ZTE, Taiwan-based Asus and South Korea-based LG – and American phone manufacturers, such as Palo Alto-based Essential, which was founded by Andy Rubin, the creator of Android. 

Once hackers exploit the pre-set vulnerabilities in the Android phones, they can track every move and turn the phone into a surveillance tool to collect information on its owner, according to CNET, which also reported on the study. Hackers could record screens, take screenshots, do a factory reset on a device, and potentially get logs of what the owner is typing, reading and contacting. 

The vulnerabilities largely occurred after manufacturers tinkered with the open Android operating system to their liking and didn't consider security issues as a byproduct, according to Wired. 

“All of these are vulnerabilities that are prepositioned,” said Stavrou, according to CNET. “That's important because consumers think they're only exposed if they download something that's bad.” 

Kryptowire alerted the smartphone companies of the vulnerabilities before the presentation, and the firms have taken a varied range of actions since. Essential said they patched the vulnerabilities soon after they were informed, and LG, ZTE and Asus have patched some of the bugs and are continuing to fix the issues, according to CNET. – The San Jose Mercury News/Tribune News Service

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 1
Cxense type: free
User access status: 3
Subscribe now to our Premium Plan for an ad-free and unlimited reading experience!

Android

   

Next In Tech News

Meta launches AI software tools to help speed up work - Blog
Apple loses second bid to challenge Qualcomm patents at U.S. Supreme Court
Scammers target S’pore Prime Minister in fake email scam
Man in SG arrested after S$11,200 is lost in refund scam involving mobile phones and tablets
Supreme Court to scrutinize U.S. protections for social media
Phone alerts responders after car hits tree, killing all six
Ferrari says internal documents online, but no evidence of cyber attack
Italian court scraps antitrust fine on Apple and Amazon
Mobile phone critic Pope Francis meets Apple chief Tim Cook
Work-from-home or return to the office? A rift is emerging among US workers�

Others Also Read