Computer Security Android Phones are being Shipped with Pre-Installed...
android malware

Security researchers have just uncovered a massive supply chain attack affecting millions of Android devices, which is quite concerning. The attack targets various smart devices, including budget smartphones, smartwatches, smart TVs, etc. It appears that the problem is being created by the intense competition among original equipment manufacturers (OEMs).

During their investigation, the researchers highlighted the issue at a conference held in Singapore. They traced the root cause of this problem to fierce competition among original equipment manufacturers (OEMs).

Manufacturers are not the culprit

Interestingly, smartphone manufacturers do not produce all the components themselves. One crucial component, the firmware, is often outsourced to third-party suppliers. However, due to the decreasing prices of mobile phone firmware, these suppliers found it difficult to monetize their products.

Consequently, the researchers discovered that some firmware images came with additional, unwanted elements called "silent plugins." They identified "dozens" of firmware images containing threatening software, or malware, and identified around 80 different plugins. Some of these plugins were part of a larger "business model" and were sold on Dark Web forums and advertised on mainstream social media platforms and blogs.

Malicious plugins may be the root of the attack

The plugins discovered in this supply chain attack possess various capabilities that severely threaten the affected devices. They have the ability to collect sensitive information, such as personal data, and gain unauthorized access to SMS messages. Additionally, these malicious plugins can take control of social media accounts, exploit devices for ad and click fraud, manipulate Internet traffic and much more. The range of harmful activities enabled by these plugins is extensive.

One particularly concerning plugin highlighted by the researchers grants the buyer complete control over a device for up to five minutes. This means that the attackers could utilize the compromised device as an "exit node" to carry out their threatening activities.

The data they have gathered indicates that nearly nine million devices worldwide have been impacted by this supply chain attack. The majority of affected devices are concentrated in Southeast Asia and Eastern Europe. While the researchers did not explicitly name the culprits behind the malware attack, references to China were made several times, leading the publication to draw its own conclusions.