Second Chinese Firm in a Week Found Hiding Backdoor in Firmware of Android Devices

Found on Bleeping Computer on Sunday, 20 November 2016

Security researchers have discovered that third-party firmware included with over 2.8 million low-end Android smartphones allows attackers to compromise Over-the-Air (OTA) update operations and execute commands on the target's phone with root privileges.

The binary responsible for the firmware OTA update operations also includes code to hide its presence from the Android OS, along with two other binaries and their processes. A developer looking at active Android processes won't be able to tell when there's an update coming to his phone.

That's why core components, like firmware, has to be open source and needs to be distributed via an independant managed network where a group from various nations release the binaries and source.

Browse all articles« Previous « » Next »