SUMMARY
This is AI generated summarization, which may have errors. For context, always refer to the full article.
MANILA, Philippines – A new report from mobile security firm, Kryptowire, claims that millions of Android devices ship with preloaded security vulnerabilities that are just waiting to be exploited.
According to Wired, who received an early copy of the report, Kryptowire found firmware bugs in 10 different devices sold by major American carriers. This means millions of similar devices manufactured by companies that include Asus, LG, Essential, and ZTE could also be affected.
The bugs and security flaws could for instance let an attacker lock people out of their devices or take control of their microphones. Most of the attacks, however, reportedly required the user to download a certain malicious app before the security lapses become exploitable.
Kryptowire explains that these vulnerabilities are a byproduct of Android’s open operating system that allows third-party companies such as device manufacturers and carriers to tweak code.
While there’s essentially nothing wrong with having a variety of Android operating systems, the researchers point out that the modifications delay security updates and creates bugs that put user security at risk.
“The problem is not going to go away, because a lot of the people in the supply chain want to be able to add their own applications, customize, add their own code,” Angelos Stavrou, CEO of Kryptowire said. “That increases the attack surface, and increases the probability of software error.”
Essential, ZTE, Asus, and LG have all responded to Wired saying that they are rolling out patches to fix the vulnerabilities. Despite these efforts, Stavrou thinks it’ll take too long to fix the problem with patches needing to pass multiple tests.
“It’s so deep in the system that the consumer might not be able to tell that it’s there. Or even if they did, they have no recourse other than waiting for the manufacturer, or the carrier, or whoever is updating the firmware to do so,” he added.
This batch of findings is said to be the first of many that the firm will eventually share with the public. They recently presented their research which is funded by the US Department of Homeland Security at Black Hat USA, a conference that briefs corporations and government agencies on computer security. – Rappler.com
Add a comment
How does this make you feel?
There are no comments yet. Add your comment to start the conversation.