New Android devices sold with pre-installed malware
Posted on 05.03.2014
A wide range of smartphones and tablets manufactured by Samsung, Motorola, Asus and LG Electronics have apparently been compromised with malicious apps before being sold to unsuspecting clients.

The claim has been made by David Jevans, founder and CTO of Marble Security, who discovered the problem after a potential customer complained that the company's mobile security management platform detected Netflix apps on several of its employees' devices as malicious.

As it turned out, they were malicious, and were harvesting passwords and financial information and sending it to a server in Russia. The company claimed the apps were already installed on the devices when they bought them," Jevans told Jeremy Kirk.

This claim spurred him to inspect devices from its other customers, and he again found many instances of fake and malicious Netflix apps, many of which they believed were pre-installed before the devices were sold to their customers.

Among the compromised devices were popular Samsung Galaxy Note phones and tablets, Galaxy 3 and 4 phones, Asus tablets, LG's Nexus S phone, and several Motorola's Droid phones.

When contacted, Samsung confirmed that Samsung or US carrier partners don't install a Netflix app on the devices before selling them. The other companies are yet to comment on the findings.

Unfortunately, Jevans didn't share the identity of the companies that sold the affected devices to their customers, but chances are they are either unknowingly pre-installing the phones and tablets with an application bundle that was not checked for malware, or are selling on refurbished phones that already contain them.

But this discovery just goes to show how dangerous weaknesses in electronics supply chains are in this day and age, and that security checks are needed every step of the way.









Spotlight

Emerging cloud threats and how to address them

Posted on 15 September 2014.  |  Public and community clouds can be appealing targets for hackers looking to disrupt or steal information from scores of organizations with one successful strike. Here are some emerging security threats and issues cloud providers and their clients should be aware of.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Sep 16th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //