Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: Android ROMs "Shock Horror" Claim  (Read 599 times)

Weaver

  • Kitizen
  • ****
  • Posts: 4004
  • Retd sw dev; A&A; 3 ◊ 7km ADSL2; IPv6; Firebrick
Logged

Chrysalis

  • Content Team
  • Kitizen
  • *
  • Posts: 4951
Re: Android ROMs "Shock Horror" Claim
« Reply #1 on: March 14, 2017, 10:40:11 PM »

no surprise at all.

EE did something similar, when I posted about it on digitalspy I got slammed by EE fans but I considered it a rootkit.

On my S5 EE supplied phone I got about 2.5 years ago it came with a firmware embedded code which communicated with a driver preinstalled on the rom and would call back to EE at intervals, it also kept forcing auto sync to enabled in the settings.
Logged
Sky Fiber Pro - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab

sevenlayermuddle

  • Helpful
  • Kitizen
  • *
  • Posts: 3276
Re: Android ROMs "Shock Horror" Claim
« Reply #2 on: March 15, 2017, 12:14:30 AM »

I'm afraid Android (or at least, Android distributors and manufacturers) vulnerabilities and exploits are so commonplace they are just not 'news' anymore. :(

Personally, that state of affairs stops me even buying an Android TV let alone a phone.
Logged

NEXUS2345

  • Reg Member
  • ***
  • Posts: 226
Re: Android ROMs "Shock Horror" Claim
« Reply #3 on: March 15, 2017, 12:35:29 AM »

Security on Android vs iOS is essentially the same argument as Windows vs macOS. Because there are a lot more Android phones out there, wrongdoers target them more often. The only real way to guarantee you are going to get decent security is to buy an Android device from either Google or Blackberry at this point. Anti-malware software does help a lot, and isn't very obtrusive, plus Google are doing their best on the play store to ensure it is free from malware, just today purging a large number of adfraud apps.

With regards to this, we should really have expected this. As people resell the phones they gain the access needed to preload malware, so there isn't really much we can do to prevent it. The best solution to this problem is to just buy from the OEM.

With regards to the S5 you had Chrysalis, I am afraid that is more Samsung's doing than Android itself. Samsung allowed EE to preload the code, whereas manufacturers like Google outright refuse to let them near it unless it is simply for testing. This is something that has happened since the first Android phones were released. The only way to avoid it is to buy handsets that are known to be free from it, or to buy unlocked handsets from the OEM. Samsung aren't the only guilty ones, Sony, LG, HTC, all of them allow it. Only Google have made a stand against it so far on the Android front.

Edit: It is also worth noting that threatpost article is outdated. Checkpoint clarified and removed the Nexus 5 and 5X from the list. Source: http://blog.checkpoint.com/2017/03/10/preinstalled-malware-targeting-mobile-users/
Logged
Zen ADSL2+ | HG612 + TP-Link C2600 | Awaiting FTTC (build in progress)

Chrysalis

  • Content Team
  • Kitizen
  • *
  • Posts: 4951
Re: Android ROMs "Shock Horror" Claim
« Reply #4 on: March 15, 2017, 01:50:00 AM »

I didnt point the blame at anyone but just said what happened.

The way android started sadly has invited these problems.

Too much control given to dev's.
Carriers control distribution of updates.

However google seem to be now trying to fix things albeit at a slow pace.

Samsung e.g. now have a security updater on their phones, sadly carriers can opt out and some do, there is a thread on EE forums from angry S6 owners about these updates not been passed on.  But at least this is some kind of progress.
Also google have changed the permissions system for apps, it used to be that you had to accept all the permissons an app requested to install it, now it will install without approval, and if the app tries to use a specific function such as accessing your contacts you can deny the action and the app still runs unless its programmed to throw a fit with the denied request.  This is a nice improvement so google are learning at least.

There is also a hidden very powerful APPOPS api, which allows you to add all sorts of restrictions to what apps can do.

Rooting phones however is a bit of a hit and miss for security, by rooting a phone you can lock things down further e.g. denying internet access to certian apps you dont trust with internet access, but at the same time it also gives the potential for a rogue app to gain root privileges.  Of course rooting phones is not supported by google or any of the vendors.
Logged
Sky Fiber Pro - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab

Weaver

  • Kitizen
  • ****
  • Posts: 4004
  • Retd sw dev; A&A; 3 ◊ 7km ADSL2; IPv6; Firebrick
Re: Android ROMs "Shock Horror" Claim
« Reply #5 on: March 15, 2017, 04:36:14 AM »

I have one Android device, an ancient Sony Walkperson thingy which has no comms capability. I of course would never consider buying one, probably not even if it came from Google, although possibly a Blackberry one as I have always used Blackberry and loved their Z10 QNX OS. Sadly missed, miserable defeatists. (I presume that they have now lost many of the good people in disgust.)
Logged

j0hn

  • Reg Member
  • ***
  • Posts: 994
Re: Android ROMs "Shock Horror" Claim
« Reply #6 on: March 15, 2017, 05:04:45 AM »

The important part of that article being
Quote
The malware was added to the devices before they were in the usersí hands, and were not part of the vendorís original ROM.
That's not Androids fault. Any Open source software can be manipulated. That's like buying a car and complaining the dealer you bought it from put the wrong tyres on it. Be more careful where you buy your car.

If you buy a device from a reputable supplier and from a reputable retailer then you have nothing to worry about. I've owned about a dozen android devices and the only 1 I've had any problem with was an unbranded tablet off EBay.

There was a bunch of Lenovo laptops running Windows that came preinstalled with malware. That's not Windows fault though. There's nothing to stop malicious sellers jailbreaking iPhones and selling them with malicious software preinstalled.
Logged
BT FTTC 55/10 ECI Huawei Cab - Zyxel VMG1312-B10A bridge mode + Asus RT-AC68U running Asuswrt-Merlin - minted on MDWS via DslStats

Weaver

  • Kitizen
  • ****
  • Posts: 4004
  • Retd sw dev; A&A; 3 ◊ 7km ADSL2; IPv6; Firebrick
Re: Android ROMs "Shock Horror" Claim
« Reply #7 on: March 15, 2017, 06:09:37 AM »

@j0hn - I didn't know that about Lenovo. I've bought dozens of their machines but never used an OEM windows installation, always completely nuked the HD or more often fitted a new one and installed off genuine Microsoft retail media. Do you know whether or not the evil was in Lenovo ROMs? (If that would give them the capabilities that the evil-doers wanted.)
Logged

j0hn

  • Reg Member
  • ***
  • Posts: 994
Re: Android ROMs "Shock Horror" Claim
« Reply #8 on: March 15, 2017, 07:15:42 AM »

https://www.cnet.com/uk/news/superfish-torments-lenovo-owners-with-more-than-adware/
Likewise, I always install a fresh copy of Windows with the latest updates bundled in.
Similar with Android phone i usually root them and remove any bloatware. My Samsung S5 being the only device I haven't rooted for warranty reasons. Glad I didn't as the fingerprint scanner recently packed in. Samsung service centre in Edinburgh replaced the button within an hour.
« Last Edit: March 15, 2017, 07:19:11 AM by j0hn »
Logged
BT FTTC 55/10 ECI Huawei Cab - Zyxel VMG1312-B10A bridge mode + Asus RT-AC68U running Asuswrt-Merlin - minted on MDWS via DslStats

Weaver

  • Kitizen
  • ****
  • Posts: 4004
  • Retd sw dev; A&A; 3 ◊ 7km ADSL2; IPv6; Firebrick
Re: Android ROMs "Shock Horror" Claim
« Reply #9 on: March 15, 2017, 01:13:07 PM »

So it wasn't in the ROM then. It's a Windows malicious bloat-ware thing. That Lenovo things is an absolute utter bloody disgrace, and Lenovo should be given a complete spanking and the company should be prosecuted, with jail time for the guilty or clueless. There is absolutely no excuse for not knowing exactly what the bloody hell they are shipping with those machines.

As I said earlier, even though I have Lenovo boxen myself, and have supplied them to my customers, all installations are clean, and my customers always used to get virgin top quality new hard disks or SSDs fitted in the machines. I buy the best quality hard disks that I can get, with long warranties, not whatever Lenovo can get cheapest in volume. And I always used to buy the smallest amount of RAM possible and upgrade it massively myself with top quality Crucial fast sticks, much cheaper that way anyway. If I could save my customer some money then I would, but it was always quality first even if that meant that the price went up. In fact the OEM HD was kept untouched and left in a drawer, so that if the customer's machine needed to go back to Lenovo for repair, the customer's working HD does not go back to the repair centre to be snooped through or tampered with or ruined - the original hd goes back in the box instead. When the machine would eventually get resold one day, the new buyer would get that virgin OEM installation put back into the machine, so that increased the saleability of it as the buyer would then get a machine that worked immediately and the customer would be protected from data leakage. All in the past now as I have been forcibly retired for a long time.
« Last Edit: March 15, 2017, 01:29:35 PM by Weaver »
Logged