Monday, November 21, 2016

Three Million Android Smartphones Infected with Dangerous Rootkit

After the recent report about the Adups malware which is to be found on hundreds of millions of devices, literally, including stuff from the Internet of Things (like your refrigerator), today we just got word that three million Android smartphones worldwide are shipped with a Rootkit/Backdoor pre-installed.
Yes, these are more bad news for Android users, indeed, but it’s better to stay informed, don’t you think? According to today’s report from BitSight, an internet security company, a number of cheap Android running devices, three millions of them give or take, are vulnerable to a man-in-the-middle type of attack due to a vulnerability in the implementation of the OTA mechanism, which is common in low-cost droids.

The vulnerability is associated with a Chinese company, Ragentek Group, which allows hackers to execute code with admin/root privileges by remote, thus getting full access to the respective droid. The OTA flow runs under the designated CVE-2016-6564 moniker and here’s a list of affected Android smartphones so far:
  • BLU Studio G
  • BLU Studio G Plus
  • BLU Studio 6.0 HD
  • BLU Studio X
  • BLU Studio X Plus
  • BLU Studio C HD
  • Infinix Hot X507
  • Infinix Hot 2 X510
  • Infinix Zero X506
  • Infinix Zero 2 X509
  • DOOGEE Voyager 2 DG310
  • LEAGOO Lead 5
  • LEAGOO Lead 6
  • LEAGOO Lead 3i
  • LEAGOO Lead 2S
  • LEAGOO Alfa 6
  • IKU Colorful K45i
  • Beeline Pro 2
  • XOLO Cube 5.0
As I am writing this piece, only BLU released a software update that addresses the respective vulnerability. The three million affected droids are mainly in the United States, as they are available through BestBuy boasting affordable price tags.
According to the report from BitSight, 55 Android devices (as in smartphone-models) attended to “leak” stolen user data via 2 internet sink holes, of which 26% were manufactured by BLU, 11% by Infinix and 8% by Doogee.

0 comments:

Post a Comment