Tag Archive for: PreLoaded

Android TV Boxes Sold on Amazon Come Pre-Loaded with Malware

/in


Certain Android TV Box models from manufacturers AllWinner and RockChip, available for purchase on Amazon, come pre-loaded with malware from the BianLian family, a variant of which we investigated last year. The malware, discovered by security researcher Daniel Milisic, adds your smart set-top box to a botnet for initiating coordinated attacks. Affected models include the AllWinner T95, AllWinner T95Max, RockChip X12-Plus, and RockChip X88-Pro-10.

By looking at the traffic being sent by these devices, the researcher was surprised to find a number of DNS requests being sent for domains publically known to be botnet Command and Control (C&C) servers. The researcher also extracted a Stage-1 payload for the malware and contacted Linode, who had been hosting some of the C&C servers, getting them to shut them down. Having reached out to AllWinner, the researcher received a response denying the presence of malware and attributing the malicious traffic observed to the presence of Logcat on the system—a fact which is wholly unrelated. EFF was able to independently confirm the researcher’s findings.

What’s more, the T95 smart set-top box came out-of-the-box with the Android Debugger (adb) wide open and available over WiFi. The Android Debugger gives access to control a device, including issuing commands and installing apps. The device firmware was signed with a testing key, and no clean or production-ready firmware was made available to consumers. Without access to a clean version of the system firmware, consumers are left without a clear way to clean their system of the malware.

The widespread availability of these low-end devices present a danger to consumers, their networks, and the security and stability of the internet at large. Though it would be impractical to conduct a thorough security audit for all merchandise sold on Amazon, a more thorough vetting process could be introduced before selling consumer-grade IoT devices. For instance, a basic network analysis would have found these devices communicating with C&C servers and having wide-open adb ports.

The sale of these devices reveals some glaring holes in public cybersecurity infrastructure. The devices, manufactured by…

Source…

Google Warning: Tens Of Millions Of Android Phones Come Preloaded With Dangerous Malware – Forbes

/in

Google Warning: Tens Of Millions Of Android Phones Come Preloaded With Dangerous Malware  Forbes

Millions of shiny new Android smartphones are being purchased with dangerous malware factory-installed, according to Google’s own security research team.

“android security news” – read more

OEM software update tools preloaded on PCs are a security mess

/in

Serious vulnerabilities have crept into the software tools that PC manufacturers preload on Windows computers, but the full extent of the problem is much worse than previously thought.

Researchers from security firm Duo Security have tested the software updaters that come installed by default on laptops from five PC OEMs (original equipment manufacturers) — Acer, ASUSTeK Computer, Lenovo, Dell and HP — and all of them had at least one serious vulnerability. The flaws could have allowed attackers to remotely execute code with system privileges, leading to a full system compromise.

In most cases, the problems resulted from the OEM software updaters not using encrypted HTTPS connections when checking for or downloading updates. In addition, some updaters didn’t verify that the downloaded files were digitally signed by the OEM before executing them.

To read this article in full or to leave a comment, please click here

Network World Security

“Pre-loaded video chat apps” will all work on AT&T’s network by year’s end

/in

Trying (and failing) to video chat over AT&T.
Andrew Cunningham

When Google unveiled its new Hangouts service at Google I/O last week, AT&T users quickly discovered that they couldn’t use its new video chat feature over cellular. This occurred despite the fact that the iOS version of the application works just fine on the carrier’s network.

Officially, AT&T said at the time that it makes a distinction between pre-loaded applications (like FaceTime on iOS or Hangouts on Android) and those that are downloaded manually by the user (Hangouts on iOS or Skype on either platform). Phone makers that work with AT&T can enable video chatting in their built-in apps—Apple, Samsung, and BlackBerry were all given as examples. However, the Verge reports that the company will be removing this restriction by the end of the year. From AT&T’s statement:

For video chat apps that come pre-loaded on devices, we currently give all OS and device makers the ability for those apps to work over cellular for our customers who are on Mobile Share or Tiered plans. Apple, Samsung, and BlackBerry have chosen to enable this for their pre-loaded video chat apps. And by mid-June, we’ll have enabled those apps over cellular for our unlimited plan customers who have LTE devices from those three manufacturers.

Throughout the second half of this year, we plan to enable pre-loaded video chat apps over cellular for all our customers, regardless of data plan or device; that work is expected to be complete by year end.

Today, all of our customers can use any mobile video chat app that they download from the Internet, such as Skype.

The carrier’s ban on built-in video chatting apps obviously stems from a desire to reduce bandwidth usage rather than any real technical limitation, since Hangouts works in iOS but not in Android. However, if you’re an AT&T customer who wants to get in some Hangout time with some of your loved ones, the policy change will (eventually) straighten everything out.

Read on Ars Technica | Comments


Ars Technica » Technology Lab