Android devices come with malware out of the box

By Flavio Treppner

Every mobile phone user’s nightmare: your own smartphone is a security risk and supplies sensitive data to strangers. This is exactly what researchers are now warning of at the “Black Hat Asia” IT security event.

According to the experts, criminals gain access to Android devices through malware (malicious software) – and that right from the factory. The victim doesn’t notice any of this.

But how can that happen? Many companies now outsource important manufacturing processes to external clients. The problem: This allows criminals to gain access to the supply chain and anchor malicious software directly in the operating system of the Android cell phone.

It is estimated that nine million users are affected worldwide – the majority of them in Southeast Asia and Eastern Europe.

Cyber ​​criminals offer access on the dark web

Security researchers have now analyzed up to 80 hidden malware plug-ins. A perfidious business model has developed around a large part of this: According to this, criminals can use special malicious codes to steal passwords and set up click fraud apps.

Criminals offer access to infected smartphones on the dark web via social networks. This access is “rented out” for a certain number of minutes.

Older and cheaper devices are particularly affected. Unfortunately, the researchers do not give any clear safety tips. Only the purchase of higher-priced devices should offer minimal protection. Because: With high-end products, corporations control the supply chains more closely.

The experts assume that the risk of manipulated operating systems will continue to increase in the coming years.

ttn-27