- Joined
- Nov 20, 2015
- Messages
- 37,658
Got a cheap-and-cheerful Android phone from BLU, Infinix, Doogee, Leagoo, IKU, Beeline or Xolo? It might be harbouring some badware in the firmware.
The issue affects phones that use an over-the-air update mechanism from Chinese company according to BitSight researcher Dan Dahlberg and Anubis Networks' João Gouveia and Tiago Pereira.
Since a firmware update runs at root, the phones in question are vulnerable to pretty much anything a malicious server might install. Which means a keylogger, bugging software, or anything else an attacker might contemplate.
Rest of the article is here : http://www.theregister.co.uk/2016/11/20/more_androids_carry_phonehome_firmware/