While Android happens to be used by more than three-quarters of the smartphone users around the world, it is also quite susceptible to being hacked. This can be largely attributed to Android’s open-source nature where, unlike iOS, you can customise the base Android software to your liking. Now a new report has emerged that has pointed out that Android phones could be insecure right from the moment they’re shipped in boxes.
Security firm Kryptowire has revealed some troubling vulnerabilities in Android smartphones that might leave your private information exposed and your device beyond your control. As per the report, there are at least 10 devices sold across the major US carriers that come pre-loaded with bugs that are a security threat.
As mentioned above, Android is an open-source software and companies usually tinker around with the firmware files to twist the operating system as per their convenience. But doing these modifications, security patches get delayed for a long time and a very good example of this is Samsung’s TouchWiz UI overlayed on Android.
The report, however, is concerned with devices from ZTE, Essential, LG and Asus. While it’s strange that Essential, with its complete stock Android experience, has been mentioned in this list, it would seem that Asus ZenFone V Live is a hacker’s dream. The report says that the phone can be taken over completely and be used to record a user’s screen, make phone calls, modify texts and more.
Also, it would seem that avoiding side-loading apps (downloading from sources other than the Play Store) is not the solution. Kryptowire says that if the malicious apps are present on the Play Store, then due to the broken firmware they can silently grant themselves permissions to access the phone’s call logs or media folder.
ZTE devices that are vulnerable include, ZTE Blade Spark and Blade Vantage, while with LG it is the G6 according to the report.
The Essential PH-1 can be hacked and factory data reset, as per the report. “Once we were made aware of the vulnerability, it was immediately fixed by our team,” said Essential head of communications in an interview with Wired.
ZTE, LG and Asus have also individually confirmed to Wired that they are working on resolving the issue pointed out by Kryptowire. It seems that Kryptowire has not even released a full list of smartphone makers that have been compromised, so expect more devices to be added to the list.