Trend Micro cybersecurity researchers have uncovered a worrying supply chain attack where millions of Android devices are infected with information-stealing malware before they even leave the factory.
The devices attacked are mainly budget smartphones, but the attack has also spread to smartwatches, smart TVs and other smart devices.
Trend Micro senior researcher Fyodor Yarochkin and his colleague Zhengyu Dong recently discussed this issue at a conference in Singapore, noting that the root of the problem is brutal competition between original equipment manufacturers.
Silent plugs
As it turns out, smartphone manufacturers do not produce all components. For example, the firmware is created by a third-party firmware vendor. However, as mobile phone firmware prices continued to fall, providers were unable to charge for their products.
As a result, Yarochkin explained, the products began to contain some unwanted additives in the form of “silent plugs”. Trend Micro found “dozens” of firmware images looking for malware and 80 different plug-ins. Researchers said some plug-ins were part of a wider “business model”, being sold on dark internet forums and even being sold on major social media platforms and blogs.
These plug-ins can steal sensitive information from your device, steal SMS messages, take control of your social media accounts, use your devices for ad and click fraud, abuse your traffic (opens in a new tab), and so on. One of the more serious problems Register stressed is a plugin that allows the buyer to take full control of the device for up to five minutes and use it as an “exit node”.
Trend Micro says the data suggests this supply chain attack affects nearly nine million devices worldwide, most of which are located in Southeast Asia and Eastern Europe. The researchers refused to name the perpetrators, but did mention China several times, the publication concluded.
By: Register (opens in a new tab)