Asus, Essential, LG and ZTE have all promised to patch security vulnerabilities found by the mobile security company Kryptowire, according to Wired . The company's research was intended to point out that some security sms originate from code written by telephone companies to modify Android.
Scientists found errors in firmware of 10 separate devices carried across major US carriers, according to Wired as such an early version of Kryptowire's report. Vulnerabilities can lead to anything from allowing an attacker to lock someone out of the device to control the microphone and more ̵
According to Kryptowire, these vulnerabilities stem from Android's open nature, enabling third parties to customize the code and change interference or create completely different versions of Android. But as the researchers found out, this open system can also lead to holes in the phone's security. Wired states that the survey looks at these errors as a problem endemic to Android.
"Many people in the supply chain will be able to add their own applications, adapt, add their own cod," told Kryptowire's CEO Angelos Stavrou Wired . "It increases the attack surface and increases the likelihood of software errors."
A particularly bad example was found in the Asus Zenfone V Live smartphone. According to Wired Kryptowire found enough holes in the code to reveal users for a complete acquisition of the device. Screenshots and video footage could be taken off the screen, and some could theoretically read and change the text messages. Asus said it is "aware of the latest security issues" and that it is "working diligently and quickly to solve them" with an update.
Essential, LG and ZTE all responded to Wired with statements saying that they had solved some or all of the problems identified by Kryptowire after being notified by the company. However, if these updates have been rolled out to all users, it is less clear then only AT & T confirmed that it had implemented any of these updates. And as researchers point out, this update process itself is broken to many, with updates that often take months to put together and make way for users.