The Android platform has a reputation for being less than sure, and despite the system's benefits and improvements, the situation does not improve as it should be. New research from the security company Kryptowire has found that a number of Android devices include vulnerabilities right out of the box, including those sent directly from wireless operators. Unfortunately, the cause of the problem stems from one of Android's biggest and oldest strong points: the open nature and the ability to change.
Kryptowire found ten different phones sold by operators across the United States who had security issues and firmware issues out of box, including devices from Asus, Essential, LG and ZTE. Vulnerabilities vary severely, but include security vulnerabilities that allow attack to be locked out of the device for remote control of the camera or microphone.
Unfortunately, these are not the kind of security issues that are easily updated with security updates. Kryptowire explains that the root of the problem is in Android's ability to be tweaked and customized for various purposes, both by manufacturers and carriers. This results in security vulnerabilities that are not only difficult to identify, but also unique to small parts of the Android ecosystem. Kryptowire's Managing Director Angelos Stavrou explains:
"The problem will not go away because many of the population in the supply chain will be able to add custom applications, customize, add own code. It increases the attack surface and increases the likelihood of software errors. exposes the end user to exploit that the end user can not respond. "
Most attacks that exploit these vulnerabilities require that an malware app is installed by users before they can work. One of the worst examples, however, was found in the Asus Zenfone V Live smartphone, which had enough security holes to allow "a whole system roof, including taking screenshots and video footage of the user's screen, calling, reading and changing text messages and more. "
Kryptowire has announced a number of manufacturers and operators of the vulnerabilities discovered, with Asus aware of the issues, and it is" working diligently and quickly to solve them "with an upcoming update. Essential, LG and ZTE said that some or all of their errors had been resolved after being notified by the security company.
The problem is left, as the Android ecosystem relies on different operators who release the updates for different devices on their own, allowing many users to either wait or unaware completely.