Flaws in Pre-Installed Apps Expose Millions of Android Devices to Hackers

[Speed Weed]

https://thehackernews.com/2018/08/android-app-hack.html

 

Quote

Bought a new Android phone? What if I say your brand new smartphone can be hacked remotely?

Nearly all Android phones come with useless applications pre-installed by manufacturers or carriers, usually called bloatware, and there's nothing you can do if any of them has a backdoor built-in—even if you're careful about avoiding sketchy apps.

That's exactly what security researchers from mobile security firm Kryptowire demonstrated at the DEF CON security conference on Friday.

Researchers disclosed details of 47 different vulnerabilities deep inside the firmware and default apps (pre-installed and mostly non-removable) of 25 Android handsets that could allow hackers to spy on users and factory reset their devices, putting millions of Android devices at risk of hacking.

At least 11 of those vulnerable smartphones are manufactured by companies including Asus, ZTE, LG, and the Essential Phone, and being distributed by US carriers like Verizon and AT&T.

Other major Android handset brands include Vivo, Sony, Nokia, and Oppo, as well as many smaller manufacturers such as Sky, Leagoo, Plum, Orbic, MXQ, Doogee, Coolpad, and Alcatel.

Some vulnerabilities discovered by researchers could even allow hackers to execute arbitrary commands as the system user, wipe all user data from a device, lock users out of their devices, access device's microphone and other functions, access all their data, including their emails and messages, read and modify text messages, sending text messages, and more—all without the users' knowledge.

"All of these are vulnerabilities that are prepositioned. They come as you get the phone out the box," Kryptowire CEO Angelos Stavrou said in a statement. "That's important because consumers think they're only exposed if they download something that's bad."

For example, vulnerabilities in Asus ZenFone V Live could allow an entire system takeover, allowing attackers to take screenshots and record user’s screen, make phone calls, spying on text messages, and more.

 

Kryptowire, whose research was funded by the U.S. Department of Homeland Security, explained that these vulnerabilities stem from the open nature of the Android's operating system that allows third-parties like device manufacturers and carriers to modify the code and create completely different versions of Android.

Kryptowire is the same security firm that, in late 2016, uncovered a pre-installed backdoor in more than 700 Million Android smartphones that surreptitiously found sending all text messages, call log, contact list, location history, and app data to China every 72 hours.

Kryptowire has responsibly reported the vulnerabilities to Google and the respective affected Android partners, some of which have patched the issues while others are working diligently and swiftly to address these issues with a patch.

However, it should be noted that since the Android operating system itself is not vulnerable to any of the disclosed issues, Google can't do much about this, as it has no control over the third apps pre-installed by manufacturers and carriers.

The biggest problem is warranty will be void if the device is rooted. I really hate all these non-removable bloatware that suck up a lot of performance and battery juice to the point that I want to remove them for good, but if I do that my phone warranty will be void. 

[BlueChinchillaEatingDorito]

So they say there are vulnerabilities in preloaded apps but won't say which apps. Why can't you disclose them again? You throw crap at manufacturers but don't actually let the public know which apps are guilty because it's not like they can be downloaded from the app store am I right? Is this a genuine PSA or just click bait? 

 

Also this does not meet guidelines for this sub forum. You can't just quote the entire article... 

[Firewrath9]

apple phones are the one apple product i like. a iphone 8 (which i have, upgraded from 5s) is the same price  as a s9 so not overpriced

[TheGlenlivet]

1 minute ago, Firewrath9 said:

apple phones are the one apple product i like

Agreed.  I've tried android a few times over the years (Evo, S8) and just can't do it.  I prefer the IPhone.

[laminutederire]

10 minutes ago, TheGlenlivet said:

INB4 Iphone fans arrive laughing...

Well Samsung isn't affected apparently, so the biggest competitor of Apple isn't affected, so they don't knowabout it..

[kirashi]

13 minutes ago, DaPhuc said:

The biggest problem is warranty will be void if the device is rooted.

The Magnuson–Moss Warranty Act prohibits this, as does it prohibit manufacturer's from voiding your warranty if you decide to unglue your phone to replace the battery yourself. That being said, obviously things like waterproofing are negated when doing such a repair, but the onus is on the manufacturer to prove that the disassembly and/or rooting of your phone caused the hardware failure.

 

Unfortunately, in practice it's whomever has more money and lawyers that wins.  

[Guest]

22 minutes ago, TheGlenlivet said:

INB4 Iphone fans arrive laughing...

Surely you can remove default applications like you can on iOS - the worlds most advanced mobile operating system

[Ashley MLP Fangirl]

this is why i like iPhones. no pre installed bloat... 

 

On 8/13/2018 at 6:18 PM, RorzNZ said:

Surely you can remove default applications like you can on iOS - the worlds most advanced mobile operating system

can you on android? i've never been able to. 

[Guest]

Just now, firelighter487 said:

can you on android? i've never been able to. 

Can't you access the file system and manually remove them even if you can't using the launcher?

[Ashley MLP Fangirl]

Just now, RorzNZ said:

Can't you access the file system and manually remove them even if you can't using the launcher?

no idea. i really don't know. 

[desertcomputer]

7 minutes ago, firelighter487 said:

this is why i like iPhones. no pre installed bloat... 

You still cannot remove any stock apps from iOS last time I checked while android you can via ADB tools or have option to flash rom or root which allow you remove any application of your choosing.

 

edit: All you can do it move them into a folder in iOS while at least in android you can remove it after some googling or in most case you can disable it via apps.

 

5 minutes ago, RorzNZ said:

Can't you access the file system and manually remove them even if you can't using the launcher?

In most case as manufacturer install them as system app the most you can do is disable them which is basically uninstall but still present on the system.

[Guest]

Just now, MrUnknownEMC said:

You still cannot remove any stock apps from iOS last time I checked while android you can via ADB tools or have option to flash rom or root which allow you remove any application of your choosing.

 

In most case as manufacturer install them as system app the most you can do is disable them which is basically uninstall but still present on the system.

You can uninstall utility applications on iOS, and when you Jailbreak you can delete the applications altogether, either using a tool or manually. The file system is more or less the same as on MacOS, so it's easy. 

[Ashley MLP Fangirl]

Just now, MrUnknownEMC said:

You still cannot remove any stock apps from iOS last time I checked while android you can via ADB tools or have option to flash rom or root which allow you remove any application of your choosing.

rooting and stuff void warranty of loads of phones i believe.. and yeah you can't delete preinstalled apps on iOS but at least there isn't loads of them. 

 

1 minute ago, MrUnknownEMC said:

In most case as manufacturer install them as system app the most you can do is disable them which is basically uninstall but still present on the system.

so you can't uninstall them without voiding the warranty. only hide them. 

[Noctus]

Yay google isnt on this list....... tho ironically they already have my info soooooo ...../shrugshoulders ?

[2FA]

On 8/13/2018 at 5:57 PM, BlueChinchillaEatingDorito said:

So they say there are vulnerabilities in preloaded apps but won't say which apps. Why can't you disclose them again? You throw crap at manufacturers but don't actually let the public know which apps are guilty because it's not like they can be downloaded from the app store am I right? Is this a genuine PSA or just click bait? 

 

Also this does not meet guidelines for this sub forum. You can't just quote the entire article... 

It's likely to affect a very large number of apps, some of the preloaded Google apps are included such as Google Translate and Google Voice Typing. BleepingComputer has a much more technical article describing the dubbed Man-in-the-Disk attack.

 

A malicious app can manipulate other app's data by injecting malformed data, which can potentially crash the app. The crash then allows the malicious app to gain the permissions of the crashed app, so if the crashed app had a lot more permissions, the malicious one now gained all of those permissions. Additionally it's able to intercept app updates just as they are about to be installed replacing other apps with malicious versions. Following the Android security guidelines for development properly stops this attack but not all developers do, hence the news.

 

EDIT: Just realized this is different news, got em confused since I read both today. Too lazy to write a thread for the other one tho

 

On 8/13/2018 at 6:33 PM, Noctus said:

Yay google isnt on this list....... tho ironically they already have my info soooooo ...../shrugshoulders ?

Google Translate and Google Voice Typing are affected.

 

EDIT: Hmmm, just realized this is probably the other news I saw, woops.

[desertcomputer]

7 minutes ago, firelighter487 said:

rooting and stuff void warranty of loads of phones i believe.. and yeah you can't delete preinstalled apps on iOS but at least there isn't loads of them. 

 

so you can't uninstall them without voiding the warranty. only hide them. 

Rooting doesn't void warranty only unlocking boot loader to flash root is, basically all most phone has way to lock your boot-loader and flashing stock rom and essentially making it stock and un-voiding your warranty.

 

Is not really hiding them, if you disable them. The app won't run in background etc.

 

Also ADB is option and doesn't void any warranty.

 

iOS doesn't come with much but you still cannot remove it. You just have hide it in folder on a homescreen you barely can change.

 

Also have you seen or used any recent android phone which isn't shit one off a supermarket shelf? They are essentially a few to no bloatware apart from google apps which most people actually used and removable. It just take a extra 10 minutes of setup, at least is not like window that reinstall them back after a window updates.

[Ashley MLP Fangirl]

1 minute ago, MrUnknownEMC said:

Is not really hiding them, if you disable them. The app won't run in background etc.

oh okay. i didn't know that. 

 

if you do so, is the phone not vulnerable to attack like the OP describes?

[desertcomputer]

Just now, firelighter487 said:

oh okay. i didn't know that. 

 

if you do so, is the phone not vulnerable to attack like the OP describes?

Access via app is probably not possible but still possible via firmware. If it disable from what I have seen it remove all running services/process but some app won't allow you to disable it such as some basic function apps but in most case still removable via ADB.

[Ashley MLP Fangirl]

1 minute ago, MrUnknownEMC said:

Access via app is probably not possible but still possible via firmware. If it disable from what I have seen it remove all running services/process but some app won't allow you to disable it such as some basic function apps but in most case still removable via ADB.

some phones i've had did have some apps on it that were installed by the manufacturer and i couldn't disable those.. i'll look into removing them. it'll be nice to do if my iPhone ever breaks and i need to use them again. 

[orbitalbuzzsaw]

@DrMacintosh thoughts?

 

@Swatson #noregrets

[79wjd]

 

Quote

iOS doesn't come with much but you still cannot remove it. You just have hide it in folder on a homescreen you barely can change.

You can 'delete' most apps (starting with iOS 10), although it's more like hiding the app (it's still part of the OS, but there are no references to it anywhere -- so you have to 're-download' it from the App Store) and deleting all info. Only Settings, Safari, Find iPhone, Photos, Camera, Clock, Wallet, Health, and App Store can't be uninstalled.

[Guest]

27 minutes ago, firelighter487 said:

rooting and stuff void warranty of loads of phones i believe.. and yeah you can't delete preinstalled apps on iOS but at least there isn't loads of them. 

 

The rest are fairly integrated apps that will cause instability of iOS if you remove them - so Apple doesn't let you, but if you jailbreak you can easily. You can see with these screenshots most default apps can be removed. iOS 12. 

[DrMacintosh]

Was expecting to see more people saying "Oh well I can just root my device so I don't have to worry about this" or something along those lines. Was disappointed in the lack of that. 

 

No bloatware=good

bloatware=bad

 

On 8/13/2018 at 7:02 PM, RorzNZ said:

The rest are fairly integrated apps that will cause instability of iOS if you remove them - so Apple doesn't let you, but if you jailbreak you can easily. You can see with these screenshots most default apps can be removed. iOS 12. 

Basically any non critical app can be "removed" from iOS and gotten again from the App store. However I do not know for sure if a system app is actually deleted if you delete it or if it is simply disabled and its icon is hidden. 

[79wjd]

3 minutes ago, DrMacintosh said:

However I do not know for sure if a system app is actually deleted if you delete it or if it is simply disabled and its icon is hidden. 

"With iOS 10, you can remove built-in apps from the Home screen on your device, but you can't delete them."

https://support.apple.com/en-us/HT208094

[DrMacintosh]

2 minutes ago, 79wjd said:

"With iOS 10, you can remove built-in apps from the Home screen on your device, but you can't delete them."

https://support.apple.com/en-us/HT208094

That's what I remembered. It might have changed in iOS 11 and might also change in iOS 12. But the result is the same, the app is disabled.