Posted August 13, 2018 https://thehackernews.com/2018/08/android-app-hack.html Quote Bought a new Android phone? What if I say your brand new smartphone can be hacked remotely? Nearly all Android phones come with useless applications pre-installed by manufacturers or carriers, usually called bloatware, and there's nothing you can do if any of them has a backdoor built-in—even if you're careful about avoiding sketchy apps. That's exactly what security researchers from mobile security firm Kryptowire demonstrated at the DEF CON security conference on Friday. Researchers disclosed details of 47 different vulnerabilities deep inside the firmware and default apps (pre-installed and mostly non-removable) of 25 Android handsets that could allow hackers to spy on users and factory reset their devices, putting millions of Android devices at risk of hacking. At least 11 of those vulnerable smartphones are manufactured by companies including Asus, ZTE, LG, and the Essential Phone, and being distributed by US carriers like Verizon and AT&T. Other major Android handset brands include Vivo, Sony, Nokia, and Oppo, as well as many smaller manufacturers such as Sky, Leagoo, Plum, Orbic, MXQ, Doogee, Coolpad, and Alcatel. Some vulnerabilities discovered by researchers could even allow hackers to execute arbitrary commands as the system user, wipe all user data from a device, lock users out of their devices, access device's microphone and other functions, access all their data, including their emails and messages, read and modify text messages, sending text messages, and more—all without the users' knowledge. "All of these are vulnerabilities that are prepositioned. They come as you get the phone out the box," Kryptowire CEO Angelos Stavrou said in a statement. "That's important because consumers think they're only exposed if they download something that's bad." For example, vulnerabilities in Asus ZenFone V Live could allow an entire system takeover, allowing attackers to take screenshots and record user’s screen, make phone calls, spying on text messages, and more. Kryptowire, whose research was funded by the U.S. Department of Homeland Security, explained that these vulnerabilities stem from the open nature of the Android's operating system that allows third-parties like device manufacturers and carriers to modify the code and create completely different versions of Android. Kryptowire is the same security firm that, in late 2016, uncovered a pre-installed backdoor in more than 700 Million Android smartphones that surreptitiously found sending all text messages, call log, contact list, location history, and app data to China every 72 hours. Kryptowire has responsibly reported the vulnerabilities to Google and the respective affected Android partners, some of which have patched the issues while others are working diligently and swiftly to address these issues with a patch. However, it should be noted that since the Android operating system itself is not vulnerable to any of the disclosed issues, Google can't do much about this, as it has no control over the third apps pre-installed by manufacturers and carriers. The biggest problem is warranty will be void if the device is rooted. I really hate all these non-removable bloatware that suck up a lot of performance and battery juice to the point that I want to remove them for good, but if I do that my phone warranty will be void. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted August 13, 2018 So they say there are vulnerabilities in preloaded apps but won't say which apps. Why can't you disclose them again? You throw crap at manufacturers but don't actually let the public know which apps are guilty because it's not like they can be downloaded from the app store am I right? Is this a genuine PSA or just click bait? Also this does not meet guidelines for this sub forum. You can't just quote the entire article... Intel® Core™ i7-12700 | GIGABYTE B660 AORUS MASTER DDR4 | Gigabyte Radeon™ RX 6650 XT Gaming OC | 32GB Corsair Vengeance® RGB Pro SL DDR4 | Samsung 990 Pro 1TB | WD Green 1.5TB | Windows 11 Pro | NZXT H510 Flow White Sony MDR-V250 | GNT-500 | Logitech G610 Orion Brown | Logitech G402 | Samsung C27JG5 | ASUS ProArt PA238QR iPhone 12 Mini (iOS 17.2.1) | iPhone XR (iOS 17.2.1) | iPad Mini (iOS 9.3.5) | KZ AZ09 Pro x KZ ZSN Pro X | Sennheiser HD450bt Intel® Core™ i7-1265U | Kioxia KBG50ZNV512G | 16GB DDR4 | Windows 11 Enterprise | HP EliteBook 650 G9 Intel® Core™ i5-8520U | WD Blue M.2 250GB | 1TB Seagate FireCuda | 16GB DDR4 | Windows 11 Home | ASUS Vivobook 15 Intel® Core™ i7-3520M | GT 630M | 16 GB Corsair Vengeance® DDR3 | Samsung 850 EVO 250GB | macOS Catalina | Lenovo IdeaPad P580 Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted August 13, 2018 apple phones are the one apple product i like. a iphone 8 (which i have, upgraded from 5s) is the same price as a s9 so not overpriced Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted August 13, 2018 1 minute ago, Firewrath9 said: apple phones are the one apple product i like Agreed. I've tried android a few times over the years (Evo, S8) and just can't do it. I prefer the IPhone. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted August 13, 2018 10 minutes ago, TheGlenlivet said: INB4 Iphone fans arrive laughing... Well Samsung isn't affected apparently, so the biggest competitor of Apple isn't affected, so they don't knowabout it.. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted August 13, 2018 13 minutes ago, DaPhuc said: The biggest problem is warranty will be void if the device is rooted. The Magnuson–Moss Warranty Act prohibits this, as does it prohibit manufacturer's from voiding your warranty if you decide to unglue your phone to replace the battery yourself. That being said, obviously things like waterproofing are negated when doing such a repair, but the onus is on the manufacturer to prove that the disassembly and/or rooting of your phone caused the hardware failure. Unfortunately, in practice it's whomever has more money and lawyers that wins. Desktop: KiRaShi-Intel-2022 (i5-12600K, RTX2060) Mobile: OnePlus 5T | Koodo - 75GB Data + Data Rollover for $45/month Laptop: Dell XPS 15 9560 (the real 15" MacBook Pro that Apple didn't make) Tablet: iPad Mini 5 | Lenovo IdeaPad Duet 10.1 Camera: Canon M6 Mark II | Canon Rebel T1i (500D) | Canon SX280 | Panasonic TS20D Music: Spotify Premium (CIRCA '08) Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted August 13, 2018 22 minutes ago, TheGlenlivet said: INB4 Iphone fans arrive laughing... Surely you can remove default applications like you can on iOS - the worlds most advanced mobile operating system Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted August 13, 2018 this is why i like iPhones. no pre installed bloat... On 8/13/2018 at 6:18 PM, RorzNZ said: Surely you can remove default applications like you can on iOS - the worlds most advanced mobile operating system can you on android? i've never been able to. She/Her Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted August 13, 2018 Just now, firelighter487 said: can you on android? i've never been able to. Can't you access the file system and manually remove them even if you can't using the launcher? Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted August 13, 2018 Just now, RorzNZ said: Can't you access the file system and manually remove them even if you can't using the launcher? no idea. i really don't know. She/Her Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted August 13, 2018 7 minutes ago, firelighter487 said: this is why i like iPhones. no pre installed bloat... You still cannot remove any stock apps from iOS last time I checked while android you can via ADB tools or have option to flash rom or root which allow you remove any application of your choosing. edit: All you can do it move them into a folder in iOS while at least in android you can remove it after some googling or in most case you can disable it via apps. 5 minutes ago, RorzNZ said: Can't you access the file system and manually remove them even if you can't using the launcher? In most case as manufacturer install them as system app the most you can do is disable them which is basically uninstall but still present on the system. Magical Pineapples