Cheap phones may have malware installed

[braumeister]

Interesting item about how millions of cheap Android phones have malware installed on them before they even leave the factory.

Millions of mobile phones come pre-infected with malware

This insertion of malware began as the price of mobile phone firmware dropped, we're told. Competition between firmware distributors became so furious that eventually the providers could not charge money for their product.

“But of course there’s no free stuff,” said Yarochkin, who explained that, as a result of this cut-throat situation, firmware started to come with an undesirable feature – silent plugins

The major manufacturers of higher end phones seem to have this covered in most cases, but those looking for a phone at the cheaper end should beware.

 

[TheWizard]

I thought that stuff was more accurately called BLOATWARE...

 

[braumeister]

I thought that stuff was more accurately called BLOATWARE...

Not the same thing at all. Bloatware is normal commercial software installed by the phone maker.

From the article I linked:

The malware turns the devices into proxies which are used to steal and sell SMS messages, take over social media and online messaging accounts, and used as monetization opportunities via adverts and click fraud.

One type of plugin, proxy plugins, allow the criminal to rent out devices for up to around five minutes at a time. For example, those renting the control of the device could acquire data on keystrokes, geographical location, IP address and more.

 

[Sunset]

Interesting item about how millions of cheap Android phones have malware installed on them before they even leave the factory.

....
The major manufacturers of higher end phones seem to have this covered in most cases, but those looking for a phone at the cheaper end should beware.

Annoying, the article doesn't suggest any way to even detect if this is present.

While they say the big manufacturers try to avoid it, reality is nobody is safe and the big manufacturers like Apple are a rich target.

I do avoid the cheap android phones because they are cheap/lousy. Still I normally go for ~$200 phones , a mid range type.

People who rent out 5 minutes on my phone would be losing a lot of money as typically I use my phone perhaps 10 minutes every 24hours

 

[W2R]

Black bolded words from Braumeister's article, with my response in blue:

"The malware turns the devices into proxies which are used to steal and sell SMS messages, "

text messages? Like, "on my way home" or some other intriguing Top Secret info. Hey, maybe I could sell that one and use the profits to help pay for my wind'n'hail insurance (see insurance thread).

"take over social media "

I don't do social media on my phone. I don't even log in to this forum from my phone. Next?

"and online messaging accounts"

I don't do these from my phone either, other than standard texting.

"and used as monetization opportunities via adverts and click fraud."

Haven't seen ads or clickbait.

"One type of plugin, proxy plugins, allow the criminal to rent out devices for up to around five minutes at a time. For example, those renting the control of the device could acquire data on keystrokes, geographical location, IP address and more. "

As little as I use my cell phone, I'm not worried. No evidence that anything like this is going on, or could reveal enough to even be a concern if it was. No unknown plugins AFAIK.

Now, if I was one of these people who use their cell phones like a computer, I might worry. I don't. I use my cell phone like a telephone and don't make many calls at all.

I use my laptop computer instead of my phone to do financial transactions with Vanguard or my bank, because my laptop computer is "all locked up" and data stored within it is much safer from malicious hackers than anything on my phone.

 

[Walt34]

People who rent out 5 minutes on my phone would be losing a lot of money as typically I use my phone perhaps 10 minutes every 24hours

You use it more than I use mine. There's no bank info, email, or anything else of interest to anyone else. Well, there is one of those "virtual" cc numbers, but that's only good at McDonald's. Kind of limits the damage, but I suppose there is a risk that I could end up buying lunch for the Baltimore Orioles or something, but that's a stretch.

 

[troutnut1]

This message was probably brought to you by the manufacturers of $1000 plus cell phones.

 

[Chuckanut]

I am more worried about cheap consumer routers that never get updated for whatever reason. And cheap IOT (Internet of Things) items that never get updated for whatever reason. They are real holes in in your personal home WIFI network for bad guys to exploit.

 

[RetMD21]

Interesting item about how millions of cheap Android phones have malware installed on them before they even leave the factory.


The major manufacturers of higher end phones seem to have this covered in most cases, but those looking for a phone at the cheaper end should beware.

Wasn't there an issue with Blu phones years ago? I have been sticking with brand name phones

 

[Sunset]

I am more worried about cheap consumer routers that never get updated for whatever reason. And cheap IOT (Internet of Things) items that never get updated for whatever reason. They are real holes in in your personal home WIFI network for bad guys to exploit.

+1
I put my IOT things on the 2.4 ghz network, and run our computers on the other one.
I also limit my IOT devices, but that naturally becomes harder as so many convenient things become available.

 

[Koolau]

I assume that "cheap" means phones made by no-name phones. Does anyone know if these "cheap" phones are name brand?

 

[Dtail]

I don't use my phone to login to any accounts.