Google's open source Android operating system has long been susceptible to third-party interference. At this year's Black Hat annual security conference in Las Vegas, researchers from the mobile security company Kryptowire discovered significant vulnerabilities in 10 different Android smartphones. All potentially dangerous devices are sold in the United States through mobile operators.
"These vulnerabilities are the result of Android policies that allow third-party developers to modify operating system code," says publisher The Wired. “On the one hand, code manipulation allows us to implement unique tweaks. But on the other hand, they cause delays in updates, and also give attackers the opportunity to conduct unnoticed manipulations with a smartphone. ”
It will most likely not be possible to solve this problem in the near future. Kryptowire CEO, Angelos Stavrow, claims that many smartphone developers want to install their own proprietary apps on devices and add their own code. This increases the likelihood of software bugs and also makes the device vulnerable to hacker attacks. So, in the end, unscrupulous manufacturers expose their customers to serious risks.
The Kryptowire report does not include any vendor-specific ratings. Instead, experts criticize the entire Android ecosystem. However, one potentially dangerous smartphone Kryptowire still mentions: this is the budget Asus ZenFone V Live. According to the experts' conclusions, through its stock firmware a third party can discreetly perform such actions as taking screenshots, video recording, changing text messages, etc.
For installing Android apps, Kryptowire strongly recommends using only the Google Play store and avoiding third-party sources. After the results of the study were made public, several mobile manufacturers released unplanned patches to close vulnerabilities in the system. Among them are Essential and LG. The Chinese company ZTE, banned in the US, said it is working with its partners to provide quality updates in the future.
The Topic of Article: Android smartphones are vulnerable out of the box.