These Android phones have security defects out of the box, researchers say

August 17, 2018 by Seung Lee, The Mercury News
Credit: CC0 Public Domain

At least 25 Android smartphone models—11 of which are sold by major U.S. carriers—carry vulnerabilities out of the box, making them easy prey for hackers, according to a new study from security researchers.

Researchers from the firm Kryptowire found 38 vulnerabilities in 25 Android phones, according to Wired. They range from being able to lock someone out of their device to gaining unapproved and secret access to the smartphone's microphone.

Ryan Johnson, Kryptowire's director of research, and Angelos Stavrou, the company's CEO, disclosed their findings recently at the Black Hat conference in Las Vegas, according to Wired. Kryptowire's research was partially funded by the Department of Homeland Security.

The 11 Android phones listed by Kryptowire as vulnerable and popular in the United States are a mix of foreign manufacturers—such as China-based ZTE, Taiwan-based Asus and South Korea-based LG—and American phone manufacturers, such as Palo Alto-based Essential, which was founded by Andy Rubin, the creator of Android.

Once hackers exploit the pre-set vulnerabilities in the Android phones, they can track every move and turn the into a surveillance tool to collect information on its owner, according to CNET, which also reported on the study. Hackers could record screens, take screenshots, do a factory reset on a device, and potentially get logs of what the owner is typing, reading and contacting.

The vulnerabilities largely occurred after manufacturers tinkered with the open Android operating system to their liking and didn't consider security issues as a byproduct, according to Wired.

"All of these are vulnerabilities that are prepositioned," said Stavrou, according to CNET. "That's important because consumers think they're only exposed if they download something that's bad."

Kryptowire alerted the smartphone companies of the vulnerabilities before the presentation, and the firms have taken a varied range of actions since. Essential said they patched the vulnerabilities soon after they were informed, and LG, ZTE and Asus have patched some of the bugs and are continuing to fix the issues, according to CNET.

Explore further: Researchers find some smartphone models more vulnerable to attack

7 shares

Related Stories

Is your phone safe from hackers?

July 28, 2015

A multimedia text could be the vessel that cripples as many as 950 million Android phones around the world, a mobile security expert warned in a Forbes article on Monday.

Google G1 Phone: Security Flaw Exposed

October 28, 2008

(PhysOrg.com) -- A group of Security Researchers exposed a security flaw in Google´s G1 Android phone. The flaw is in the web browser on the T-Mobile G1 that can potentially allow Trojans and Keyloggers to install themselves ...

Recommended for you

Coffee-based colloids for direct solar absorption

March 22, 2019

Solar energy is one of the most promising resources to help reduce fossil fuel consumption and mitigate greenhouse gas emissions to power a sustainable future. Devices presently in use to convert solar energy into thermal ...

EPA adviser is promoting harmful ideas, scientists say

March 22, 2019

The Trump administration's reliance on industry-funded environmental specialists is again coming under fire, this time by researchers who say that Louis Anthony "Tony" Cox Jr., who leads a key Environmental Protection Agency ...

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.