Do you have adblock enabled?
 
If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(The Register)   Android phones are leaving the factory after being preloaded with malware that turns your skin orange and makes you tweet ridiculous things at 5AM   ( theregister.co.uk) divider line
    More: PSA, Check Point, researcher Oren Koriat, Technologies included info-stealers, malicious package names, large telecommunications company, malware, malware instances, illegitimate advertisements  
•       •       •

1724 clicks; posted to Geek » on 13 Mar 2017 at 4:50 PM (31 weeks ago)   |   Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



28 Comments     (+0 »)
 
View Voting Results: Smartest and Funniest
 
2017-03-13 12:33:35 PM  
It's that guy Paul who used to be with Verizon
 
2017-03-13 01:47:45 PM  
FTFA:  The malware discovered by Check Point Software Technologies included info-stealers, ransomware like Slocker; Loki, which shows "illegitimate advertisements" to generate revenue while stealing device information; and information stealers.

They must really really like information stealers.
 
2017-03-13 02:47:04 PM  
img.fark.net
 
2017-03-13 04:15:43 PM  
FTFA:  The malware discovered by Check Point Software Technologies included info-stealers, ransomware like Slocker; Loki, which shows "illegitimate advertisements" to generate revenue while stealing device information; and information stealers.
 
2017-03-13 05:11:38 PM  
Yep, had to get a phone I bough a couple months ago flashed already. No one besides me had used it, couldn't figure out how it happened.
 
2017-03-13 05:27:20 PM  
"Since they were added after manufacture, vendors aren't to blame."

Well, you handed them off to some middle men, so you kind of are to blame.
Also, my phone is too crappy to even install malware, apparently. Huzzah!
 
2017-03-13 05:57:16 PM  
I flash people on my phone all the time.
 
2017-03-13 05:59:58 PM  
Check Point says it found infections in 38 Android devices. Since the malware wasn't in the vendor's ROM, the company's researcher Oren Koriat reckons they were added in the supply chain between vendor and customer.
...
"Six of the malware instances were added by a malicious actor to the device's ROM using system privileges, meaning they couldn't be removed by the user and the device had to be re-flashed", Koriat writes.


So which is it, geniuses?
 
2017-03-13 06:00:35 PM  
And on a related note, I'm so glad Trump is still using an unsecured Android device
 
2017-03-13 06:01:09 PM  
I love how they don't disclose what major telecom or IT firm. Wth
 
2017-03-13 06:06:55 PM  

xanadian: FTFA:  The malware discovered by Check Point Software Technologies included info-stealers, ransomware like Slocker; Loki, which shows "illegitimate advertisements" to generate revenue while stealing device information; and information stealers.

They must really really like information stealers.


It sounds like the work of the People's Front of Judea to me.
 
2017-03-13 06:10:03 PM  

shroom: Check Point says it found infections in 38 Android devices. Since the malware wasn't in the vendor's ROM, the company's researcher Oren Koriat reckons they were added in the supply chain between vendor and customer.
...
"Six of the malware instances were added by a malicious actor to the device's ROM using system privileges, meaning they couldn't be removed by the user and the device had to be re-flashed", Koriat writes.

So which is it, geniuses?


Read it again...the two statements are different.

The vendor's factory-installed ROM was clean. But the malware was found in the ROM on the device at the end-user stage. Ergo, someone was intercepting phones in the supply chain between factory and end-user and installing the malware.
 
2017-03-13 06:18:20 PM  

ManifestDestiny: shroom: Check Point says it found infections in 38 Android devices. Since the malware wasn't in the vendor's ROM, the company's researcher Oren Koriat reckons they were added in the supply chain between vendor and customer.
...
"Six of the malware instances were added by a malicious actor to the device's ROM using system privileges, meaning they couldn't be removed by the user and the device had to be re-flashed", Koriat writes.

So which is it, geniuses?

Read it again...the two statements are different.

The vendor's factory-installed ROM was clean. But the malware was found in the ROM on the device at the end-user stage. Ergo, someone was intercepting phones in the supply chain between factory and end-user and installing the malware.


Either the ROM is flash-able, or it isn't.  If it is flashable, then how does the researcher know where the malware was added, or whether or not it was present in the factory image?  If it's not flashable, then the malware is definitely in the vendor's image.  Article is shiattily written, probably by someone who doesn't know what the terms mean.
 
2017-03-13 06:21:50 PM  

shroom: ManifestDestiny: shroom: Check Point says it found infections in 38 Android devices. Since the malware wasn't in the vendor's ROM, the company's researcher Oren Koriat reckons they were added in the supply chain between vendor and customer.
...
"Six of the malware instances were added by a malicious actor to the device's ROM using system privileges, meaning they couldn't be removed by the user and the device had to be re-flashed", Koriat writes.

So which is it, geniuses?

Read it again...the two statements are different.

The vendor's factory-installed ROM was clean. But the malware was found in the ROM on the device at the end-user stage. Ergo, someone was intercepting phones in the supply chain between factory and end-user and installing the malware.

Either the ROM is flash-able, or it isn't.  If it is flashable, then how does the researcher know where the malware was added, or whether or not it was present in the factory image?  If it's not flashable, then the malware is definitely in the vendor's image.  Article is shiattily written, probably by someone who doesn't know what the terms mean.


What phone ROMs aren't flashable?
 
2017-03-13 06:33:50 PM  

Russ1642: shroom: ManifestDestiny: shroom: Check Point says it found infections in 38 Android devices. Since the malware wasn't in the vendor's ROM, the company's researcher Oren Koriat reckons they were added in the supply chain between vendor and customer.
...
"Six of the malware instances were added by a malicious actor to the device's ROM using system privileges, meaning they couldn't be removed by the user and the device had to be re-flashed", Koriat writes.

So which is it, geniuses?

Read it again...the two statements are different.

The vendor's factory-installed ROM was clean. But the malware was found in the ROM on the device at the end-user stage. Ergo, someone was intercepting phones in the supply chain between factory and end-user and installing the malware.

Either the ROM is flash-able, or it isn't.  If it is flashable, then how does the researcher know where the malware was added, or whether or not it was present in the factory image?  If it's not flashable, then the malware is definitely in the vendor's image.  Article is shiattily written, probably by someone who doesn't know what the terms mean.

What phone ROMs aren't flashable?


I was being somewhat facetious there for the sake of devil's advocate.  My point, again, is that if the ROM is flashable, how is this guy so sure what was or wasn't contained in the vendor's original ROM?
 
2017-03-13 06:36:17 PM  

shroom: ManifestDestiny: shroom: Check Point says it found infections in 38 Android devices. Since the malware wasn't in the vendor's ROM, the company's researcher Oren Koriat reckons they were added in the supply chain between vendor and customer.
...
"Six of the malware instances were added by a malicious actor to the device's ROM using system privileges, meaning they couldn't be removed by the user and the device had to be re-flashed", Koriat writes.

So which is it, geniuses?

Read it again...the two statements are different.

The vendor's factory-installed ROM was clean. But the malware was found in the ROM on the device at the end-user stage. Ergo, someone was intercepting phones in the supply chain between factory and end-user and installing the malware.

Either the ROM is flash-able, or it isn't.  If it is flashable, then how does the researcher know where the malware was added, or whether or not it was present in the factory image?  If it's not flashable, then the malware is definitely in the vendor's image.  Article is shiattily written, probably by someone who doesn't know what the terms mean.


Phone ROMs are flashable. Derp.

Further, companies often supply security researchers with their factory ROMs as references, so that things can be checked against the original.

The person here who doesn't know things isn't the article author.
 
2017-03-13 06:55:17 PM  
Who wants to bet it's the phone companies doing this?
 
2017-03-13 06:57:23 PM  

ManifestDestiny: shroom: ManifestDestiny: shroom: Check Point says it found infections in 38 Android devices. Since the malware wasn't in the vendor's ROM, the company's researcher Oren Koriat reckons they were added in the supply chain between vendor and customer.
...
"Six of the malware instances were added by a malicious actor to the device's ROM using system privileges, meaning they couldn't be removed by the user and the device had to be re-flashed", Koriat writes.

So which is it, geniuses?

Read it again...the two statements are different.

The vendor's factory-installed ROM was clean. But the malware was found in the ROM on the device at the end-user stage. Ergo, someone was intercepting phones in the supply chain between factory and end-user and installing the malware.

Either the ROM is flash-able, or it isn't.  If it is flashable, then how does the researcher know where the malware was added, or whether or not it was present in the factory image?  If it's not flashable, then the malware is definitely in the vendor's image.  Article is shiattily written, probably by someone who doesn't know what the terms mean.

Phone ROMs are flashable. Derp.

Further, companies often supply security researchers with their factory ROMs as references, so that things can be checked against the original.

The person here who doesn't know things isn't the article author.


I think the question is, how was it known for certain that there wasn't an unauthorized change at the factory where the ROM was flashed in the first place, after submission of the reference ROM? Why the assumption that the ROM was reflashed after the phone entered the supply chain?
 
2017-03-13 07:03:47 PM  

MrEricSir: Who wants to bet it's the phone companies doing this?


It could be, or it could be Obama tapping your phone.
 
2017-03-13 07:14:06 PM  

Lonestar: MrEricSir: Who wants to bet it's the phone companies doing this?


It could be, or it could be Obama tapping your phone.


Nahh, he was too busy working the small domestic appliance angle to do that...

img.fark.net
 
2017-03-13 07:47:07 PM  

Lonestar: MrEricSir: Who wants to bet it's the phone companies doing this?

It could be, or it could be Obama tapping your phone.


img.fark.net
 
2017-03-13 08:15:27 PM  
Sad.
 
2017-03-13 08:20:31 PM  

shroom: Russ1642: shroom: ManifestDestiny: shroom: Check Point says it found infections in 38 Android devices. Since the malware wasn't in the vendor's ROM, the company's researcher Oren Koriat reckons they were added in the supply chain between vendor and customer.
...
"Six of the malware instances were added by a malicious actor to the device's ROM using system privileges, meaning they couldn't be removed by the user and the device had to be re-flashed", Koriat writes.

So which is it, geniuses?

Read it again...the two statements are different.

The vendor's factory-installed ROM was clean. But the malware was found in the ROM on the device at the end-user stage. Ergo, someone was intercepting phones in the supply chain between factory and end-user and installing the malware.

Either the ROM is flash-able, or it isn't.  If it is flashable, then how does the researcher know where the malware was added, or whether or not it was present in the factory image?  If it's not flashable, then the malware is definitely in the vendor's image.  Article is shiattily written, probably by someone who doesn't know what the terms mean.

What phone ROMs aren't flashable?

I was being somewhat facetious there for the sake of devil's advocate.  My point, again, is that if the ROM is flashable, how is this guy so sure what was or wasn't contained in the vendor's original ROM?


This is the point where it stopped about "being right" and became about "not being wrong".
 
2017-03-13 08:27:46 PM  

shroom: Either the ROM is flash-able, or it isn't. If it is flashable, then how does the researcher know where the malware was added, or whether or not it was present in the factory image? If it's not flashable, then the malware is definitely in the vendor's image. Article is shiattily written, probably by someone who doesn't know what the terms mean.


Probably the fact that not every phone from every vendor had the malware would be a tiny clue about what was or was not on the factory default image.
 
2017-03-13 09:22:36 PM  
It would not surprise me that any device thats its possible for, the CIA put malware on it before it left the manufacturer, and the manufacturer doesn't even know about it.
 
2017-03-13 10:17:30 PM  

T.rex: It would not surprise me that any device thats its possible for, the CIA put malware on it before it left the manufacturer, and the manufacturer doesn't even know about it.


The government does this with different vendors.  Especially Networking / OS code.  Code signing happens after federal access.
 
2017-03-14 12:04:36 AM  
They mention several Samsung phones, and those use "Knox" to prevent flashing the ROM. How is this possible without tripping the Knox flag?
 
2017-03-14 10:15:07 AM  

KarmicDisaster: They mention several Samsung phones, and those use "Knox" to prevent flashing the ROM. How is this possible without tripping the Knox flag?


Search XDA.  They have plenty of Knox circumvention tools.

Also, anybody with factory rom level of access also has access to the internal flashing tools designed to set up any security measures.
 
Displayed 28 of 28 comments

View Voting Results: Smartest and Funniest

This thread is archived, and closed to new comments.

Continue Farking

On Twitter





Top Commented
Javascript is required to view headlines in widget.
  1. Links are submitted by members of the Fark community.

  2. When community members submit a link, they also write a custom headline for the story.

  3. Other Farkers comment on the links. This is the number of comments. Click here to read them.

  4. Click here to submit a link.

Report