Several security experts suggests, some preloaded applications and default regional settings in Android devices may cause threats of cyber-attacks in some countries. One of the security companies, F Secure, reported that several pre-bundled apps can give rise to attack surfaces of a device.
According to F-Secure, security agreement vendors can accidentally initiate attacks at the time of customizing Android builds. Devices that share the common brand are supposed to run the same applications, regardless of where the person is in the world.
However, when Android customization is performed by third-party vendors like Huawei, Samsung and Xiaomi, it may weaken its security, depending on the region of built.
Insecure by Default
Vendors try to place their own apps with the devices. It provides an additional advantage to the people that differentiate the vendor’s phone from the other competitors. However, additional apps aren’t good in terms of security. It enhances the attack surface of any device by giving cybercriminals more potential targets.
When these apps are incorporated in the default configuration of the device, several vulnerabilities in the apps can bring security issues in the overall device.
As Google pay is banned in China, it allows vendors to provide their own app stores as a replacement to its place. Devices like Huawei, have its own app store known as Huawei AppGallery. Security experts from F Secure have analyzed several vulnerabilities in Huawei AppGallery.
It thus enables the attacker to make the use of a beachhead in order to build additional attacks. Moreover, attackers can exploit additional vulnerabilities that the experts have identified in Huawei iReader to steal data and execute code from the devices.
Meanwhile, researchers from F Secure also stated that people can be manipulated to visit a website through an SMS or emails. It can be possible by compromising the default configuration of Xiaomi’s Mi 9 for India, Russia, China and in other countries.
SIM Reported As another Threat
F Secure’s experts also found that an attack against the phone such as Samsung Galaxy S9 doesn’t depend on any configuration or setting of the phone itself. It’s particularly based on the way when it changes its behavior for distinct SIM cards.
In order to attack, the opponent must manipulate the user of Galaxy S9 to connect to the Wi-Fi network which is under their control. If the phone identifies a Chinese SIM, then that affected part receives unencrypted updates. It thus allows the attacker to access the complete control on the phone.
Advice Given By F Secure
Toby Drew is the senior security consultant at F Secure. According to him, its crucial for the vendors to consider the significance of security at the time of customizing Android for several different regions. User in one region isn’t less or more committed to security as compared to others. If someone has a common device that configures for a less secure experience in a specified region, then it creates partiality by maximizing their chances of attacks.
Mark Barnes is the consulting senior security expert at F Secure. He also commented that determining such issues on several recognized handsets also presents this as a region where security experts should address it more carefully. This research has given them a hint about how challenging is the proliferation of custom-Android builds. It’s very important to spread awareness among device vendors and across large companies that operate in different areas.
Moreover, F Secure has collected no evidence or reports of such attacks that took place outside of their own research. Their regulated disclosure methods have allowed Xiaomi, Samsung, and Huawei to revamp the vulnerabilities that they have identified during their research. Whenever any user updates their phones, they should be protected from such attacks.