A new report claims that some rogue retailers are selling brand-new Android smartphones loaded with pre-installed software.
Security firm G Data has uncovered more than two dozens of Android smartphones from popular smartphone manufacturers — including Xiaomi, Huawei and Lenovo — that have pre-installed spyware in the firmware.
Learn Insider Threat Detection with Application Response Strategies
Discover how application detection, response, and automated behavior modeling can revolutionize your defense against insider threats.Join Now
G Data is a German security firm that disclosed last year the Star N9500 Smartphone's capability to spy on users, thereby comprising their personal data and conversations without any restrictions and users knowledge.
Removal of Spyware Not Possible
The pre-installed spyware, disguised in popular Android apps such as Facebook and Google Drive, can not be removed without unlocking the phone since it resides inside the phone's firmware.
"Over the past year, we have seen a significant [growth] in devices that are equipped with firmware-level [malware and spyware] out of the box which can take a wide range of unknown and unwanted actions," Product Manager Christian Geschkat from G Data said in a statement.
The spyware is capable of doing the following actions:
- Listening in to telephone conversations
- Accessing the Internet
- Viewing and copy contacts
- Installing unwanted apps
- Asking for location data
- Taking and copying images
- Recording conversations using the microphone
- Sending and reading SMS/MMS
- Disabling Anti-Virus software
- Listening in to chats via messaging services (Skype, Viber, WhatsApp, Facebook and Google+)
- Reading the browser history
Third-Party Vendors or Intelligence Agency?
Unlike the Star devices, the security firm suspects third party vendors or middlemen (retailers) and not the manufacturers to be behind modifying the device firmware to steal user data and inject advertisements to earn money.
The possibilities may also include unintentional infection via compromised devices in the supply chain or intentional interference by government intelligence agencies.
The affected Smartphone brands include Xiaomi, Huawei, Lenovo, Alps, ConCorde, DJC, Sesonn and Xido. Most of the suspected models are sold in Asia and Europe.
However, this isn't the first time Chinese handsets come with pre-installed spyware. Back in March, the mobile security firm Bluebox found pre-loaded malware on Xiaomi Mi4 LTE. To which Xiaomi said the compromised handsets were high-quality counterfeits.
Late last year, researchers from Palo Alto Networks discovered that the high-end devices from Coolpad came pre-installed with the backdoor, dubbed "CoolReaper," sold exclusively in China and Taiwan.