Bought a new Android smartphone recently? Well beware, new reports have come forward exposing a number of rogue retailers that are selling brand-name Android smartphones loaded with pre-installed spyware.
Researchers at security firm G Data uncovered more than two dozen Android smartphones from popular name-brand manufacturers, including Xiaomi, Huawei and Lenovo, exposing that they have pre-installed spyware laced into the firmware.
G Data, the German security firm is no stranger to exposing smartphone’s ability to spy on people. Just last year the firm disclosed the Star N9500 is capable of spying on its users and could compromise personal information as well as steal conversation data without user knowledge or consent.
What’s even more troubling is the pre-installed spyware is being masqueraded as popular apps such as Facebook and Google Drive, which can not be removed from the device without unlocking it, as it’s built into the phone’s firmware.
“Over the past year, we have seen a significant [growth]in devices that are equipped with firmware-level [malware and spyware]out of the box which can take a wide range of unknown and unwanted actions,” said Christian Geschkat, a G Data product manager.
The pre-installed spyware that comes laced into these big name smartphone providers have the capability of:
- Eavesdropping on conversations
- Accessing the Internet
- Accessing and copying contacts
- Installing apps without permission
- Requesting location data
- Download and copy images on the device
- Recording conversations by enabling the microphone
- Sending and reading SMS/text messages
- Disabling anti-virus software
- Eavesdropping on chat services (ex. Facebook, Skype, WhatsApps, Viber and Google+)
- Accessing browser history.
Researchers suspect third-party vendors or middleman retailers to be the root of the cause, and not the actual manufacturer modifying the devices firmware to spy on users and steal data. Yet, the real cause behind the pre-installed spyware remains a mystery.
The full list of affected Android brands include Alps, ConCorde, DJC, Huawei, Lenovo, Sesonn, Xiaomi and Xido. However, most of the models being sold with the modifying firmware are being seen throughout Asia and Europe.
This isn’t the first time Chinese smartphones have come pre-installed with spyware. Earlier this year, mobile security firm Bluebox identified pre-loaded malware on a Xiaomi Mi4 LTE smartphone. To which the company responded, saying the compromised devices were high-quality counterfeits not produced by Xiaomi.
A number of devices being sold throughout different countries have been caught installing intentional malware, making the state of these reports worrisome.