Below is a rush transcript of this segment, it might contain errors.
Airing date: 03/16/2017
Android Phones are Being Infected Before you Get Them – NSA Involvement with Infecting Network Gear
Craig Peterson: With all of these talk about CIA, NSA spying on us, did you hear this? Android phones are being infected in the supply chain. We’re gonna talk about that. What you should do. Of course it’s time for another TechSanity check. Craig Peterson here. Stick around.
There are a couple of different regs out there that are talking about a problem we really haven’t seen before. Well, actually, we kinda seen this problem before. We know that the NSA has done some very tricky things where they had been intercepting gear, particularly network gear, while it is being en route to a customer. So, for instance, a network gear manufacturer will get an order. They’ll make that piece of network gear. They will ship it out to the customer. And then the NSA intercepts it while it is in shipment. So the NSA is working of course with some of these shipping companies, which is I think kind of an interesting thing right there. But the go ahead and once they have their hands on that piece of equipment, they install malware. Well, you and I would call it malware. They’re installing software that allows people to spy on them. Wow. Isn’t that interesting, right?
So a piece of network gear is on its way. They’ll change some of the firmware. They’ll set it up so that that firewall or switch or router or whatever that might be, sends certain information that they want back to the NSA. We have to assume that the CIA is doing exactly the thing although we don’t have, at least I haven’t seen it in the current document from the CIA. So businesses, obviously, maybe there is something to be learned from that. But on top of it now, we are seeing that a number of devices, specifically right now so far, the Galaxy Note 2, the LG G4, the Galaxy S7, S4, the Note 4 or 5, 8, the Xiaomi Mi 4i, the Galaxy A5, ZTE X500, the Galaxy Note 3, Note Edge, Galaxy Tab S2, Galaxy Tab 2, the Oppo N3, the Vevo X6 Plus, ASUS Zenfone 2, Lenovo S90. The list goes on and on here. It includes more Lenovo phones, a couple of more Chinese manufacturers. And what’s happened here is that according to a security researcher out there, they’ve been finding malware, particularly one that’s very malicious called Loki, that gains powerful system privileges on the devices. They found this malware on 38 android devices. Now, ok, 38 devices. Yeah what do I have to worry about? Well it was only found on 38 devices, it doesn’t mean that it did not exist on other devices that are out there. So Checkpoints Software Technologies, they’ve got a mobile threat prevention app said they found it. And they haven’t named the companies they found it on. They played around with the list a little bit. They removed a couple of different phones from the list, they didn’t say why. The original blogpost included the Nexus 5 and Nexus 5X but it’s not on the list right now. And the company that’s affected was… there’s 2 companies. Both of them apparently a large telecommunications company and the other was a multinational technology company.
So if you’re trying to spy on a telecommunications company or a tech company, what better way than do install malware on their android phone after it left the factory? Isn’t that something? Kinda smells familiar, doesn’t it? Kinda smells like maybe the NSA. Yeah, maybe the CIA. I don’t know. Probably the NSA. Who knows what’s happening here other than these phones appear to have definitely been infected? You can cover your tracks really well if you just put all kinds of random malware on these things and have something that you want in there that’s not random. That was installed on purpose.
Now this isn’t the first time that android phones have been shipped pre-installed with apps that can siphon sensitive user data and then send it off to bad guys out there? Well maybe they’re good guys in this case, right? In November last year, 2016, researchers found a secret backdoor installed on hundreds of thousands of android devices manufactured by BLU. A few days later, another research team found a different backdoor on more than 3 million android devices from BLU, and other manufacturers. Now in those cases the backdoors were previously unknown. And on at least 1 case here with millions of android phones, they were intended to deliver legitimate over-the-air updates. Now that’s kinda interesting too isn’t it?
So a couple of things to learn from this. First of all, we know android phones are not invulnerable. No phone is. No device is that’s out there, right? And the second thing is, whenever you buy new equipment, whether it’s network equipment or it’s a phone, it’s a tablet, it’s a computer. The very first thing I do for all of my clients is erase the machine entirely, and reload it with an operating system and other software from a known good source. So wipe it. Reinstall the operating system. Reinstall all of the utilities, all of the apps you need. And absolutely, 100%, install software that’s looking for malware. Ok? This is really bad news here. Checkpoint came out and said this finding proves that even a user is extremely careful, never clicks on a malicious link or downloads a fishy app, he can still be infected by malware without ever knowing it. This should be a concern for all mobile users.
So that’s Checkpoint’s Mobile Threat researcher Daniel Patton who said that. That is a big deal. They’re gaining powerful system privileges on these devices. In other words, they can monitor everything. They can do everything and anything. That is really, really bad news. So anything you get, this is just good practice by the way. Coz if you buy a PC, a Windows PC, you know, the likelihood that it’s got crapware on it is almost a hundred percent. Manufacturers nowadays, to make an extra 5 bucks, will install 50 different apps, 50 different programs on your computer. You know, Norton Anti-virus, all these stuff you don’t want. Don’t need. Coz you’re going to install something better. Something like Mainstream you’re gonna get from us. All of the software you need to protect your machines. So wiping it out of its Windows is a great idea. Coz you get rid of some of that bloatware that comes with the machine. But now we have another reason. Right? It isn’t just to make sure we have the latest operating system released but because they’re coming preinstalled with malware from who knows where. Again, suspicions are abound as to who might be doing this. But another little trick here. Something to be careful about.
Hey we’re going to be doing some kind of cool stuff here. We’re launching some new training, security products and things. So keep an eye out for that. We’ll let you know as soon as that’s ready here. But that will be out within the next week or two. And I’ll let everybody know. Because I’m just tired of all of these security problems people not being able to deal with them. We’re going to help you deal with them.
Visit us online, http://CraigPeterson.com. Make sure you subscribe. Get on my newsletter. You’ll get the weekly newsletter. If you wanna be on the insiders, you can just text me and I will text you out a reminder about the show. Just 855-385-5553. And you can text me questions. Anything you want there. So pick up your phone. Open up your texting app. Put in the number, 855-385-5553. Yes, I do have a personal toll-free number. And then text your question or say insider or put my name in there, Craig, and I’ll put you on my insider’s list.
Have a great day and we will be back tomorrow with another daily TechSanity check with Craig Peterson of course. Take care. Have a great day.
Certain Android smartphones are being infected with malware somewhere along the supply chain. The affected brands include Samsung, Xiaomi, Asus, LG, ZTE, and Lenovo. Several types of malware have been found on the devices: data stealers, malicious advertisement displayers, and ransomware. The old “re-image before use” rule that many applied to regular computers should apply to mobile devices as well. This is just one of the risks that enterprise users of open systems, like Android, have to manage.
Stay safe, and stay tuned on the daily TechSanity Check!
- Malware found preinstalled on 38 Android phones used by 2 companies
- Malware infecting Androids somewhere in the supply chain
More stories and tech updates at:
Don’t miss an episode from Craig. Subscribe and give us a rating:
Follow me on Twitter for the latest in tech at:
For questions, call or text:
Thanks, everyone, for listening and sharing our podcasts. We’re really hitting it out of the park. This will be a great year!