While people are becoming increasingly diligent about what they download on their mobile devices, they may now have to worry about their phones coming with malicious software already pre-installed.
According to new research from Check Point Software Technologies Ltd., 38 Android devices owned by a large telecommunications company and a multinational technology company were found to have malware already present before the users received them.
“The discovery of the pre-installed malware raises some alarming issues regarding mobile security. Users could receive devices which contain backdoors or are rooted without their knowledge,” the company says in a blog post from Mar. 10.
Check Point discovered that the malicious software was not part of the official read-only memory (ROM), a storage medium that keeps its data when the phone is turned off and used to contain important information like basic input instructions, supplied by the vendors, meaning that it was added at some point along the supply chain.
In six of the cases, the malware was added to the devices’ ROM through system privileges, which makes it impossible for users to remove it themselves and requires a full system flash.
“Pre-installed malware compromise the security even of the most careful users. In addition, a user who receives a device already containing malware will not be able to notice any change in the device’s activity which often occur once a malware is installed,” Check Point explains.
Pre-installed malware was found on the following phones:
- Galaxy A5
- Galaxy Note 2
- LG G4
- Galaxy S7
- Galaxy S4
- Galaxy Note 4
- Galaxy Note 5
- Galaxy Note 8
- Xiaomi Mi 4i
- ZTE x500
- Galaxy Note 3
- Galaxy Note Edge
- Galaxy Tab S2
- Galaxy Tab 2
- Oppo N3
- vivo X6 plus
- Nexus 5
- Nexus 5X
- Asus Zenfone 2
- LenovoS90
- OppoR7 plus
- Xiaomi Redmi
- Lenovo A850
The company suggests that as a general rule, users should “avoid risky websites and download apps only from official and trusted app stores.” However, it notes that following these guidelines is not enough to ensure security, as evident by these findings.
“To protect themselves from regular and pre-installed malware, users should implement advanced security measures capable of identifying and blocking any abnormality in the device’s behavior,” it says.