146 New Android Vulnerabilities Found on Samsung, Xiaomi, Asus Phones

Enterprise security solutions firm, KryptoWire, has identified 146 vulnerabilities in pre-installed Android apps from as many as 27 vendors.The study, funded by the US Department of Homeland Security (DHS), found the security flaws in a variety of devices, ranging from flagship smartphones to entry-level handsets. According to the report, the vulnerabilities could allow unauthorized actors to modify system settings, install unwanted apps surreptitiously and even record audio without user consent.

The report claims that the errant vendors include some of the biggest and most reputable global names in the world of technology, including Samsung, Asus and Xiaomi. Interestingly, Lava seems to be the only Indian brand on the list otherwise dominated by Chinese firms. Some of these vendors, however, are predictably pushing back at the allegations, with Samsung issuinga statement to Wired, saying:“we have promptly investigated the apps in question and have determined that appropriate protections are already in place”.Chart Courtesy: KryptoWire

Kryptowire, however, disagrees with that assertion, with the company’s VP of product, Tom Karygiannis, saying“The Samsung apps can be used by third-party supply chain actors to gain access to information without disclosing it or requiring permissions”. He further pointed at the security framework of Android itself, saying,“The current design of the Android Security framework does not prevent that from happening today”.

Malware on Androidcontinues to remaina huge problemin spite of a multitude of steps taken by Google to eradicate the issue in recent times. The companyrecently brought togetherprominent cyber-security firms ESET, Lookout and Zimperium, under an umbrella organization called the App Defense Alliance to stop“bad apps before they reach users’ devices”. However, as the latest study seems to show, there’s along way to gobefore the platform becomes truly safe.

Kishalaya Kundu

Passionate techie. Professional tech writer. Proud geek.

Add new comment

Name

Email ID

Δ

01

02

03

04

05