In a recent report, security software maker Check Pont revealed earlier on Friday that 36 Android smartphones from two companies contain preinstalled malware.
A member of the company’s Mobile Research Team revealed in a note, “In all instances, the malware was not downloaded to the device as a result of the users’ use — it arrived with it.”
Mark Nunnikhoven, principal engineer of cloud and emerging technologies at Trend Micro said, “Unfortunately, this isn’t unexpected or even the first time we’ve seen this type of supply chain attack.”
“The problem is that when the phone is customized, malicious software or adware can be injected into it. This appears to have been the case here.”
“That means that anyone with physical access to the device — either an intruder or an insider — could connect the devices one by one to a computer and install malicious applications.”
AppRiver’s senior security analyst revealed, “In a scenario like this, the only method to protect yourself from this threat would be to scan the phone right out of the box.”
“Of course, this is a fairly disturbing proposition. But unfortunately the only solution in this case.”
As a result of the malware, consumers are currently under wish of the manufacturers as Michael Patterson said, “There is an expectation of trust, which in this case was broken,” he told LinuxInsider.
“Given this situation where malware was installed as part of the supply chain, the only way for consumers to be protected is for manufacturers to begin to do a final quality assurance test of products before they are shipped to the consumer.”