This could be worrisome. When you buy a new smartphone and start using it, you would care to download and use only those apps which are safe to use.
But, if you were told that the smartphone you purchased comes with vulnerabilities that are pre-existing on apps, how would you react?
This is what has been revealed by a team of researchers at Kryptowire. They have been able to detect as many as 38 vulnerabilities in 25 smartphones well-known smartphone brands.
The Brands and Models of Vulnerable Smartphones
Some of the top brands including Sony, ZTE, Alcatel and Asus are included in this list. In their report, the Kryptowire researchers claim that specific models in these brands are affected by security flaws.
With ZTE instance, the ZTE ZMAX Pro, ZTE Blade Vantage, ZTE Blade Spark and ZTE ZMAX Champ are the models appearing on this list.
Sony Xperia L1 and Vivo 7 are there as well, and so are Nokia 6 TA-1025, LG G6 and Essential. From the Asus brand name, the Asus Zenfone 3 Max, the Asus Zenfone V Live and the Alcatel A 30 have been found to contain vulnerabilities.
The vulnerabilities are of different kinds and many offer an easy opportunity for hackers to mount attacks on the devices.
The Asus Zenfone 3, for example, contains a pre-loaded app that hackers can use to facilitate the theft of Wi-Fi passwords. As is known, once broken in, the attacker can inflict heavy damage.
In another brand, Essential, there is an app which ends up erasing all data in the device by opting for a factory reset. This can be attempted by anyone with malicious intent.
The researchers have found the LG G6 quite a risky device to do business with. It has a flaw due to which the user gets locked out of the device and if he or she tries to recover and gain access, it automatically goes into factory reset mode.
Other Vulnerabilities Detected
Going on to give out the details of how each of these phones fare on the vulnerability test, the research team says there are phones which have a weakness of allowing screenshots to be taken without the user knowing or making a request. The smartphones with this weakness are the LG G6 and Sony Xperia L1.
The ZTE ZMAX Pro device allows the hacker break into the messaging app and make changes to the messages being sent from the device.
How These Vulnerabilities Are Exploited
The research work reveals how the different types of vulnerabilities in these smartphones stand exploited by the attackers.
They first make an attempt to have their malicious apps included in the Play Store since Google informs its users that it is safer to download and install apps from its Play Store.
The user, therefore, will feel comfortable boldly downloading the app on the Google app marketplace.
In the past, the Google Play Store has been found to be a host for adware and malware, as well as crypto mining apps.
It may be practically difficult to detect the malicious apps from among millions of apps on the Google Play Store. There are different agencies involved in the process.
Google owns Android, but it is left to the hardware manufacturer to make changes to suit their respective devices.
Google has already responded on those lines after the research team published their findings.
Now, the other community is that of the app developers—some of the technologies they use can be the reason for the bugs to be carried to the Play Store and then on to the smartphones.
The largest responsibility lies with the OEMs which are engaged in manufacturing these devices, either by themselves or through contract manufacturing.
They may have to test out their finished products thoroughly before releasing them into the market. The manufacturers may have to lift their level of engagement with the developers and with Google as well, ensuring that suspicious apps don’t find their way into the smartphones.