Trend Micro experts have issued a warning stating that millions of smartphones — primarily low-cost Android devices, smart TVs, smartwatches, and other gadgets, are shipped with malware in the firmware directly from the factories.
According to researchers, the number of infected devices is measured in millions, most in Southeast Asia and Eastern Europe. Installing malicious code into the firmware of mobile devices is comparable to introducing an infection into the root of a tree that spreads throughout the trunk, down to the last branch and leaf.
The introduction of malware into mobile devices began when prices for firmware for mobile phones collapsed. The competition became so fierce that, at some point, the firmware was offered for free, leading to the practice of installing so-called silent plug-ins. Trend Micro experts analyzed dozens of firmware samples for malicious code and found more than 80 such plug-ins, some sold through closed channels, while others sold openly through social networks and blogs.
Malicious software allows attackers to intercept SMS messages, hack into social networks and instant messengers, and monetize through ads and click fraud schemes. The attackers access data about keystrokes on devices, users’ geographic locations, IP addresses, and other information. Sometimes devices become proxy servers and exit nodes leased for up to 1200 seconds.
The report’s authors did not directly indicate the source of the threat but invited the audience to think about where most OEMs are located and draw conclusions. Malware has been found on the devices of at least 10 vendors, and about 40 more are at risk. The number of infected devices is increasing rapidly, and researchers characterize it as a “growing problem for ordinary users and enterprises.”
To protect against the threat, it is recommended to stick to the products of large brands, although it is not a guarantee of safety. Users should also be cautious about purchasing low-cost mobile devices from unknown or small brands and vendors. Regular firmware updates and the installation of anti-malware software can provide additional protection against this growing threat.
