Do you have an Android smartphone? You may have one (or more) of these 146 vulnerabilities
A security company reveals that apps pre-installed by manufacturers on Android devices are full of bugs and vulnerabilities that can put the user and his data at risk.
The discovery is a red alert, it is not surprising: Kryptowire security researchers have published the 2019 edition on the state of the pre-installed software on Android devices and have identified over 145 bugs that can be exploited for malicious purposes.
In short, the apps pre-installed by the manufacturers on smartphones, which in some cases in suite packages bundled with the devices also arrive in the hundreds, are full of bugs of all kinds and that put the user and his data to risk.
Vulnerabilities can lead to any type of compromise: from the installation of unauthorized apps, to the modification of permissions, passing through the exfiltration of information and the unauthorized use of the microphone.
The Kryptowire survey identified these vulnerabilities on the phones of 29 different manufacturers, among which there are numerous low-end market-oriented realities (such as Cubot, Dogee and Elephone, among others) but also leading companies such as Asus, Samsung or Sony.
Samsung issued an official note stating that after being warned by Kryptowire it investigated the situation and determined that the vulnerabilities are harmless since they are already mitigated by the appropriate countermeasures.
” We wanted to understand how simple it was for someone to be able to penetrate the device without the user downloading any applications. If the problem lies with the device, it means that the user has no options. Since the code is deeply integrated into the system, most in some cases, the user cannot do anything to remove the compromised function or app, ” explained Kryptowire CEO Angelos Stavrou.
