Thousands of Android devices come with unkillable backdoor preinstalled
arstechnica.com
Somehow, advanced Triada malware was added to devices before reaching resellers.

“In total the researchers confirmed eight devices with backdoors installed—seven TV boxes, the T95, T95Z, T95MAX, X88, Q9, X12PLUS, and MXQ Pro 5G, and a tablet J5-W. (Some of these have also been identified by other security researchers looking into the issue in recent months).”

edit this is the v4 of the title of this post. I’m not accustomed to editorializing or de-editorializing posts. I believe that the brand names involved were fairly trivial to the discussion of escalating malware cyberoperations especially if they are state sponsored. Earlier versions of the title were mischiefously incendiary. I apologize for that.

  • Ottomateeverything@lemmy.worldEnglish
    711·
    9 months ago

    Clarifying “Android” here feels misleading. Sure, they’re all Android devices, but they’re not what people think of when they think of Android devices. And they’re also unlikely to be the ones most people buy.

    You could also say “cheap Chinese TV boxes” and it’d still be accurate, and the devices people would think of would be more closely related to the actual devices in question.

    This has basically nothing to do with Android. You might as well say “plastic TV boxes” at that point.

    • Bappity@lemmy.worldEnglish
      203·
      9 months ago

      agreed! what a pointless inclusion of Android in the headline. clearly trying to paint a bad picture for them

    • PeleSpirit@lemmy.worldEnglish
      91·
      9 months ago

      I agree with you that it’s misleading, but the app was in the playstore and I think that’s what they’re referring to. Google says they weren’t certified which means they weren’t tested and they were removed. I agree that it’s still clickbait though.

    • Zorque@kbin.social
      51·
      9 months ago

      Thats what the title was for the last couple posts for this article, “cheap android TV boxes” instead android itself.

      • ghostBones@lemmy.worldOPEnglish
        3·
        9 months ago

        Thank you. I was not aware of that. I don’t really know how to check to see if a link has been posted before. I would like to avoid reposting. 'sure would be nice if a veteran citizen of Leamington could explain it. I have re- re-titled the title in light of your comment.

    • ghostBones@lemmy.worldOPEnglish
      3·
      9 months ago

      I suppose that clarifying it as ‘uncertified open source Android’ would be more appropriate.

    • ghostBones@lemmy.worldOPEnglish
      64·
      9 months ago

      I respectfully disagree. Ars Technica is not known for being a clickbait site. They are merely stating what platform(s) the malware runs on. It’s not an Android hit piece, and it’s not clickbait, it’s just a warning about buying cheap Chinese electronics that have access to your Wi-Fi.

      • SpiderShoeCult@sopuli.xyzEnglish
        1·
        9 months ago

        That’s a Wired article though, they sometimes run those too and the quality of them, at least from my perspective, is dubious.

    • NeoNachtwaechter@lemmy.worldEnglish
      13·
      9 months ago

      Clarifying “Android” here feels misleading

      Not at all for anybody who knows “Android TV” is an operating system.

      You could also say "cheap Chinese TV boxes

      You could also say “Wrzldrmpft with BBQ sauce”.

      Android TV is installed on TVs, projectors, small boxes, big boxes, round boxes, triangled boxes, californian boxes, chinese boxes…

  • GlitterInfection@lemmy.worldEnglish
    272·
    9 months ago

    Edit: OP fixed their title! Thanks OP! The original title was worded to state that Apple TVs were pre-installed with malware, which is not true. The rest of this comment can be ignored now but I’ve left it for reference:

    OP’S headline is a lie and should be taken down or modified.

    There are no Apple devices preloaded with malware or backdoors in this article.

    Human Security’s research is divided into two areas: Badbox, which involves the compromised Android devices and the ways they are involved in fraud and cybercrime. And the second, dubbed Peachpit, is a related ad fraud operation involving at least 39 Android and iOS apps. Google says it has removed the apps following Human Security’s research, while Apple says it has found issues in several of the apps reported to it.

    The same security firm that found the malware on the cheap Chinese ANDROID ONLY boxes, separately found android and ios apps which are security risks (and need to be downloaded manually). The firm reported the apps to both Google and Apple. Both companies are dealing with the reports appropriately.

    • AA5B@lemmy.worldEnglish
      2·
      9 months ago

      Thank you. No hatred toward anyone involved, but the first question is whether I’m affected and this provides a clear answer

  • unbuckledEnglish
    20·
    9 months ago

    Why does this headline say “AND Apple”?

    • dylanmorgan@slrpnk.netEnglish
      51·
      9 months ago

      Because there are some iOS apps implicated, I assume. It’s definitely misleading, if you buy one of the tv boxes they talk about in the article you are almost certainly getting malware, if you buy an appletv even used, the chance it has malware that would survive a clean reinstall is minuscule.

    • Ghostalmedia@lemmy.worldEnglish
      3·
      9 months ago

      Honestly, it’s an easy way to get upvotes with this community. A lot of people will upvote it without reading it, much less thinking critically about it for half a second.

  • Ghostalmedia@lemmy.worldEnglish
    2·
    9 months ago

    This article does NOT say Apple is shipping hardware with badbox / peachpit preinstalled.

    It does look like some shady apps got submitted to Apple’s App Store and were committing Ad Fraud. Moreover, it looks like the Android Badbox devices are kind of toast, unless you’re up for totally reinstalling new firmware.

    https://www.humansecurity.com/hubfs/HUMAN_Report_BADBOX-and-PEACHPIT.pdf

    If you bought a name brand streaming device, and only installed popular well known apps from their marketplaces, you’re properly fine.

  • AutoTL;DR@lemmings.worldBEnglish
    31·
    9 months ago

    This is the best summary I could come up with:

    This week, cybersecurity firm Human Security is revealing new details about the scope of the infected devices and the hidden, interconnected web of fraud schemes linked to the streaming boxes.

    “They’re like a Swiss Army knife of doing bad things on the Internet,” says Gavin Reid, the CISO at Human Security who leads the company’s Satori Threat Intelligence and Research team.

    “This is a truly distributed way of doing fraud.” Reid says the company has shared details of facilities where the devices may have been manufactured with law enforcement agencies.

    In the second half of 2022, Human Security says in its report, its researchers spotted an Android app that appeared to be linked to inauthentic traffic and connected to the domain flyermobi.com.

    When Milisic posted his initial findings about the T95 Android box in January, the research also pointed to the flyermobi domain.

    The company’s report, which has data scientist Marion Habiby as its lead author, says Human Security spotted at least 74,000 Android devices showing signs of a Badbox infection around the world—including some in schools across the US.

    The original article contains 455 words, the summary contains 180 words. Saved 60%. I’m a bot and I’m open source!