Android phones have pre-installed back frames that make them vulnerable before they appear in stores, Google said in a detailed study on Thursday. The story begins with the “Triada family” Trojans, first discovered in early 2016. In Mountain View, the California company initially removed the Triada sample with Google Play Protect from all Android devices. In 2017, Triada turned into a tailgate that was installed previously for Android devices. In particular, the latest cellphones may not be affected by Google. However, vulnerabilities affect different patterns in the past.
Security researcher Kaspersky highlighted the presence of Triadas in 2016 when it was marked by the Root Trojan, which was developed after obtaining permission to use hardware. The main purpose of the Trojan is to install applications that can send spam and display advertisements. Google has detected Play Protect to delete Triada samples.
According to a blog post describing access to the back door in detail, Google’s internal researchers in 2017 looked at the Triada version used to download and install modules. The pre-installed logo function is in a system area that smartphone manufacturers haven’t seen in the startup phase.
“Triada was accidentally included in the system image as a third-party code for additional features needed by the original manufacturer,” said Lucas Seviers of the Google Android Security and Privacy Team on the blog. “This underscores the need for comprehensive system security reviews before the devices are sold to consumers and every time they are updated by air (OTA).”
Google works with Original Equipment Manufacturers (OEMs) to provide instructions on how to remove equipment threats. Finally, OTA updates will be released to reduce the prevalence of previously installed Triada variants and eliminate infections from affected phones.
Worth mentioning here is that Google does not mention the names of devices that have suspicious access from behind. Dr. security company The report published at the end of July 2017 on the Internet shows that on some Triada Android devices included in the firmware. Devices include Leagoo M5 Plus, Leagoo M8, Nomu S10 and Nomu S20. Google also confirmed the findings of Dr. Webb.
To ensure device security, Google is said to have provided VET with a “building test kit” that allows them to view Android discs before publicly releasing hardware and searching for malware such as Triada, reducing its impact.