We weren't completely over with the recent BLU situation and now it has come to our knowledge that a whopping 3 million Android devices worldwide were found to have a powerful backdoor installed on them.
Powerful Rootkit / Backdoor Found Preinstalled on 3 Million Android Devices - Sound the Alarms!
Android isn't all that great when it comes to security, mainly due to the lack of control by Google over how the software works. Pick up the source code, write drivers for it, and you're good to go. This also means you can throw in a few unsuspected things into the mix as well - such as a rootkit or backdoor, allowing remote access to the device and snoop in on the content whenever needed.
On 3 million Android smartphones worldwide, with majority of them in the United States, a ruthless backdoor / rootkit was discovered, allowing an attacker to take complete control over the device once the flaw is successfully utilized. The most alarming thing about this whole situation is that everything happens remotely, so you do not have to be tethered to anything in order for the ship to go down.
Until recently, the flaw could have been exploited by anyone who took the time to obtain two Internet domains that remained unregistered despite being hardwired into the firmware that introduced the vulnerability. After discovering the vulnerability, researchers from security ratings firm BitSight Technologies registered the addresses and control them to this day. Even now, the failure of the buggy firmware to encrypt communications sent to a server located in China makes code-execution attacks possible when phones don't use virtual private networking software when connecting to public hotspots and other unsecured networks.
Of all the affected devices, phones by BLU are most affected, with the number sitting at 26 percent. On second place is Infinix with a percentage of 11. Doogee sits at 8 percent, with Xolo and Leagoo sitting at 4 percent each. 47 percent of the total devices are so covert that it can't be found who the manufacturer is. But in the coming days more information will be revealed for sure.
This is a rather alarming situation given how devices from almost all sort of day to day sectors, such as health, banking, government etc. are using affected devices.
People who are concerned their phone may run the firmware may also contact the manufacturer. So far, according to both BitSight and the CERT advisory, only BLU Products has released an update that addresses the vulnerability. It's not clear if it will be installed automatically or if users must manually apply it, and BitSight researchers have not yet tested the patch to evaluate its effectiveness.
The best advice to give right now is to avoid unsecured network and use a VPN wherever possible.