For most people, pre-installed phone software is a minor annoyance rather than a risk. It can be a lot more damaging than that though, and researchers from Kryptowire say they8217;ve have found 25 Android devices that come with vulnerabilities pre-installed.
Presenting their findings at the DEFCON hacker conference last week, the researchers revealed a surprising 38 different weaknesses right out of the box for phones from major manufacturers including Sony, LG, Essential, Asus and ZTE.
8220;All of these are vulnerabilities that are prepositioned,” said Angelos Stavrou, CEO of Kryptowire at the conference earlier this month. “They come as you get the phone out the box. That8217;s important because consumers think they8217;re only exposed if they download something that8217;s bad.”
The most high-profile device highlighted was the LG G6, which, the researchers said, had three vulnerabilities, including one where an owner could be locked out of their phone, even in safe mode forcing a factory reset.
Meanwhile, a pre-installed Essential Phone app had a vulnerability which could allow any other app to wipe all the phone data via a factory reset. The Sony Xperia L1 and Nokia 6 TA-1025, meanwhile, had a weakness that could allow outsiders to take screenshots.
The Asus ZenFone 3 Max was arguably worst affected, according to the researchers. It was vulnerable to an exploit which could have allowed hackers to install any app, gather Wi-Fi passwords, install keyloggers, intercept text messages and make phone calls, they said.
With literally thousands of Android devices out there, it’s just not realistic for researchers to analyse every single one on the off-chance that the manufacturers have waved through possible vulnerabilities.
Are you worried about built-in Android vulnerabilities? Let us know on Twitter: @TrustedReviews