Keenadu Firmware Backdoor Infects Android Tablets via Signed OTA Updates
Summary
Kaspersky discovered a new Android backdoor named Keenadu that infects devices during the firmware build phase, allowing for silent data harvesting and remote control. The backdoor is embedded within the firmware of devices associated with brands like Alldocube. This compromise gives attackers deep access to the system.
IFF Assessment
A firmware-level backdoor gives attackers significant persistence and control, making detection and remediation very difficult for defenders.
Severity
Defender Context
This type of supply chain compromise highlights the increasing risks in the mobile device ecosystem and the need for robust firmware integrity checks. Defenders should monitor device behavior for unusual network activity, regularly scan firmware for anomalies, and prioritize secure device provisioning and update processes. Supply chain attacks are becoming increasingly sophisticated, requiring a layered defense approach.