Primed for Malware: Stop Selling Compromised Android Devices
Summary
Researchers have repeatedly found compromised Android devices, including TVs and streaming devices, pre-loaded with malware and being sold on major online retailers like Amazon. Google has identified campaigns like BADBOX affecting millions of uncertified devices running Android Open Source Project (AOSP). The EFF urges these retailers to take systemic action to prevent these compromised devices from reaching consumers and networks.
IFF Assessment
The article highlights the ongoing problem of compromised Android devices being sold with pre-installed malware, posing a significant risk to consumers and their networks.
Defender Context
Defenders should be aware that even seemingly innocuous consumer electronics like Android-based smart TVs and streaming devices can be a vector for malware. Organizations should consider implementing stricter network segmentation and endpoint security for IoT devices, and educating users about the risks of purchasing uncertified or unusually inexpensive electronics.