Expert Reaction On Pre-Installed, Unremoveable Malware Found On US Government-funded Phones

In response to reports that a US–funded mobile carrier that offers phones via the Lifeline Assistance program is selling mobile devices pre-installed with malicious applications, cybersecurity expert offers perspective.

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Erich Kron
Erich Kron , Security Awareness Advocate
InfoSec Expert
January 10, 2020 2:52 pm

Whether Assurance was aware of the malware when procuring the phones or not, this certainly illustrates the increasing concerns around supply chain management and the complexity behind it. Quite often manufacturers do not write all of the software needed to run the devices, but instead license software from other providers or the manufacturers of the chips themselves. This makes ensuring all of the code is secure and trustworthy a difficult task and is not just related to lower tier providers. A similar issue was recently reported with Samsung phones which uses software even on their top-tier phones such as the S10+, from a company with a questionable reputation called Qihoo 360, and cannot be uninstalled.

In the hypercompetitive world of cellular phones and electronic devices, the struggle to create the most inexpensive phones with the strongest feature set results in less security testing and will likely result in similar events in the future.

The surprising and unfortunate thing here is the response to Malwarebytes when presented with the findings. While it seems easy to ignore these sorts of reports in the hope that it will go away quickly, the unfortunate truth is that a poor response to an incident such as this can leave long lasting marks on an organization\’s reputation. We continue to see that people are far more likely to forgive an issue if the organization is truthful, sincere and transparent in their response.

Last edited 2 years ago by Erich Kron
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x