In response to reports that a US–funded mobile carrier that offers phones via the Lifeline Assistance program is selling mobile devices pre-installed with malicious applications, cybersecurity expert offers perspective.
In response to reports that a US–funded mobile carrier that offers phones via the Lifeline Assistance program is selling mobile devices pre-installed with malicious applications, cybersecurity expert offers perspective.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
Whether Assurance was aware of the malware when procuring the phones or not, this certainly illustrates the increasing concerns around supply chain management and the complexity behind it. Quite often manufacturers do not write all of the software needed to run the devices, but instead license software from other providers or the manufacturers of the chips themselves. This makes ensuring all of the code is secure and trustworthy a difficult task and is not just related to lower tier providers. A similar issue was recently reported with Samsung phones which uses software even on their top-tier phones such as the S10+, from a company with a questionable reputation called Qihoo 360, and cannot be uninstalled.
In the hypercompetitive world of cellular phones and electronic devices, the struggle to create the most inexpensive phones with the strongest feature set results in less security testing and will likely result in similar events in the future.
The surprising and unfortunate thing here is the response to Malwarebytes when presented with the findings. While it seems easy to ignore these sorts of reports in the hope that it will go away quickly, the unfortunate truth is that a poor response to an incident such as this can leave long lasting marks on an organization\’s reputation. We continue to see that people are far more likely to forgive an issue if the organization is truthful, sincere and transparent in their response.