Android smartphones from Asus, LG, Essential, and ZTE are having new firmware bugs.
The key findings were discovered by cybersecurity researchers that analyzed more than 10 devices sold across the major US carriers.
These vulnerabilities range in severity, from being able to lock someone out of their device to gain surreptitious access to its microphone and other functions; but they all have something in common: ‘They cannot be fix”.
This persistence exists because all of them are a byproduct of an open Android operating system that lets third-party companies modify the code to their own will. Those changes lead to many problems including the well-known one of delays in shipping security updates.
In order to stay away from any threats like this, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running.
If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;
Asus ZenFone V Live was found to leave its owners exposed to an entire system takeover, including taking screenshots and video recordings of a user’s screen, making phone calls, reading and modifying text messages, and more.
Researchers say that what makes these vulnerabilities so pernicious is that they don’t need to have special privileges granted by a user; in other words, all go simply and silently, thanks to the device’s broken firmware.
For the ZTE Blade Spark and Blade Vantage, firmware flaws would allow any app to access text messages, call data, and the so-called logcat log, which collects system messages and can include sensitive information like email addresses, GPS coordinates, and more.
On the LG G6, vulnerabilities could expose the logcat log, or be used to lock a user out of their device. A hacker could factory reset an Essential Phone, by wiping both its data and cache.
The saddest thing is that there’s nothing you can personally do to fix the problem, or realistically even identify it in the first place.
LG is working to fix some of them but not all of the underlying issues. As for ZTE, the company said that they are already delivering fixes starting today.
Until now only an AT&T spokesperson confirmed that the carrier had “deployed the manufacturer’s software patches to address this issue.”
If you are using other mobile carriers you have to wait and while you wait, there’s literally nothing you can do to fix the problem by yourself.
We would continue to monitor this situation. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.