Android warning: 146 dangerous new vulnerabilities unmasked, is YOUR phone safe?

If you’re using an Android smartphone, you should be on the lookout for a number of new vulnerabilities discovered by security researchers.

A staggering 146 vulnerabilities have been found preinstalled on devices built by 29 different manufacturers, including high-profile brands like Samsung, ASUS, Xiaomi, and Sony.

Security company Kryptowire discovered the problematic vulnerabilities, which are found on the handsets out-of-the-box. Yes, unlike some of the other recent warnings – including warnings about dozens of apps that were capable of generating money for criminals behind-the-scenes using adware, and an app that could reinstall itself whenever users tried to delete the harmful app from their handset – Android users don’t have to install anything to be vulnerable.

According to the company, these vulnerabilities cover a wide range of possible exploits, which include everything from audio recordings from your smartphone behind-your-back to hackers being able to modify core system settings without your permission.

Some of these security flaws exist due to apps that ship with the smartphone, while others are born of the firmware preinstalled on the handset.

According to Wired, Kryptowire started to notify Google about the dangerous gaps in security on devices earlier this summer. However, months later and not all of the manufacturers have sufficiently dealt with the problem.

Samsung says it has introduced the appropriate protection to its production line, but Kryptowire disputes this claim. It reports that bad actors could still gain access to private information stored on the Samsung smartphone without their knowledge.

“Since being notified by Kryptowire, we have promptly investigated the apps in question and have determined that appropriate protections are already in place,” Samsung said in a statement.

“The Samsung apps can be used by third-party supply chain actors to gain access to information without disclosing it or requiring permissions,” rebuffed Kryptowire Vice President of Product, Tom Karygiannis “The current design of the Android Security framework does not prevent that from happening today.”

Meanwhile, Google has taken precautions to strip-out many of the bugs highlighted in the report that come preinstalled on Android devices. However, the company can only do so much – as every individual manufacturer also needs to muck-in and conform to the latest security protections for the action to work.

The damning report was originally published in Wired. Most of the impacted vendors operate from Asia, although the devices ship to customers worldwide.

Most of the handsets identified by Kryptowire are mid-range handset, including the likes of the Xiaomi Redmi Note 6 Pro, Sony Xperia XZ range, and Samsung Galaxy A8 Plus. Kryptowire CEO Angelos Stavrou says these vulnerabilities arise when manufacturers seek profit over the security of their users.

“In the race to create cheap devices, I believe that the quality of software is being eroded in a way that exposes the end user,” Stavrou told Wired.

source: express.co.uk