Pre-Installed Android Malware Found On 36 High-end Smartphones

Bought a brand new Android Smartphone? Do not expect it to be a clean slate.

At least 36 high-end smartphone models belonging to popular manufacturing companies such as Samsung, LG, Xiaomi, Asus, Nexus, Oppo, and Lenovo, which are being distributed by two unidentified companies have been found pre-loaded with malware programs.

These malware infected devices were identified after a Check Point malware scan was performed on Android devices. Two malware families were detected on the infected devices: Loki and SLocker.

According to a blog post published Friday by Check Point researchers, these malicious software apps were not part of the official ROM firmware supplied by the smartphone manufacturers but were installed later somewhere along the supply chain, before the handsets arrived at the two companies from the manufacturer's factory.

First seen in February 2016, Loki Trojan inject devices right inside core Android operating system processes to gain powerful root privileges. The trojan also includes spyware-like features, such as grabbing the list of current applications, browser history, contact list, call history, and location data.

On the other hand, SLocker is a mobile ransomware that locks victims devices for ransom and communicates through Tor in order to hide the identity of its operators.

List of Popular Smartphones Infected with Malware

Here's the list of infected smartphones:

• Galaxy Note 2
• LG G4
• Galaxy S7
• Galaxy S4
• Galaxy Note 4
• Galaxy Note 5
• Xiaomi Mi 4i
• Galaxy A5
• ZTE x500
• Galaxy Note 3
• Galaxy Note Edge
• Galaxy Tab S2
• Galaxy Tab 2
• Oppo N3
• Vivo X6 plus
• Nexus 5
• Nexus 5X
• Asus Zenfone 2
• LenovoS90
• OppoR7 plus
• Xiaomi Redmi
• Lenovo A850

The malware backdoor offers its operator unrestricted access to these infected devices, from downloading, installing and activating Android malicious apps, deleting user data, uninstalling security software and disabling system apps, to dialing premium phone numbers.

This incident underscores the dangers of untrusted supply chains, and experts are quite worried about the security of the supply chain with reports of over 20 incidents where rogue retailers have managed to pre-install malware on new Android handsets.

Here's How to Remove the Malware Infections:

Since the malware programs were installed to the device's ROM using system privileges, it's hard to get rid of the infections.

To remove the malware from the infected devices, either you can root your device and uninstall the malware apps easily, or you would need to completely reinstall the phone firmware/ROM via a process called "Flashing."

Flashing is a complex process, and it is recommended that users power off their device and approach a certified technician/mobile service provider.

It's not the first time when high-end smartphones have been shipped pre-installed with malicious apps that can covertly siphon sensitive user data.

In December last year, certain low-cost Android smartphones and tablets were found to be shipped with malicious firmware that covertly gathered data about the infected devices, displays ads on top of running apps and downloads unwanted APKs on the victim's devices.

In November, researchers discovered a hidden backdoor in the AdUps firmware of over 700 Million Android smartphones, which also covertly gathered data on phone owners and sent it to a Chinese server without the user's knowledge.

Meanwhile, a flaw in the Ragentek firmware used by certain low-cost Android devices was also discovered that allowed attackers to remotely execute malicious code with root privileges, turning over full control of the devices to hackers. 

 

by Wang Wei

How Fast Is Falling Rain?

Image via reway2007

Read a random fact yesterday that said the “average rain drop falls at 17mph.” Is that reasonable?
Let the physics begin. You might think: hey, wont’ the speed depend on how high the water started? Well, it would if air resistance on the water drop were not important. However, I suspect that the rain will fall at terminal velocity. Terminal velocity is the case when the air resistance on the object is equal to the gravitational force on the object. When this happens, the net force is zero (the zero vector) and the object falls at a constant speed.
Here is a diagram of a water drop at terminal speed.

Since the air resistance force depends on the speed of the object (but the gravitational force does not), there is one speed for which these two forces add up to the zero vector. Near the surface of the Earth, the magnitude of the gravitational force can be modeled as:

Where g is the local gravitational field (not the acceleration due to gravity – that is a non-good name for it). And what about the air resistance? It can probably be modeled as:

Where:

• ρ is the density of air (about 1.2 kg/m³).
• A is the cross-sectional area of the object. If the object was a sphere, this area would be the area of a circle.
• C is the drag coefficient. This depends on the shape of the object. A cone and a flat circle will have the same A, but different drag coefficients.
• v is the magnitude of the velocity of the object with respect to the air.
• It won’t matter for this case too much, but the direction of the air resistance force is in the opposite direction to the velocity.

At terminal velocity, the magnitudes of these two forces will be equal. I can write that as:

Now, what about the mass (m)? Let me assume that it is made of water (like most rain) and is spherical (even though that is not likely – it would probably be “rain drop shaped”). If I call the density of water ρ_w and the radius of the drop r, then the mass would be:

Putting this into the “weight = air resistance” expression above as well as an expression for the cross-sectional area in terms of r, I get:

The cool thing here is that the terminal speed of the water drop depends on the size (radius). Larger drops will have a larger terminal velocity. So, could you just make a water melon sized water drop? No. Why not? Because at some point, the force from the air on the drop is going to break the water drop apart. The surface tension holding the drop together just won’t be enough to maintain its drop status.
Then how big can it get? I have no idea. Oh, and then there is the problem of real drop instead of spherical drops. Let me look at that first. Wikipedia lists the coefficient of drag for a smooth sphere as 0.1. A rain drop should be less than this – but how much less? Well, a rain drop would take some of the water to form some sort of tail. This would decrease the cross sectional area as well as decrease the drag coefficient. I am not sure how to calculate the volume of a non-spherical rain drop, so for now I will just use a spherical drop with a drag coefficient of 0.08. I know that is wrong, but it will give me an idea about the terminal speed.
Now, how big should it be? How about I don’t decide. Instead I will plot the terminal speed for a range of rain drop sizes. Let me look at drops from 0.5 mm to 5 mm. Here is that plot.

Well, the original question asked about the speeds in units of miles per hour. Here is the same plot but with different units.

Based on my estimations, 17 mph would be on the low end – but possible. It could be likely that I grossly overestimated the size of a raindrop.
Homework: Yes, there is homework. If the rain drop has a radius of 0.5 mm, from how high would it have to drop to get pretty close to the terminal velocity?

Update

As usual, I rush into things without exploring things in more depth. My assumption of a raindrop shaped raindrop appears to be bogus. Who would have guessed that? Anyway, here are some very useful links from commenters (Jens and Charles) and a large thanks to them.

• A German kid’s video showing the shape of a raindrop (I think).
• A nice summary of findings for falling rain drops.
• Terminal Velocity of Rain Drops Aloft – paper from the Journal of Applied Meteorology (pdf)
• Here is another link from @swansontea: Bad Rain: Raindrops are not tear drop shaped.

By David Cox (@dcox21)