Cybersecurity researchers at Human Security have discovered the existence of a globally distributed network of consumer products equipped with firmware backdoors, which they named the BADBOX network. Devices included in the network are primarily Android based mobile phones, tablets, and connected telecommunication boxes.
Backdoored Devices Total to 74,000 Units
The experts noted that at least 74,000 units worldwide had the backdoor firmware. Such products have been utilized predominantly within public school networks across the United States. The identified malware within the firmware was traced back to the Triada Trojan, a malevolent code designed to implement financial frauds by hijacking financial SMS transactions. The only apparent way to eliminate this threat is through a complete wipe and reinstallation of the device operating system.
Ad Fraud Scheme Named PEACHPIT Identified
One of the notable schemes emerging from this backdoor was an ad-fraud operation named PeachPit. It is worth noting there is a book publisher known as Peachpit, but is not associated with this operation.
At the peak of its operation, PeachPit had managed to infect around 121,000 Android devices and 159,000 iOS devices, generating an average of 4 billion ad requests per day. While PeachPit has been disrupted, other components of the BADBOX network are currently dormant and can potentially become activated to continue these disruptive activities. Removal of BADBOX from devices is noted as a complex process, especially for the average user given that the malicious software is located on a readonly (ROM) partition. Therefore, purchase of familiar brands is advised for new devices.
Android is not famed for its security. It's part of the bargain that makes Google's mobile platform so appealing to developers. The company hands the OS to OEMs and they can do what they want with it. Beyond the stock Android experience, this makes the platform open to vulnerabilities. Open source and an open ecosystem have led Android to having more frequent security issues than the more closed Apple iOS.