this post was submitted on 07 Oct 2023
119 points (99.2% liked)

Android

17252 readers
530 users here now

The new home of /r/Android on Lemmy and the Fediverse!

Android news, reviews, tips, and discussions about rooting, tutorials, and apps.

🔗Universal Link: !android@lemdro.id

💡Content Philosophy:

Content which benefits the community (news, rumours, and discussions) is generally allowed and is valued over content which benefits only the individual (technical questions, help buying/selling, rants, self-promotion, etc.) which will be removed if it's in violation of the rules.

Support, technical, or app related questions belong in: !askandroid@lemdro.id

For fresh communities, lemmy apps, and instance updates: !lemdroid@lemdro.id

💬Matrix Chat

💬Telegram channels / chats

📰Our communities below

Rules

  1. Stay on topic: All posts should be related to the Android OS or ecosystem.

  2. No support questions, recommendation requests, rants, or bug reports: Posts must benefit the community rather than the individual. Please post to !askandroid@lemdro.id.

  3. Describe images/videos, no memes: Please include a text description when sharing images or videos. Post memes to !androidmemes@lemdro.id.

  4. No self-promotion spam: Active community members can post their apps if they answer any questions in the comments. Please do not post links to your own website, YouTube, blog content, or communities.

  5. No reposts or rehosted content: Share only the original source of an article, unless it's not available in English or requires logging in (like Twitter). Avoid reposting the same topic from other sources.

  6. No editorializing titles: You can add the author or website's name if helpful, but keep article titles unchanged.

  7. No piracy or unverified APKs: Do not share links or direct people to pirated content or unverified APKs, which may contain malicious code.

  8. No unauthorized polls, bots, or giveaways: Do not create polls, use bots, or organize giveaways without first contacting mods for approval.

  9. No offensive or low-effort content: Don't post offensive or unhelpful content. Keep it civil and friendly!

  10. No affiliate links: Posting affiliate links is not allowed.

Quick Links

Our Communities

Lemmy App List

Chat and More

founded 1 year ago
MODERATORS
ijeff@lemdro.id
ladfrombrad@lemdro.id
Paradox@lemdro.id
multimoon@lemdro.id
inspector@gadgetro.id
mikestevens@lemdro.id
Devgard@lemmy.world
limerod@reddthat.com
Netrunner@lemdro.id
119
Thousands of Android (streaming) devices come with unkillable backdoor preinstalled (arstechnica.com)
submitted 10 months ago* (last edited 10 months ago) by androidtate@lemdro.id to c/android@lemdro.id
5 comments fedilink hide all child comments
top 5 comments
sorted by: hot top controversial new old
[–] Hydrogen@lemdro.id 13 points 10 months ago

It's not like these Android boxes are killer deals either.

[–] autotldr@lemmings.world 6 points 10 months ago

This is the best summary I could come up with:

This week, cybersecurity firm Human Security is revealing new details about the scope of the infected devices and the hidden, interconnected web of fraud schemes linked to the streaming boxes.

“They’re like a Swiss Army knife of doing bad things on the Internet,” says Gavin Reid, the CISO at Human Security who leads the company’s Satori Threat Intelligence and Research team.

“This is a truly distributed way of doing fraud.” Reid says the company has shared details of facilities where the devices may have been manufactured with law enforcement agencies.

In the second half of 2022, Human Security says in its report, its researchers spotted an Android app that appeared to be linked to inauthentic traffic and connected to the domain flyermobi.com.

When Milisic posted his initial findings about the T95 Android box in January, the research also pointed to the flyermobi domain.

The company’s report, which has data scientist Marion Habiby as its lead author, says Human Security spotted at least 74,000 Android devices showing signs of a Badbox infection around the world—including some in schools across the US.

The original article contains 455 words, the summary contains 180 words. Saved 60%. I'm a bot and I'm open source!

[–] Bizarroland@kbin.social 6 points 10 months ago

I like how they say that only people with technical skills can remediate this malware but many of these boxes are very cheap, I've seen them on AliExpress for $15 or so.

To replace the firmware is about a 1-hour task following online guides.

So if being cheap is your primary objective it's definitely not off the table to buy these boxes, just know that when you buy them your first task before they are ever connected to the network is to reflash them.

[–] DoomBot5@lemmy.world 2 points 10 months ago (1 children)

Did they just discover the LTT video about this from a couple months back?

[–] DeltaTangoLima@reddrefuge.com 6 points 10 months ago

Not really the same thing.

The LTT video (which was started by the same report as the Wired article ars reproduced) attempts to talk more deeply about what's on the boxes.

The linked article, however, talks about the further investigations that took place into the C2 service behind these boxes, and what steps were taken to try and stop them.