Spawn

Administrator
Verified
Staff member
Fake devices look real but are rife with unpatched operated systems, outdated kernels, and a universe of dodgy backdoors and malware, researchers have found.
Motherboard’s investigation also found the fake iPhone X was loaded with backdoors and malicious apps, meaning that owning such a device likely resulted in any number of dubious middlemen gaining access to your personal information.

This time, the researchers dug deeply into the workings of two bogus devices, a fake iPhone 6 and a fake Samsung S10. Both devices are routinely being sold for around a tenth of their retail price at a wide variety of sketchy online outlets, and both contain severe security vulnerabilities that will put your personal data—and potentially your personal safety—at risk.

The external fit and finish do a convincing job making the devices look legit, and even some functionality like haptic feedback and fingerprint sensors work fairly well. Internally, both devices use cheap Chinese hardware running community-built Android-based ROMs, with the S10 using the same native launcher, UI/Icon pack, and theming engine of the original device.

But while both devices pretend to be running the latest version of Android Pie 9.0, in reality they were running OS variants like Kitkat 4.4.0. that haven't seen security updates since 2014. The devices also both run outdated kernels, opening device users to threats patched years ago (like DirtyCow or Towelroot) in the legitimate versions of these devices.

It looks like an Apple lightning cable. It works like an Apple lightning cable. But it will give an attacker a way to remotely tap into your computer.
I plugged the Apple lightning cable into my iPod and connected it to my Mac, just as I normally would. My iPod started charging, iTunes detected the device, and my iPod produced the pop-up asking if I wanted to trust this computer. All expected behaviour.

But this cable was hiding a secret. A short while later, a hacker remotely opened a terminal on my Mac's screen, letting them run commands on my computer as they saw fit. This is because this wasn't a regular cable. Instead, it had been modified to include an implant; extra components placed inside the cable letting the hacker remotely connect to the computer.