Security experts have warned that default regional settings and pre-loaded applications may be exposing Android devices in some countries to a greater risk of cyber-attack. F-Secure claimed today that large numbers of pre-bundled apps can expand the attack surface of a device.
The impact is potentially worse when country-specific rules block access to Google Play, meaning that users have to rely on third-party stores curated by the phone manufacturers themselves.
F-Secure claimed it found multiple vulnerabilities in the Huawei AppGallery which could be used to “create a beachhead” to launch additional attacks, such as one targeting the Huawei iReader which could allow hackers to execute code and steal data from devices.
Meanwhile, a simple phishing email/message could be enough to compromise the default configuration on the Xiaomi Mi 9 for China, India, Russia and maybe other countries, the security vendor claimed.
In another case, the research team compromised a Samsung Galaxy S9 by exploiting the fact that the device changes its behavior according to which country issued the SIM inside it.“To perform this attack, an adversary must manipulate an affected Galaxy S9 user into connecting to a Wi-Fi network under their control (such as by masquerading as free public Wi-Fi),” F-Secure explained.
“If the phone detects a Chinese SIM, the affected component accepts unencrypted updates, allowing an adversary to compromise the device with a man-in-the-middle attack. If successful, the attacker will have full control of the phone.
Research published by F-Secure Labs demonstrates that region-specific Android setups are creating a fragmented landscape of security problems.