Here's the explanation of how it could happen.
Here's the explanation of how it could happen.
Hackers managed in 2017 to install an advanced backdoor in Android devices before the phones left the manufacturers' factories. It confirms Google in a blog post.
There is the talk of Triada - a back door that Kaspersky mentioned already in 2016. The security company called Triada "one of the most advanced mobile trojans" they had ever encountered.
The purpose of Triada is to install apps that can send spam and display advertisements on the victim's phone. By breaking past security mechanisms in the Android system, the Trojan can tamper with any installed Android apps.
Confirms Triada attacks
It was in July 2017 that the security company Dr. Web discovered that the Triada Trojan was built into the firmware of a number of Android devices. However, Google has been silent about the serious security shortage but has now confirmed Dr. Web's information.
However, Google does not mention which mobile manufacturers are affected by the Triada issue. The company, on the other hand, states that the attack was carried out by a manufacturer-partner just before the final firmware verification was completed.
Here's Google's explanation
"Triada infects the image files from the device system through a third party during the manufacturing process. Sometimes, manufacturers include features that are not part of the Android Open Source Project, such as face unlocking. The manufacturer can then cooperate with a third party who can develop the desired function and then send the complete system image to the vendor for development. Based on analyzes, we believe that a supplier named Yehuo or Blazefire infected the returned sewing images with Triada ». writes Google.
Google has later confirmed that they have been working with the relevant mobile manufacturers to launch so-called OTA (Over The Air) updates that seal the back door. How many phones ended up being affected by the damage is still an unanswered question. According to the Dr. Web report of 2017, the middle-class phones were Leagoo M5 Plus, Leagoo M8, Nomu S10, and Nomu S20 among the infected phones.