Google Confirms Android Smartphone Security Backdoor
Earlier this year, Forbes reported how a banking Trojan called Triada had been found on a bunch of brand new budget Android smartphones. Google has now confirmed that threat actors did, indeed, manage to compromise Android smartphones with the installation of a backdoor as part of a supply chain attack.
To understand what has happened here, we need to go back to 2016 when Kaspersky Lab researchers first uncovered what they called one of the most advanced mobile Trojans Kaspersky malware analysts had ever seen.
They named that Trojan “Triada” and explained how it existed mainly in the smartphone’s random access memory (RAM) using root privileges to replace system files with malicious ones.
The story evolved, along with the Triada malware itself, during the summer of 2017. Researchers at Dr. Web found that instead of relying upon being able to root the smartphone to elevate privileges, the threat actors had moved on to even more advanced attack methodologies.
Triada had, the researchers found, used a call in the Android framework log function instead. In other words, the infected devices had a backdoor installed. This meant that every time an app, any app, attempted to log something the function was called and that backdoor code executed.
The Triada Trojan could now execute code in pretty much any app context courtesy of this backdoor; a backdoor that came factory-fitted.
Google had remained relatively quiet concerning Triada until this week when Lukasz Siewierski from the Android security and privacy team posted a detailed analysis of the Trojan on Google’s security blog. This not only filled in the missing parts of the puzzle but confirmed that a backdoor did indeed exist in brand new Android smartphones.