Uhale Android-based digital picture frames come with multiple critical security vulnerabilities and some of them download and execute malware at boot time.
Mobile security company Quokka conducted an in-depth security assessment on the Uhale app and found behavior suggesting a connection with the Mezmess and Voi1d malware families.
The researchers reported the issues to ZEASN (now ‘Whale TV’), the Chinese firm behind the Uhale platform used in the digital picture frames of numerous different brands, but received no reply to multiple notificaitions since May.
Automatic malware delivery
Starting with the most alarming findings, many of the analyzed Uhale photo frames download malicious payloads from China-based servers at boot.
“Upon booting, many investigated frames check for and update to the Uhale app version 4.2.0,” Quokka researchers say in the report.
“The device then installs this new version and reboots. After the reboot, the updated Uhale app initiates the download and execution of malware.”
The downloaded JAR/DEX file that is saved under the Uhale app’s file directory is loaded and executed at every subsequent boot.
The devices that Quokka examined had the SELinux security module disabled, came rooted by default, and many system components were signed with AOSP test-keys.
Downloaded payloads
... continue reading