Many Android Devices Ship With Firmware Flaws

Asus, Essential, LG and ZTE have all vowed to patch security flaws found by mobile security firm Kryptowire. The firm’s research was meant to point out that some security meltdowns stem from code written by phone companies to modify Android. Researchers found bugs in the firmware of 10 separate devices carried across the major American carriers, the Verge reported. The security lapses could lead to everything from letting an attacker lock someone out of their device, to getting control over their microphone and more—though most of the attacks that the researchers detailed required users to download some sort of malicious app before they could take advantage of the holes present in the firmware. According to Kryptowire, these vulnerabilities stem from Android’s open nature, which allows third-parties to tweak the code and modify the interference or create completely different versions of Android. However, as the researchers found out, this open-style system can also lead to gaps in the phones’ security. The research looks at these flaws as a problem endemic to Android.