Does your new phone come preinstalled malware? How to know and what to do

A new report from a security assessment agency shows that many phones sold in India come with malware preinstalled. But if you have one of them, how do you check if any malware is active on your phone and how do you get rid of it?

Saket Modi, CEO and co-founder of Lucideus Tech, a cybersecurity company, tells HT how to deal with malware-ridden phones.

Q) Saket, how do these malwares get in the device evading watchful eyes of so many emplopyees working in these giant corporations?

There are only two types of people on the planet, one who know that they have been hacked and the other who don't. The Checkpoint report pointing various smartphones selling in India have pre-installed malwares is another use case for the same.

What has come out is a flaw in the supply chain management of so many very large mobile equipment manufacturers, where there are malwares which are being pre-embedded both at the OS and chip level of the cell phones.

All the original equipment manufacturers have a set of files and libraries that they pre-embed in a mobile phone before shipping that over to various distribution channels. What has been observed according to the report is that somewhere along that way, in the supply chain distribution mechanism, certain parties are injecting some applications and services which were not originally intended to be there in the boxed version of that phone.

These services and applications are malicious in nature with the intent of either stealing the data or displaying ads based on your contextual data. We had seen instances of similar malwares being installed in the past, as a result of which we had made a free of cost mobile application called Unhack for the Android platform. UnHack simply tells you which are the apps taking specific permissions - so you can see the list of your apps seeing your camera or location history for example.

Q)How do you track the malware and how to tackle them?

From a users perspective, I would encourage people to monitor the following:

a) The permissions you give to your apps, even if it is a system file service trying to use a permission which you are not comfortable with, you can turn that off. In the latest version of both Android and iOS, you have the flexibility to individually decide various levels of permissions for the apps that you use.

b) More importantly, there might be instances of these different services which do not pop-up as an application and you might not see the data usage by them. In this case I would suggest keeping a check on the trend of your data usage from your mobile phone. For example, every month if you know that with your standard usage, you are utilising 2 GB of data and you suddenly in a month see that shooting up to 4 GB, without you really streaming music or downloading movies additionally, it is a red flag that you must probe into and then get in touch with cybersecurity professionals to get a complete health checkup of your smartphone.

What does the malware issue point out for cybersecurity?

Last week's exposure by WikiLeaks regarding the hacking tools being used by the CIA is a testimonial of a situation where it is not just malicious hackers but also the governments around the world who are trying to snoop into your data to be able to map accurately your usage trend, lifestyle and more. This is only going to increase in the near future as our lives gets more and more digitised.