Supplier Chain Malware, There's A Bigger Story Here
Checkpoint released a report last week detailing how it had discovered malware installed onto devices belonging to a telecomms company and a technology provider. The handsets, all Android devices, had been tampered with somewhere in the supply chain.
That is important here. The malware wasn't part of the official build nor had it been downloaded by users, it arrived on the handsets but wasn't there when it left the manufacturer.
This is being painted as a weakness in Android - because the flexibility for software to do more means that bad actors have access to more tools when infecting a system.
That's a very small part of this story, which should actually be about industrial espionage. Someone - and I'm assuming its a someone of significant size and resources - has been able to gain access to these devices somewhere between the manufacturer and customer to install this malware.
What kind of organisation is able to target devices with such precision and skill, that's the real question. And how many more organisations and devices have been targeted?
And for those iPhone owners feeling smug about this ask yourself this: gGiven the number of vulnerabilities that have been exposed against iOS already how sure are you that an organistion of this size and capability hasn't been able to target iOS? Would you even know if a third-party and jailbroken your phone for the purposes of installing malware if it arrived with you apparently untampered?
In this case the who is just as - if not more - important than the how. This was not the work of a small group of amateur hacks.