Hello there, welcome back to our scheduled programming on how to drum up clicks and views on your website “Powered by Fear Uncertainty and Doubt”.
As most marketing organizations know, sometimes you need to be a little creative when coming up with news and research. You draw a target for your security researchers to hit, and hope they come back with meaningful data that’ll make it to the next news cycle. And sometimes it actually works.
This time it didn’t. Recently, when reviewing my Twitter/Facebook feeds, I ran across “news” that state that Amazon (OMG – our trusted Amazon) are selling Rooted Android tablets, preinstalled with Trojans. Most of the public probably goes: “Hide your Nexus and shoot your Kindles!” in response. How dare Amazon sell us trojaned tablets?
But worry not, only after actually reading the details of the article (http://www.net-security.org/malware_news.php?id=3152) and the original research report (http://www.cmcm.com/blog/en/security/2015-11-09/842.html) you’ll understand that:
- Amazon has nothing to do with this. Just like you and I can set up shop on Amazon and start selling backdoored laptops, Amazon wouldn’t have anything to do with said backdoored laptops.
- It’s not about your usual tablet. So you can pull back your Nexus, brush up your Kindle, and keep using your Asus/Samsung/LG/[brand] Android tablet.
- It’s not even really an Android issue. One could have jailbroken an iPad, install a backdoor/trojan on it, and sell it online. The Android part is relates more to the price point and the ability to sell really cheap tablets.
- I dare you to recognize any of the “brands” of tablets sold with these trojans. Funny, the top “brand” is actually, wait for it, “NO BRAND”. I kid you not.
So after sorting out the FUD, we are left with no much of a scare. Suspiciously cheap tablets, marketed mostly as “no brand” (or other brands which at least I’ve never heard of), are filled with questionable software. Kind’a reminds me of even “big name” manufacturers who load their phones/tablets/laptops with assorted unwanted software (officially dubbed “bloatware”). Wow. How did this not make headline news across the nation?
Bottom line – it’s pretty sad that we end up running research on the fringe areas of consumer devices and shopping behaviors. Yes, there’s a technical merit to analyzing a Chinese backdoor, but marketing it as “OMGWTFBBQ!” by sprinkling in Amazon and Android in the headline is pure marketing alchemy. Let’s get back to two things:
- Educating that when the deal seems too good, it probably is.
- Focusing our research efforts on more meaningful things. Yes, this also applies to stunt hacking, or junk hacking of sorts. There’s a lot of brainpower that could be diverted to solving problems that we have been dealing with for ages, yet would probably yield less media buzz.