Sign in / up

back to article That sub-$100 Android slab you got on Black Friday? RIDDLED with holes, say infosec bods

Those fighting through hordes of fellow crazed bargain junkies this Black Friday should avoid some of the cheapo Android tablets on offer. Security researchers at Bluebox Labs bought a dozen Android fondleslabs, each costing less than $100, and tested them for poor patching, dodgy OS installation, and sloppy security practices …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Anonymous Coward
    Anonymous Coward

    Do androids dream of electric updates?

    Leon : " I'm Android 2.2–2.2.3 Froyo (API level 8), born on January 18, 2011. How long do I have?"

    Deckard : " 4 years"

    Leon : " nothing is worse than an app. you can't update, or if you can it doesn't work.. "

    Roy : " I have… seen things you people wouldn't believe… Computers blue screening on the latest MS update, I watched adobe reader splutter in the registry near the HKEY_LOCAL_MACHINE\SECURITY. All those… moments… will be lost in time, like [small cough] tears… in… rain. Time… to die…

    Deckard : Oh, fuck it....

    23 0 Reply
    1. JeffyPoooh
      Reply Icon
      Pint

      $100? Puh! I got an Android "slab" for $30 two years ago

      $30 shipped!

      It's hilariously stupid. It's actually Android 2 point something, but on the About screen they just wrote in "4.0".

      I just assumed it came laced with spyware from the factory. Used it on a vacation in Asia and it got the SMS job done. At least it didn't end up in the Loboc River this time.

      0 0 Reply
  2. Ken Darling

    $$$???

    We use pounds in this country. We're not part of the USA, yet, thank fuckery.

    10 6 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: $$$???

      @Ken - "We're not part of the USA, yet"

      Only cause 'Merica doesn't want your drivers on the wrong side of our roads screwing up all our traffic.

      Although Congress would love to get their hands on the Crown Jewels and the Royal Palaces - we could auction them off at half-price and pay for a couple of days worth of our national debt interest payments.

      4 0 Reply
  3. Jeff Green

    In related news

    It was revealed today that the Pope is Catholic and Bears shit in the woods. The problem isn't that the sellers of dirt cheap items cut corners, of course they do, that's the reason they are dirt cheap. The problem is when premium ones do the same!

    11 0 Reply
  4. Anonymoist Cowyard
    FAIL

    Yay scareware stories

    Anyone would think there was a hidden agenda to stop the market for cheap android devices, or sell a security product..

    Back in the real world, this is a total non issue.

    Number of android devices I have ever encountered with ANY form of virus or malware 0

    Number of windows PC that have seen with issues 90+% of them, hundreds, if not thousands

    15 11 Reply
    1. Mage Silver badge
      Reply Icon

      Re: Yay scareware stories

      Privacy is a major issue on Android.

      Applications get too many permissions.

      If it's Playstore enabled / Google approved then Google seems to know everything, vs cheapest one with no Google Playstore or Processes.

      Google Location Tracking?

      Partially avoiding Mobile and only using your own WiFi Router with extra blocking may help privacy. It's not just about Malware.

      Also today's Vulnerability is tomorrow's machine with a trojan stealing you email passwords. site passwords, bank, credit card and paypal details.

      Add Firefox and Ghostery?

      4 4 Reply
      1. Looper
        Reply Icon

        Re: Yay scareware stories

        Until some flavour of linux is available for tablets, just keep the serious stuff on a proper machine with a platform that can be secured.

        0 1 Reply
        1. Anonymous Coward
          Reply Icon
          Anonymous Coward

          Re: Yay scareware stories

          Yeah, it's a shame they're using Android instead of something Linux based. *cough*

          4 0 Reply
      2. Robert Helpmann??
        Reply Icon
        Childcatcher

        Re: Yay scareware stories

        Whatever happened to wiping the system and replacing it with your own preferred OS? We essentially have the same issue with older phones as they are replaced with our "free" upgrades. I have plans to play with a couple over the winter holidays and am looking forward to becoming familiar with Sailfish.

        0 0 Reply
        1. Charles 9
          Reply Icon

          Re: Yay scareware stories

          Proprietary SoCs with patented hardware wrapped in NDAs happened.

          0 0 Reply
  5. Alain

    Don't ruin the fun

    All these vulnerabilities allow for easy rooting of the tablet/smartphone and they make life easy for Sunday afternoon Android hackers like myself. What's the fun of a 50€ tablet with an almost unwatchable LCD screen if you can't customise it and hack its firmware?

    Until recently, most of the no-name tablets I had in my hands were giving a root shell right away from adb shell and I LIKED that. How's that for security? ;-)

    7 0 Reply
  6. John Tserkezis

    On a separate rant

    "The latest Lollipop build, version 5.0, fixes many of the problems found,"

    ... and creates many problems too.

    6 1 Reply
    1. Dave Bell
      Reply Icon

      Re: On a separate rant

      Never use version x.0 of anything, isn't that the rule?

      6 0 Reply
    2. Anonymous Coward
      Reply Icon
      Meh

      Re: On a separate rant

      "The latest Lollipop build, version 5.0, fixes many of the problems found,"

      Yes now I want it installed on my big brand Samsung....oh wait they are not going to upgrade this one....So I have to root it....so same as el cheapo one then?

      1 0 Reply
  7. Nate Amsden

    don't trust mobile period

    I don't do any online banking, any e-commerce transactions (outside of google play store for a few apps, no movies/music/whatever else they have) on my mobile devices (all Android Samsung Note 3 and Toshiba tablet though I wouldn't do it on IOS either).

    I am very very cautious not to install any privacy invading applications either.

    anything that needs security gets done on my linux laptop.

    exception is I do occasionally login to work VPN from my phone.

    in general I think the risk is quite low for me, but I don't do it anyway. There's never been a time where I felt "I have to do this *now* (and can't wait till I get to my own computer)"

    also maybe goes without saying I don't use public wifi hotspots (except the very occasional hotel but that is rare I prefer to use my phone's mifi which I pay $50/mo for already).

    6 2 Reply
    1. Looper
      Reply Icon

      Re: don't trust mobile period

      I'd go further. Everything you said, plus use a non-smartphone for calls and texts, and an anonymous tablet with dummy google account on a wifi only tablet.

      0 0 Reply
  8. Anonymous Coward
    Anonymous Coward

    huh.

    Considering that all the people asking about these are interested in just casual gaming, low rent media, and such, I really think the manufacturers have rationally qualified their customers. Sorry fellow securobods but not everything needs Knox-level, even Google-level security. Not that either have fulfilled promises made.

    5 0 Reply
  9. Johnny Canuck

    I haven't played with this tablet in about six months, but I may have a rooted, malware infested 7 inch tablet, or I may have the most secure android tablet I've ever seen. I don't know because I've been unable to get root. If I install root utilities it seems to go well, but every rootchecker says I don't have root. Flashing the flash memory with a newer OS simply doesn't work. I've installed a new ROM on a couple android tabs and everything went well, but this one refuses to cooperate. If I didn't already own an ipad and another android tab, then I'd forget about it. But damn, I should be able to crack it.

    FYI - it says allwhinner - not allwinner. So, a clone of a clone?

    2 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      EVERYTHING coming from the well known tat bazzaar is a clone-of-a-clone.

      I suspect your problem may be that the hardware being used is telling porkies to the firmware; I have a Lenovo smartphone clone that is convinced it is the real deal, despite the hardware not matching what the firmware thinks it has; for instance, it shows GPS - and I can enable or disable GPS and the icon changes colour, it reports the state change etc - BUT THERE IS NO GPS!!

      3 1 Reply
  10. vmistery

    It is all very well saying manufacturers should update the software but there is little motivation for them to do so as once the unit is sold there is no financial benefit for them to keep it up to date (unlike with Microsoft or apple who make money from app sales after). If Google want updates pushed they need to take over more of the patching. Something like saying if you bung on 4.2 we will push out security updates for that point release for x years.

    3 0 Reply
  11. J 3
    Joke

    Sponsored...

    ...by Google and Samsung?

    Seriously now.

    "A lot of these issues could be fixed if Google encouraged manufacturers to push out updates to Android faster."

    Well, there is also the question if the near-free tablet even has the hardware capable of running the latest and greatest, no?

    0 0 Reply
  12. Henry Wertz 1 Gold badge

    System updates

    Yeah, I always assume any phone or tablet I get will have the capabilities it has NOW. Too many vendors never ship any updates.

    Not just the Chinese vendors; I've never had a phone yet that got an actual Android update... my Droid 2 Global got an update from 2.2 to still 2.2... I got it up to 2.3.something using Cyanogenmod. My previous phone got no Android version update at all, but updated the LTE radio firmware. My current phone got updated from 4.1.2 to still 4.1.2, but using a newer radio ROM.

    So.. if I get a phone *assuming* it'll get an Android update or two, I'll be sorely disappointed when it doesn't. If I make sure the version it *ships* with is at least "new enough", then I can't be disappointed, but may get a pleasant surprise if there's a nice upgrade down the road.

    (Of course, the "Google phones" are the exception -- since Google *will* ship updates for them for a certain length of time, I wouldn't sweat buying one expecting future updates.)

    1 0 Reply
  13. Erlang Lacod

    Has anyone got a suggestion for a cheapo Android tablet that has average security & average browsing experience over wifi ?

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like