Keenadu Firmware Backdoor Infects Android Tablets via Signed OTA Updates

A new Android backdoor named Keenadu has been discovered embedded in device firmware, enabling silent data harvesting and remote control of affected devices. According to Kaspersky, the Russian cybersecurity vendor, this compromise occurs during the firmware build phase, affecting brands such as Alldocube.

The backdoor spreads through signed over-the-air (OTA) updates, making it difficult to detect and remove, as it operates at a deep system level. This highlights significant risks in the firmware supply chain and underscores the need for enhanced security measures in device manufacturing and update processes.

Key Takeaways

Keenadu is a firmware-level Android backdoor that allows data harvesting and remote control.
The compromise occurs during the firmware build phase, affecting devices from brands like Alldocube.
It spreads via signed OTA updates, making detection and removal challenging.
This incident emphasizes vulnerabilities in the firmware supply chain and the importance of secure update mechanisms.

Source: The Hacker News

Press ESC to close

Key Takeaways

Share Article:

Tarang Parmar

My Day Getting My Hands Dirty with an NDR System

Researchers Show Copilot and Grok Can Be Abused as Malware C2 Proxies