dcsimg

Android Tablet Security Analysis for the 2014 Holidays

  • Android Tablet Security Analysis for the 2014 Holidays-

    Zeki

    Kohl’s is advertising a Zeki 7” Android tablet for $49.99. Bluebox labs was able to buy the same model from Amazon. With a well-deserved Trust Score of 2.1, this was the worst tablet encountered out of the entire lineup. This Android 4.1.1 device is vulnerable to four major Android security vulnerabilities, has USB debugging turned on by default, comes with a security backdoor pre-installed, is signed by the AOSP test key, and doesn’t include Google Play – thus it requires the use of third-party app markets, which do not benefit from Google’s extra app security screening process.

    Trustworthiness: Suspicious

    Vulnerabilities: Fake ID, Futex, Master Key, Heartbleed

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17

Android Tablet Security Analysis for the 2014 Holidays

  • 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17
  • Android Tablet Security Analysis for the 2014 Holidays-15

    Zeki

    Kohl’s is advertising a Zeki 7” Android tablet for $49.99. Bluebox labs was able to buy the same model from Amazon. With a well-deserved Trust Score of 2.1, this was the worst tablet encountered out of the entire lineup. This Android 4.1.1 device is vulnerable to four major Android security vulnerabilities, has USB debugging turned on by default, comes with a security backdoor pre-installed, is signed by the AOSP test key, and doesn’t include Google Play – thus it requires the use of third-party app markets, which do not benefit from Google’s extra app security screening process.

    Trustworthiness: Suspicious

    Vulnerabilities: Fake ID, Futex, Master Key, Heartbleed

BlueboxTabletSecurityReviewKey

Without a doubt, tablets will be a hot item this holiday season. Retailers from Best Buy, Wal-mart, Target, Kohl's and Staples are hard at work offering can't-miss deals this holiday for a host of "bargain" Android tablets. But how much of a deal are you really getting?

Bluebox Labs recently purchased over a dozen tablets featured in this year's Black Friday extravaganzas (most under $100) and reviewed each of them for security. What they found was shocking and quite terrifying. Many of the devices shipped with vulnerabilities and security misconfigurations – a few even had security backdoors.

We know that the product quality and features on inexpensive tablets are less than more expensive tablets. But Android is Android, and the software running on these tablets should offer the same secure Android experience as other Android devices. Alas, the device vendor makes many decisions when constructing an Android tablet, and some of those decisions can drastically affect the overall security and long-term trustability of the device.

The amount of security variation in Android devices is so large that Bluebox Labs recently released the free Trustable by Bluebox Android application to discover and measure all of the security aspects of a device. The Trustable by Bluebox app produces an overall Trust Score, which provides an indication on how trustable the device is compared to other available Android devices. You can read all about how they compute a Trust Score here and give the Trustable by Bluebox app a try by downloading it from Google Play.