The U.S. government is handing out malware-infested phones to the poor

By Muhammad Jarir Kanji
published

Android malware on a Sony smartphone
Android malware on a Sony smartphone (Image credit: Android Central)

What you need to know

  • The U.S. government provides funding for discounted phones and phone service to low-income consumers.
  • However, according to research by security experts, some of the phones distributed as part of the program contained Chinese malware.
  • One of the pieces of malicious software was found to be in the phone's settings app, leaving it virtually unremovable.

Established in 1985, the Lifeline program under the FCC has been providing low-income households in the U.S. with discounted telecommunications services for more than three decades now. The program has evolved from offering discounts on phone service to broadband, calls, and even smartphone over the years.

However, as researchers at Malwarebytes (opens in new tab) have discovered, some of the cellphones handed out as part of the program were infected with malware — Chinese malware.

The phone in question is the UMX U686CL, which was being offered for a heavily discounted $35 by one of the carriers involved in the Lifeline program, Assurance Wireless, alongside free calls, texts, and data. Two of the phone's system apps, however, were malicious applications that could be used to install additional malware onto the device.

One app, called Wireless Update, is the only means through which users can download OS updates for the phone. However, alongside downloading the latest Android version, the app can also download and install other apps without the user's consent.

That is obviously a serious vulnerability, and Malwarebytes researchers found that Wireless Update was auto-installing apps without user content from the get-go. While scans of the apps installed reveal they are initially clean, the cybersecurity firm points out that malware could easily be distributed to the phones via any future updates to these apps, all without the user knowing about the installations.

The other, even more egregious malware pre-installed on the phone is none other than the Settings app. Not only does this install a Trojan called Hidden Ads onto the phone, but because the Settings app is crucial to the functioning of the phone, removing it is impossible without leaving the phone itself unusable.

The issue is not limited to this particular phone or the Lifeline program, however. Cheap smartphones from numerous Chinese companies have been found to come pre-installed with malware in recent years, and as this story clearly demonstrates, things have only become even more dire on the lower end of the smartphone space.

As Forbes reports, both Assurance Wireless and the FCC have so far refused to comment on the matter.

15 Comments
  • Great work Federal Goverenment! Repeal the 17th Amenent to the Constitution. Restore Federalism.
  • Say it isn't so! Chinese made phones with made to order backdoors. Hopefully these phones will be rounded up and taken out of circulation.
  • My aunt had one of these phones, a bottom end zte. It was a cheetah mobile **** fest
  • Why is this program even necessary? I've just returned from Cambodia, and even the lowly tuk-tuk drivers could find the means to buy a cheap smartphone...
  • Are the malware infested phones Sony devices as that picture indicates?!
  • No, they're not. As the story explicitly states, "the phone in question is the UMX U686CL." The Sony image was just a generic image for malware on Android.
  • Oh boy...was just kidding...geeesh...
  • Because you are poor you get a free phone? Something more than malware is wrong here.
  • No the malware is the problem
  • No, malware is the problem
  • The problem is most Android phones are made in China.
  • Maybe they are tying to figure out why they're poor? Track the bad habits and target them with self help ads. When they see the poor person heading for the liquor store they send an ad for a gym or therapist or maybe a job hunter service?
  • You really think people WANT to be poor? Come on now.
  • Once again, this problem belies the issue in this country of how the poor continue to be ostracized and demonized just for being poor. The less fortunate deserve, in this post 9/11 technology climate, to have a means of communication without the pitfalls of this kind of stuff. And if the phone gets malware that puts the owner's personal information at risk, what means do they have to get the help to fix it? And it's even more unfortunate that these phones are government-provided! Not a good look.
  • Yup the impoverished are usually the most vulnerable