- Experts report that Uhale devices automatically download malware every time they start
- Seventeen security issues discovered in tested digital photo frame models
- Major flaws include insecure TrustManager implementations and unsanitized file names.
Security researchers have identified critical risks in Uhale-branded digital photo frames, revealing that many devices download malware immediately after startup.
Mobile security company Quokka linked payloads to the Vo1d botnet and Mzmess malware families, based on file structure, endpoints and delivery models.
The exact infection vector remains unclear, but the workflow involves automatic app updates that install harmful JAR or DEX files, which run every time the device restarts.
Multiple flaws create widespread vulnerabilities
Quokka’s analysis revealed seventeen security issues on the devices tested, with eleven CVE IDs assigned.
Major flaws include insecure TrustManager implementations that allow man-in-the-middle attacks and unsanitized file names in update commands, allowing remote installation of arbitrary APKs.
Pre-installed applications also expose unauthenticated file servers on local networks, creating additional security risks.
Many devices ship rooted, with SELinux disabled and AOSP test keys, leaving them entirely compromised from the start.
WebViews ignored SSL/TLS errors, allowing attackers to inject malicious content, while hardcoded AES keys and outdated libraries further escalated risks, creating potential vulnerabilities in the supply chain.
The company highlighted how it is difficult to estimate the number of affected users because the devices are sold under multiple brands – the Uhale app alone has more than 500,000 downloads on Google Play and thousands of reviews on marketplaces.
ZEASN, the company behind Uhale, has not responded to repeated reports from researchers, leaving security concerns unaddressed for months.
Consumers are advised to choose devices from reputable manufacturers that rely on official Android firmware and include Google Play Services.
To stay safe, users should have antivirus software to detect and remove threats.
Users should also use identity theft protection to protect personal information and ensure that a firewall is active to prevent unauthorized access.
Regularly monitoring updates and avoiding unverified applications can reduce exposure to these vulnerabilities.
Vigilance, layered protections, and knowledge of firmware behavior remain essential to maintaining security in increasingly connected environments.
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
