<
div class=”field field–name-body field–type-text-with-summary field–label-hidden”>
<
div class=”field__items”>
<
div class=”field__item even”>
SAN FRANCISCO—The Federal Trade Commission (FTC) must act to halt sales by Amazon, AliExpress and other resellers of Android television set-top boxes and mobile devices manufactured by AllWinner and RockChip that have been pre-infected with malware before ever reaching consumers, the Electronic Frontier Foundation (EFF) urged Tuesday in a letter to FTC commissioners.
“We believe that the sale of these devices presents a clear instance of deceptive conduct: the devices are advertised without disclosure of the harms they present. They also expose the buyers to an unfair risk which starts after simply powering the device on and connecting it to the internet,” EFF’s letter says. “Here, where products are sold containing real malware at the point of sale, issuing sanctions to the resellers will provide a powerful incentive for them to pull these products from the market and protect their customers.”
When first connected to the internet, these infected devices immediately start communicating with botnet command and control servers, the letter explains. Then they connect to a vast click-fraud network —in which bots juice advertising revenue by producing bogus ad clicks—which a recent report by HUMAN Security dubbed BADBOX. This operates in the background of the device, unseen by the buyers; even if buyers do find out about it, they can’t do much to regain control of their devices without extensive technical know-how.
The malware also lets its makers, or those to whom they sell access, use buyers’ internet connections as proxies—meaning that any nefarious deeds will look as though they came from the buyers, possibly exposing them to significant legal risk.
Despite widespread reporting on these compromised devices, they are still being sold by Ama
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: