- Experts flag Uhale devices download malicious software automatically each time it boots up
- Seventeen security issues discovered across the tested digital picture frame models
- Major flaws include insecure TrustManager implementations and unsanitized filenames
Security researchers have identified critical risks in Uhale-branded digital picture frames, revealing many devices download malicious software immediately after boot.
Mobile security firm Quokka linked payloads to the Vo1d botnet and Mzmess malware families, based on file structure, endpoints, and delivery patterns.
The exact infection vector remains unclear, but the workflow involves automatic app updates that install harmful JAR or DEX files, which execute every time the device restarts.
Multiple flaws create extensive vulnerabilities
Quokka’s analysis uncovered seventeen security issues across tested devices, with eleven assigned CVE identifiers.
Major flaws include insecure TrustManager implementations that permit man-in-the-middle attacks and unsanitized filenames in update commands, enabling remote installation of arbitrary APKs.
Pre-installed apps also expose unauthenticated file servers on local networks, creating additional security risks.
Many devices shipped rooted, with SELinux disabled and AOSP test-keys, leaving them fully compromised from the start.
WebViews ignored SSL/TLS errors, allowing attackers to inject malicious content, and hardcoded AES keys and outdated libraries further intensified risks, creating potential supply-chain vulnerabilities.
The firm noted how estimating the number affected users is difficult because the devices are marketed under multiple brands – with the Uhale app alone has over 500,000 downloads on Google Play, and thousands of reviews across marketplaces.
ZEASN, the company behind Uhale, has not responded to repeated reports from researchers, leaving security issues unaddressed for months.
Consumers are advised to choose devices from reputable manufacturers which rely on official Android firmware and include Google Play services.
To stay safe, users need to maintain antivirus software for detecting and removing threats.
Users should also employ identity theft protection to safeguard personal information and ensure a firewall is active to prevent unauthorized access.
Regularly monitoring updates and avoiding unverified apps can reduce exposure to these vulnerabilities.
Vigilance, layered protections, and awareness of firmware behavior remain critical for maintaining security in increasingly connected environments.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
