- Experts say Uhale devices automatically download malware every time they start
- Seventeen security issues discovered in tested digital frame models
- Major flaws include insecure TrustManager implementations and unsanitized file names.
Security researchers have identified critical risks in Uhale-branded digital frames, revealing that many devices download malicious software immediately upon boot.
Mobile security company Quokka linked payloads to the Vo1d botnet and Mzmess malware families, based on file structure, endpoints, and delivery patterns.
The exact infection vector is still unclear, but the workflow involves automatic app updates that install harmful JAR or DEX files, which are executed every time the device is rebooted.
Multiple flaws create wide vulnerabilities
Quokka’s analysis discovered seventeen security issues on the tested devices, with eleven CVE identifiers assigned.
Major flaws include insecure TrustManager implementations that allow man-in-the-middle attacks and unsanitized file names in update commands, allowing remote installation of arbitrary APKs.
Pre-installed applications also expose unauthenticated file servers on local networks, creating additional security risks.
Many devices were shipped rooted, with SELinux disabled and AOSP test keys, leaving them completely compromised from the start.
WebViews ignored SSL/TLS errors, allowing attackers to inject malicious content, and hardcoded AES keys and outdated libraries further escalated the risks, creating potential supply chain vulnerabilities.
The firm noted that estimating the number of affected users is difficult because the devices are marketed under multiple brands: the Uhale app alone has more than 500,000 downloads on Google Play and thousands of reviews in all markets.
ZEASN, the company behind Uhale, has not responded to repeated reports from researchers, leaving security issues unresolved for months.
Consumers are advised to choose devices from reputable manufacturers that rely on official Android firmware and include Google Play services.
To stay safe, users should maintain antivirus software to detect and remove threats.
Users should also employ identity theft protection to safeguard personal information and ensure a firewall is active to prevent unauthorized access.
Regularly monitoring updates and avoiding unverified applications can reduce exposure to these vulnerabilities.
Surveillance, layered protections, and understanding firmware behavior remain critical to maintaining security in increasingly connected environments.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
