The Black Friday and Cyber Monday festivities have inundated the market with low-priced tablets aimed at budget-conscious shoppers. While these inexpensive tablets may seem like a great deal, a study from mobile security firm Bluebox says several models contain security breaches exploitable by hackers.
Bluebox tested 13 Android tablets from various retailers priced under $100 with their free software, Trustable. Tablets were assessed for backdoors, and malware vulnerabilities as well as security misconfigurations such as having administrator or root privileges enabled by default. The test devices were then ranked based on their threat level.
Of the 13 tablets studied, only Samsung’s Galaxy Tab 3 Lite received a clean bill of health, while the rest of the field suffered from varying degrees of insecurity.
All of the devices tested, save Tab 3 Lite, contained a linux futex vulnerability, also known as “TowelRoot,” that could potentially grant unauthorized access to the root permissions of the target device. Eleven tablets also tested positive for the Android Fake ID bug that allows trojan malware to impersonate verified applications such as system apps and potentially steal mobile payment information or even take control of the tablet.
While the field of budget tablets generally tested poorly, there were a few offenders that distinguished themselves as particularly insecure.
The Digiland tablet sold by Best Buy could not be properly assessed by Bluebox because it contained “never-encountered-before security issues” and required more study for a proper evaluation.
Walmart’s ironically named Worryfree Zeepad tested positive for the well-publicized and widely-patched Heartbleed security bug. The Zeepad also has administrator permissions enabled out of the box, and allows unsigned third party applications to be installed by default, making it a dubious purchase even at the current price of $51.14.
Rounding out the bottom tier of tested devices is the Zeki 7 tablet from Kohl’s. The Z7 tested positive for four different security bugs including Heartbleed and contains an exploitable security backdoor. It also does not come with Google’s Play Store, forcing users to rely on third party app stores as an alternative. According to Bluebox, the Zeki 7 was the “worst tablet encountered out of the entire lineup.”
Although all of the tablets tested by Bluebox are priced aggressively, with several costing around $50, customers must judge for themselves whether they are willing to compromise security for a good deal.
