- Experts flag Uhale devices download malicious software automatically every time it boots
- Seventeen security issues discovered across the digital picture frame models tested
- Major bugs include insecure TrustManager implementations and unsanitized filenames
Security researchers have identified critical vulnerabilities in Uhale-branded digital picture frames, revealing that many devices download malicious software immediately after booting.
Mobile security firm Quokka linked payloads to the Vo1d botnet and Mzmess malware families based on file structure, endpoints and delivery patterns.
The exact infection vector remains unclear, but the workflow involves automatic app updates that install malicious JAR or DEX files, which are executed every time the device reboots.
Multiple errors create extensive vulnerabilities
Quokka’s analysis revealed seventeen security issues across tested devices with eleven assigned CVE identifiers.
Major flaws include insecure TrustManager implementations that allow man-in-the-middle attacks and unsanitized filenames in update commands, enabling remote installation of arbitrary APKs.
Pre-installed apps also expose unauthorized file servers on local networks, creating additional security risks.
Many devices shipped rooted, with SELinux disabled and AOSP test keys, leaving them completely compromised from the start.
WebViews ignored SSL/TLS flaws, allowing attackers to inject malicious content, and hard-coded AES keys and outdated libraries compounded additional risks, creating potential supply chain vulnerabilities.
The firm noted how difficult it is to estimate the number of affected users because the devices are marketed under multiple brands — with the Uhale app alone having over 500,000 downloads on Google Play and thousands of reviews across marketplaces.
ZEASN, the company behind Uhale, has not responded to repeated reports from researchers, leaving safety concerns unresolved for months.
Consumers are advised to choose devices from reputable manufacturers that rely on official Android firmware and include Google Play services.
To stay safe, users must maintain antivirus software to detect and remove threats.
Users should also employ identity theft protection to protect personal information and ensure that a firewall is active to prevent unauthorized access.
Regularly monitoring for updates and avoiding unverified apps can reduce exposure to these vulnerabilities.
Vigilance, layered protection, and awareness of firmware behavior remain critical to maintaining security in increasingly connected environments.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
