Researchers still don’t know the cause of a recently discovered malware infection affecting almost 1.3 million streaming devices running an open source version of Android in almost 200 countries.
Security firm Doctor Web reported Thursday that malware named Android.Vo1d has backdoored the Android-based boxes by putting malicious components in their system storage area, where they can be updated with additional malware at any time by command-and-control servers. Google representatives said the infected devices are running operating systems based on the Android Open Source Project, a version overseen by Google but distinct from Android TV, a proprietary version restricted to licensed device makers.
There are no open source versions of android in practice. Android is open source. However, it is designed to enable orphaned proprietary kernels. This is the scheme Google cooked up to leverage the open source Linux kernel to enable theft of ownership and planned obsolescence. If the hardware was fully documented at the bit register level, or the source code for the kernel modules (drivers) that connect the System on Chip and modem to the kernel were properly merged into the mainline kernel, this issue likely would not have happened. If this were the case, these devices would be running open source software. These devices leverage open source software but are entirely proprietary and kept outside of both the community’s reach and any true ownership by the end consumer.