This is the kind of security finding that should make anyone reconsider that suspiciously cheap Android tablet from an unfamiliar brand.

Researchers have discovered a firmware-level backdoor embedded in Android tablets from multiple manufacturers. As Help Net Security reports, the malware - dubbed Keenadu - is baked into the device firmware itself, which means it survives factory resets, sideloading protection, and all the normal defenses a user might deploy.

Let me translate what "firmware-level" means for non-technical readers: this isn't malware that got installed through a sketchy app or a phishing link. It was compiled directly into the operating system image that ships on the device. When you buy one of these tablets and turn it on for the first time, the backdoor is already there. When you perform a factory reset to clean up a compromised device, the backdoor is still there. The only remediation is reflashing the device with a clean, verified firmware image - something that's beyond the technical capability of almost every consumer.

The scope matters here. Multiple manufacturers are implicated. This suggests one of two scenarios: either a compromised component in the supply chain - perhaps a firmware package or SDK shared across manufacturers - was the vector, or there's something more deliberate happening upstream in the manufacturing process. Security researchers are still working to determine which.

What does Keenadu actually do? Based on the research, the backdoor enables remote access to affected devices, creates a persistent foothold that survives standard remediation, and potentially allows exfiltration of data from the device. In a tablet, that could mean photos, documents, accounts, location data - the works.

The profile of the affected devices matters too. Budget Android tablets from lesser-known manufacturers tend to end up in specific contexts: children's educational devices, institutional deployments in schools and hospitals, low-cost consumer electronics in cost-sensitive markets. These aren't the devices of people who run enterprise security software. They're the devices of people who can least afford to have their data stolen.

This finding fits an uncomfortable pattern that security researchers have been documenting for years. Firmware images can pass through multiple parties before they reach the device manufacturer. A compromised SDK or BSP (board support package) can propagate malware to thousands of device models without any single manufacturer necessarily knowing it happened.