Skip to content
logo The magazine for digital lifestyle and entertainment
A brand of Bild
CoBi News Security All topics
Researchers Warn

These Digital Picture Frames Pose a Real Risk

Caution With Digital Photo Frames–Some Are Insecure
Caution with digital photo frames—some are insecure Photo: picture alliance / AP Photo | JOERG SARBACH
Share article

November 20, 2025, 11:41 am | Read time: 2 minutes

Digital photo frames are a popular decorative element in many households. However, certain models can pose a significant security risk. The security firm Quokka has discovered serious vulnerabilities in devices running the Uhale OS, which can lead to malware infections right from the initial setup.

According to the researchers, the affected devices come from different brands but use the same software from a single manufacturer. These photo frames can be controlled via the Uhale app and are based on an outdated version of Android. They can download malware from servers in China, making them potentially dangerous for users.

Security Flaws Right from the Start

Uhale OS is developed by the company Whale TV, formerly known as ZEASN. The software is used in numerous digital photo frames and can be controlled via both Android and iOS devices. The devices are compromised right from the factory. Researchers identified a total of 17 vulnerabilities, including a faulty TrustManager implementation and gaps that allow remote execution of malicious code.

Particularly problematic: After a system update, some models automatically download malware classified as spyware or Trojans. These malicious programs can read personal data, jeopardize the home network, and even infect other connected devices.

More on the topic

Outdated Software Without Protection

The photo frames run on Android 6, a version that has not received security updates since 2018. Additionally, the devices are rooted by default, and important security mechanisms like SELinux are disabled, making attacks significantly easier.

According to Quokka and the online magazine BleepingComputer, the manufacturer did not respond to any contact attempts. The emails were unanswered, and the contact form on the website did not work. Whether the security flaws are due to negligence or intentional behavior is currently unclear.

Experts Advise Against Use

Since the vulnerabilities have been detectable since software version 3.7.3, and no updates or security measures have been announced so far, experts strongly advise against using the affected devices. If you own a digital photo frame with Uhale OS, you should disconnect it from power and under no circumstances connect it to your home Wi-Fi. Until Whale TV provides an update or announces official measures, it’s safer not to use it.

This article is a machine translation of the original German version of TECHBOOK and has been reviewed for accuracy and quality by a native speaker. For feedback, please contact us at info@techbook.de.

You have successfully withdrawn your consent to the processing of personal data through tracking and advertising when using this website. You can now consent to data processing again or object to legitimate interests.