CATEGORIES
home News

Android Phones Loaded With Secret Backdoor Beamed Texts And Contacts To Chinese Mothership

by Brandon HillTuesday, November 15, 2016, 11:44 AM EDT
blu r1 hd 2
When you purchase a brand new Android smartphone, you hope that you won’t have to deal with malware that is spying on you at every turn. To protect yourself, you might avoid side-loading apps or only download seemingly trusted apps from the Google Play Store.

However, what if you do everything right and are still put at risk through no fault of your own? That’s exactly what’s happening thanks to a software backdoor that has been installed on a multitude of budget Android devices.

Security firm Kryptowire discovered that a number of Android smartphones have software installed that allows sensitive personal information to be transmitted without the owner’s consent. The scope of the personal information that was leeched is staggering, and includes text messages, call history, contact lists, and phone numbers. In addition, IMSI and IMEI unique device identifiers were also obtained.

blu r1 hd 3

“The firmware could identify specific users and text messages matching remotely defined keywords,” writes Kryptowire. “The firmware also collected and transmitted information about the use of applications installed on the monitored device, bypassed the Android permission model, executed remote commands with escalated (system) privileges, and was able to remotely reprogram the devices.”

The software, which was written by China-based Shanghai Adups Technology Company, is running on over 700 million smart devices and “phoned home” to servers in Shanghai every 72 hours. Adups currently supplies software to some big names in the smartphone industry, including Chinese OEMs like ZTE.

BLU Products, which sells smartphones via Amazon and Best Buy has also been caught up in this mess. The company, for its part, issued the following statement:

BLU Products has identified and has quickly removed a recent security issue caused by a 3rd party application which had been collecting unauthorized personal data in the form of text messages, call logs, and contacts from customers using a limited number of BLU mobile devices. Our customer’s privacy and security are of the upmost importance and priority. The affected application has since been self-updated and the functionality verified to be no longer collecting or sending this information.

Interestingly enough, Adups told The New York Times in an interview that the software was not intended to be installed on American phones (like those made available by BLU). While that may be true, don’t Chinese customers deserve to have their private data protected as well?

Tags:  Android, adups, kryptowire
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment