Android Phones Loaded With Secret Backdoor Beamed Texts And Contacts To Chinese Mothership

blu r1 hd 2
When you purchase a brand new Android smartphone, you hope that you won’t have to deal with malware that is spying on you at every turn. To protect yourself, you might avoid side-loading apps or only download seemingly trusted apps from the Google Play Store.

However, what if you do everything right and are still put at risk through no fault of your own? That’s exactly what’s happening thanks to a software backdoor that has been installed on a multitude of budget Android devices.

Security firm Kryptowire discovered that a number of Android smartphones have software installed that allows sensitive personal information to be transmitted without the owner’s consent. The scope of the personal information that was leeched is staggering, and includes text messages, call history, contact lists, and phone numbers. In addition, IMSI and IMEI unique device identifiers were also obtained.

blu r1 hd 3

“The firmware could identify specific users and text messages matching remotely defined keywords,” writes Kryptowire. “The firmware also collected and transmitted information about the use of applications installed on the monitored device, bypassed the Android permission model, executed remote commands with escalated (system) privileges, and was able to remotely reprogram the devices.”

The software, which was written by China-based Shanghai Adups Technology Company, is running on over 700 million smart devices and “phoned home” to servers in Shanghai every 72 hours. Adups currently supplies software to some big names in the smartphone industry, including Chinese OEMs like ZTE.

BLU Products, which sells smartphones via Amazon and Best Buy has also been caught up in this mess. The company, for its part, issued the following statement:

BLU Products has identified and has quickly removed a recent security issue caused by a 3rd party application which had been collecting unauthorized personal data in the form of text messages, call logs, and contacts from customers using a limited number of BLU mobile devices. Our customer’s privacy and security are of the upmost importance and priority. The affected application has since been self-updated and the functionality verified to be no longer collecting or sending this information.

Interestingly enough, Adups told The New York Times in an interview that the software was not intended to be installed on American phones (like those made available by BLU). While that may be true, don’t Chinese customers deserve to have their private data protected as well?


Via:  Kryptowire
Show comments blog comments powered by Disqus