Threats Tied To China Have Far Reaching Effects For Android Smartphone Users

If you use an Android smartphone, you should read this story as it’s pretty scary. The Hacker News is reporting that there’s a backdoor that is potentially pre-installed on 700 million Android phones that sends your data to China:

Security researchers from Kryptowire discovered the alleged backdoor hidden in the firmware of many budget Android smartphones sold in the United States, which covertly gathers data on phone owners and sends it to a Chinese server without users knowing.

First reported on by the New York Times on Tuesday, the backdoored firmware software is developed by China-based company Shanghai AdUps Technology, which claims that its software runs updates for more than 700 Million devices worldwide.

That’s pretty bad. Here’s what it does:

Besides sniffing SMS message content, contact lists, call logs, location data and other personal user information and automatically sending them to AdUps every 72 hours, AdUps’ software also has the capability to remotely install and update applications on a smartphone.

The secret backdoor is said to be there intentionally and not accidently or due to a security flaw, although, according to the US authorities, at the moment it is unclear whether the data is being collected for advertising purposes or government surveillance.

Apparently the software has been supplied to BLU Products, ZTE and Huawei among others. BLU for one is removing the software and ZTE says that the software doesn’t exist on US smartphones. But this doesn’t exactly inspire confidence. For it’s part, AdUps has said that its software featured on the smartphone tested by the security firm was not intended to be included on smartphones in the United States market and was just designed to help Chinese phone manufacturers to monitor user behavior.


Now if you want to ensure that you’re not one of the potential 700 million Android users affected by this, there is a detection tool that has been created to sniff this backdoor out which you can get from here. But if you find it, you can’t disable or remove it. You’ll need whomever manufactured your phone to do that for you like BLU has. So if you find it, you’ll need to bug them for a fix.

However, I’m not done yet. There’s a second threat from China that affects Android users. In short, third-party firmware included with over 2.8 million Android smartphones allows attackers to compromise Over-the-Air (OTA) update operations and execute commands on the target’s phone with root privileges. Anubis Networks found the issue and ThreatPost has the details:

The problem stems from what researchers call an insecure implementation of an OTA mechanism used for updates associated with software made by Ragentek Group, a Chinese firm based in Pudong, Shanghai. According to researchers with Anubis Networks, who disclosed the issue last week, communications over the channel from the responsible binary are unencrypted, which opens the door for a man-in-the-middle attack.

“All transactions from the binary to the third-party endpoint occur over an unencrypted channel, which not only exposes user-specific information during these communications, but would allow an adversary to issue commands supported by the protocol. One of these commands allows for the execution of system commands,” said Dan Dahlberg and Tiago Pereira, researchers with Anubis Networks who on Thursday disclosed the vulnerability.

Researchers with the firm claim that 2.8 million devices – spread across 55 different device models – checked into a sinkhole tied to the binary.

CERT put out a warning on this and tied this issue to devices made by BLU, Infinix, DOOGEE, and LEAGOO among others. BLU says that a future firmware update will cure this, but no other company affected by this has commented on this. That does not inspire confidence.

Perhaps the way to avoid either of these threats is to not buy budget
Android smartphones? Or dare I say it, switch to iOS? Honestly, I am not 100% sure how one can avoid this otherwise.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: