Monday, November 21, 2016
In case you’re short of the-end-is-near like scenarios in politics, we’ve got some more for you. And like in all movies - and now the real world - Armageddon will begin in the US. According to an analysis conducted by security researchers at Kryptowire, more than hundreds of thousands Android smartphones have been secretly relaying confidential data to a company based in - wait for it - China.
This week, Kryptowire revealed that the occurrence was because of a pre-installed software in some select smartphones, which enabled the device to automatically send sensitive and personal user information and data to China. Information included text messages, call longs, contacts, data regarding app consumption, and even the user’s location.
One saving grace, if any, is the fact that the smartphones identified as being “affected” include the rather obscure BLU R1 HD, which is sold in the US through retailers like Amazon.com. Unfortunately, other OEMs that could have been affected by the software have not been identified.
According to the company behind the firmware, it was never meant to be pre-installed one devices shipped to the US; they were supposed to be exclusively for devices being sold domestically, in China. This information is both interesting and intriguing. According to the press release sent out by Kryptowire, full-body messages, contact lists, fine-grained device location information and unique device identifiers like the International Mobile Subscriber Identity (IMSI) and the International Mobile Equipment Identity (IMEI) were sent out. Another aspect of the security breach is the fact that subsequent, automatic updates of the firmware allowed the device to install applications without user knowledge or consent. So don’t be surprised if you have one of the affected devices, you could wake up to a whole bunch of games and let’s say content transfer app without your knowledge. Apparently that’s not it. The press release goes on to reveal that the firmware was capable of bypassing the Android permission model and carrying out remote commands to be granted increased system access that allowed it to reprogram the device. Sounds like one of those all-inclusive software that you only hear about in movies - apparently not.
So where does it all lead to? Kryptowire traced the transmission to a company called Shanghai Adups Technology Co. Ltd., which develops the Firmware Over The Air (FOTA) update software systems.
The legal team at Adups has categorically denying any wrongdoing, reiterating the occurrence as a mistake and that such a firmware was developed on the request of an undisclosed Chinese client who wants to address the nuisance of spam messages, and for customer support. The NYT, however, suspects something bigger; that perhaps this is how the Chinese government phishes for data regarding US citizens.
Adups has also gone on the record and said that all data “mistakenly” harvested from US-based devices has been deleted, as soon as Kryptowire informed them of the situation. BLU’s CEO has said that its phones are also no longer transmitting personal data as some 120,000smartphones that had been affected had received am update that put an end to the firmware’s monitoring.
This week, Kryptowire revealed that the occurrence was because of a pre-installed software in some select smartphones, which enabled the device to automatically send sensitive and personal user information and data to China. Information included text messages, call longs, contacts, data regarding app consumption, and even the user’s location.
One saving grace, if any, is the fact that the smartphones identified as being “affected” include the rather obscure BLU R1 HD, which is sold in the US through retailers like Amazon.com. Unfortunately, other OEMs that could have been affected by the software have not been identified.
According to the company behind the firmware, it was never meant to be pre-installed one devices shipped to the US; they were supposed to be exclusively for devices being sold domestically, in China. This information is both interesting and intriguing. According to the press release sent out by Kryptowire, full-body messages, contact lists, fine-grained device location information and unique device identifiers like the International Mobile Subscriber Identity (IMSI) and the International Mobile Equipment Identity (IMEI) were sent out. Another aspect of the security breach is the fact that subsequent, automatic updates of the firmware allowed the device to install applications without user knowledge or consent. So don’t be surprised if you have one of the affected devices, you could wake up to a whole bunch of games and let’s say content transfer app without your knowledge. Apparently that’s not it. The press release goes on to reveal that the firmware was capable of bypassing the Android permission model and carrying out remote commands to be granted increased system access that allowed it to reprogram the device. Sounds like one of those all-inclusive software that you only hear about in movies - apparently not.
So where does it all lead to? Kryptowire traced the transmission to a company called Shanghai Adups Technology Co. Ltd., which develops the Firmware Over The Air (FOTA) update software systems.
The legal team at Adups has categorically denying any wrongdoing, reiterating the occurrence as a mistake and that such a firmware was developed on the request of an undisclosed Chinese client who wants to address the nuisance of spam messages, and for customer support. The NYT, however, suspects something bigger; that perhaps this is how the Chinese government phishes for data regarding US citizens.
Adups has also gone on the record and said that all data “mistakenly” harvested from US-based devices has been deleted, as soon as Kryptowire informed them of the situation. BLU’s CEO has said that its phones are also no longer transmitting personal data as some 120,000smartphones that had been affected had received am update that put an end to the firmware’s monitoring.
Posted in: android news
