Batu69 Posted November 16, 2016 Share Posted November 16, 2016 In “mistake,” AdUps collected data from BLU Android phones in US. The BLU R1 HD is one of the devices that was backdoored by a Chinese software provider. Security firm Kryptowire has uncovered a backdoor in the firmware installed on low-cost Android phones, including phones from BLU Products sold online through Amazon and Best Buy. The backdoor software, initially discovered on the BLU R1 HD, sent massive amounts of personal data about the phones and their users’ activities back to servers in China that are owned by a firmware update software provider. The data included phone number, location data, the content of text messages, calls made, and applications installed and used. The company, Shanghai AdUps Technologies, had apparently designed the backdoor to help Chinese phone manufacturers and carriers track the behavior of their customers for advertising purposes. AdUps claims its software runs updates for more than 700 million devices worldwide, including smartphones, tablets, and automobile entertainment systems. It is installed on smartphones from Huawei and ZTE sold in China. The surveillance feature of the software was developed specifically for the Chinese market, the company says, and was unintentionally included in the software for BLU devices. A lawyer for the company told The New York Times that the data was not being collected for the Chinese government, stating, “This is a private company that made a mistake.” The backdoor was part of the commercial Firmware Over The Air (FOTA) update software installed on BLU Android devices provided as a service to BLU by AdUps. In a report on the finding, a Kryptowire spokesperson said: These devices actively transmitted user and device information including the full-body of text messages, contact lists, call history with full telephone numbers, unique device identifiers including the International Mobile Subscriber Identity (IMSI) and the International Mobile Equipment Identity (IMEI). The firmware could target specific users and text messages matching remotely defined keywords. The firmware also collected and transmitted information about the use of applications installed on the monitored device, bypassed the Android permission model, executed remote commands with escalated (system) privileges, and was able to remotely reprogram the devices... The firmware that shipped with the mobile devices and subsequent updates allowed for the remote installation of applications without the users' consent and, in some versions of the software, the transmission of fine-grained device location information. The transmissions were discovered by Kryptowire in lab testing. The company immediately notified Google, BLU, AdUps, and Amazon—which is the exclusive retailer of the BLU R1 HD—of its findings. The user data was sent in JavaScript Object Notation (JSON) format to a number of servers, all with the hostname bigdata: bigdata.adups.com, bigdata.adsunflower.com, bigdata.adfuture.cn, and bigdata.advmob.cn. The data collection and transmission capability is spread across different applications and files. Text message data (encrypted with DES, which Kryptowire researchers were able to recover the key for) and call log information were sent back every 72 hours. Other data, including location data and app use, was sent every 24 hours. A BLU spokesperson told Ars that the software backdoor affected a “limited number of BLU devices” and that the “affected application has since been self-updated and the functionality verified to be no longer collecting or sending this information.” According to The New York Times report, BLU reported about 120,000 devices were affected and patched. Article source Link to comment Share on other sites More sharing options...
OrbingStorm Posted November 16, 2016 Share Posted November 16, 2016 This is the same reason I have uninstalled opera browser now that it belongs to the Chinese.I loved that browser but now I no longer trust it. Link to comment Share on other sites More sharing options...
pc71520 Posted November 16, 2016 Share Posted November 16, 2016 12 hours ago, Batu69 said: Shanghai AdUps Technologies, had apparently designed the backdoor to help Chinese phone manufacturers and carriers track the behavior of their customers for advertising purposes. Shady tactics... Link to comment Share on other sites More sharing options...
Mystique Posted November 17, 2016 Share Posted November 17, 2016 This is exactly why you never play by the rules and get root access to your phone also the same reason why we block ads, and control our systems to the best of our abilities which is also why I feel we can longer trust Microsoft. The more they forbid the more you should be concerned. Link to comment Share on other sites More sharing options...
nIGHT Posted November 17, 2016 Share Posted November 17, 2016 Why am I not surprised? Link to comment Share on other sites More sharing options...
mona Posted November 17, 2016 Share Posted November 17, 2016 Quote AdUps claims its software runs updates for more than 700 million devices worldwide, including smartphones, tablets, and automobile entertainment systems. It is installed on smartphones from Huawei and ZTE sold in China. The surveillance feature of the software was developed specifically for the Chinese market, Well, some of my friends have been proud and happy that they managed to get their new smartfones really cheap, buying / importing them directly from Chinese retailers..... Link to comment Share on other sites More sharing options...
gipsy Posted November 17, 2016 Share Posted November 17, 2016 14 minutes ago, mona said: Well, some of my friends have been proud and happy that they managed to get their new smartfones really cheap, buying / importing them directly from Chinese retailers.. u know ,it's not big tragedy indeed,they always can change firmware to international one or try CyanogenMode Link to comment Share on other sites More sharing options...
steven36 Posted November 17, 2016 Share Posted November 17, 2016 3 hours ago, Mystique said: This is exactly why you never play by the rules and get root access to your phone also the same reason why we block ads, and control our systems to the best of our abilities which is also why I feel we can longer trust Microsoft. The more they forbid the more you should be concerned. Actually there's a exploit out there were they can get root with out you doing through the Linux kernel if you have one tof hose cheap phones that never gets patched best to buy a new one. Google not going even patch it tell Dec and many phones will always have this bug because the vendors from china never give updates. http://www.zdnet.com/article/google-wont-spike-linux-dirty-cow-exploit-until-december-android-patch/ Quote Dirty Cow, tracked as CVE-2016-5195, is an old bug affecting Linux systems, which could also be used to gain root on Android devices. Notably, when it was disclosed in October, there was already an exploit in the wild for it. Since then, as Ars Technica reported recently, it's been adapted as a rooting tool for multiple versions of Android and could be used for malicious purposes. Good thing about Linux desktop it was patched last month and you can gain root easy temporally any time you want by giving it you're password ..Some people on Android are using this exploit in the Linux kernel to get root because Google has it locked down that's nuts . Link to comment Share on other sites More sharing options...
mona Posted November 17, 2016 Share Posted November 17, 2016 46 minutes ago, gipsy said: u know ,it's not big tragedy indeed,they always can change firmware to international one or try CyanogenMode Actually they bought those smartphones already with international firmware on them, But the BLU example proves you can't trust it unless you did the change yourself, I guess. BTW Hi @gipsy . Long time no see. I stumbled upon an archival photo from your hometown, you might be interested in. Link to comment Share on other sites More sharing options...
steven36 Posted November 17, 2016 Share Posted November 17, 2016 4 minutes ago, mona said: Welcome back home Mona ! ltns Link to comment Share on other sites More sharing options...
gipsy Posted November 17, 2016 Share Posted November 17, 2016 1 hour ago, mona said: Actually they bought those smartphones already with international firmware on them, But the BLU example proves you can't trust it unless you did the change yourself, I guess. BTW Hi @gipsy . Long time no see. I stumbled upon an archival photo from your hometown, you might be interested in. Hi baby! as Meizu smartphone owner can sure u isn't too obvious (about firmware) ,exist at least 4 variant of it,global(G index),international (I index)-for India customers as i know ,A & C.also. some retailers modifiyn' firmware for international customers thru addin' language patch(custom) but it won't work after first update. anyway if u wanna do smthn' correct-do it yourself (as always actually) nice photo,i'm interested indeed. random fact.in city i'm livin' lots of very old buidings (even till now) & it wasn't ruined by luftwaffe durin' WW2 coz many of luftwaffe pilots learned to fly in Kharkiv & as i know they loved my city much (Germans r pretty sentimental ppl actually). also we hv some some building which was build by Americans in period of industrialisation. strange world we r livin',what can i say more. visitin' nsane less often than before,after new year planin' some trip to place when sun is always shine & should make money twice more. hope your family life is great. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.