The researchers Kryptowire have discovered a backdoor in the firmware installed on some Android smartphones low-end that send personal data to servers located in China. The software has been identified in the BLUE R1 HD, one of the devices low-cost the most popular in the United States. The manufacturer of Florida has announced that all models vulnerable have been updated, and the backdoor has been eliminated. At the moment it is not known whether the problem also applies to smartphones sold in other countries.
The monitoring of the users and the collection of sensitive data (phone number, location, messages, call history, phonebook, IMEI, and IMSI) is done by the service that manages the OTA updates. The backdoor, written by Shanghai AdUps Technologies to track users for advertising purposes, is installed on over 700 million devices (not only smartphones), including those offered by Huawei and ZTE. The functionality of surveillance was developed only for the chinese market, but it is over for error, even in the products of BLUE.
The modified firmware can identify specific users, transmit information about the app used, to circumvent the permissions of Android and install software arbitrary on your smartphone with root privileges. The personal data are transmitted at regular intervals (every 24 or 72 hours) and in the encrypted form to servers located in Shanghai.
Kryptowire has reported the problem to the government of the United States. the Google has ordered a Shanghai AdUps Technologies to immediately remove the backdoor by all smartphones that use services such as Google Play Store. Are obviously not included in models sold in China, where access to the store is locked.
No comments:
Post a Comment