Contact Your Financial Adviser Money Making MC
16
November 2016
Security firm Kryptowire has identified
Android smartphones with a "backdoor" software in the US that
collected sensitive personal data and transmitted this data to third-party
servers in China without disclosure or the users' consent. The Total Investment & Insurance
Solutions
These devices were available through
major US-based online retailers like Amazon and BestBuy and included popular
smartphones such as BLU R1 HD devices, Kryptowire said in a statement on
Wednesday. The Total Investment &
Insurance Solutions
"The core of the monitoring
activities took place using a commercial Firmware Over The Air (FOTA) update
software system that was shipped with the Android devices we tested and were
managed by Shanghai Adups Technology Co. Ltd," Kryptowire said.
These devices actively transmitted user
and device information including text messages, contact lists, call history
with full telephone numbers, unique device identifiers including the
International Mobile Subscriber Identity (IMSI) and the International Mobile Equipment
Identity (IMEI).
Adups claims to have a worldwide
presence with over 700 million active users, and a market share exceeding 70
per cent across over 150 countries and regions with offices in Shanghai,
Shenzhen, Beijing, Tokyo, New Delhi and Miami. The Total Investment & Insurance Solutions
"The Adups website also stated that
it produces firmware that is integrated in more than 400 leading mobile
operators, semiconductor vendors, and device manufacturers spanning from
wearable and mobile devices to cars and televisions," the Kryptowire statement
read.
The firmware that shipped with the
mobile devices and subsequent updates allowed for the remote installation of
applications without the users' consent and, in some versions of the software,
the transmission of fine-grained device location information. The Total Investment & Insurance
Solutions
The firmware also collected and
transmitted information about the use of applications installed on the
monitored device, bypassed the Android permission model, executed remote
commands with escalated (system) privileges, and was able to remotely
reprogramme the devices.
"Our findings are based on both
code and network analysis of the firmware. The user and device information was
collected automatically and transmitted periodically without the users' consent
or knowledge,a the global security firm noted.
The collected information was encrypted
with multiple layers of encryption and then transmitted over secure web
protocols to a server located in Shanghai. The Total Investment & Insurance Solutions
This software and behaviour bypasses the
detection of mobile anti-virus tools because they assume that software that
ships with the device is not malware and thus, it is white-listed.
"We analysed the Personally
Identifiable Information (PII) collected and transmitted in an encrypted format
to servers in Shanghai, including one of the bestselling unlocked smartphones
sold by major online retailers," Kryptowire added. The Total Investment & Insurance Solutions
Kryptowire was jump-started by the US
Defense Advanced Research Projects Agency (DARPA) and the Department of
Homeland Security (DHS). The Total
Investment & Insurance Solutions
No comments:
Post a Comment