A research team from Black Hat recently revealed during its security conference held just this week in the city of Las Vegas in the state of Nevada that a certain number of mobile devices are collecting potentially sensitive information (without the permission of the device’s owners) to servers based in China.
And it is not like it is just happening now -- as a matter of fact, back in November of last year, analysts had discovered that the Blu R1 HD (which happens to be the best selling handset on Amazon) was secretly transmitting private information to Chinese servers. The device may be a boon for the budget conscious (it only costs $60 after all), but if one’s privacy will be compromised, is it all worth it?
It turns out that the company behind the Blu R1 HD device’s spying software (reportedly) is none other than Shanghai Adups Technology. Around eight months ago, Adups had insisted that the secret transmission of data was merely a mistake. But according to security analysts from Kryptowire, it seems that Chinese software company is still collecting data on other mobile devices. A spokesperson for Adups has claimed that these issues going back last year have already been resolved at that time. Kryptowire, however, can show proof that Adups is continuing to transmit information without mobile users’ permission on no less than three different handsets.
Basically, what Adups Tech’s software is doing is gain access to the command control channel, which is general being used as the communications route between a smartphone and a server. This could be a serious matter because by having this access, Adups can effectively disguise itself as the phone’s user and executive specific commands without the owner knowing it. What kind of commands exactly? These can range from the downloading and installation of mobile apps, capturing of screen shots, making phone calls, and even data wiping the phone’s memory. Yup, it is a serious matter.
According to Kryptowire, it had examined over 20 components of firmware found on budget friendly Android powered mobile devices. The company found that these handsets have vulnerabilities that gave access to spyware software, and all of them possessed a chip set from MediaTek. The chip set apparently features a preloaded mobile app called MTKLogger that has the ability to facilitate surveillance of information, such as one’s web browsing history and even one’s exact Global Positioning System (GPS) coordinates.
So which devices exactly could be affected? They include the aforementioned Blu R1 HD, the Blu Advance 5.0, the Blu Grand M, and the Cubot X16S. For those who own any one of these devices, it pays to be aware.
from
https://www.wirefly.com/blog/news/black-hat-researchers-some-cheap-phones-are-secretly-sending-data-china