For about $50, you can get a smartphone with a high-definition display, fast data service and, according to security contractors, a secret feature: a backdoor that sends all your text messages to China every 72 hours.
Kryptowire, the security firm that discovered the vulnerability, said the Adups software transmitted the full contents of text messages, contact lists, call logs, location information and other data to a Chinese server. The code comes preinstalled on phones and the surveillance is not disclosed to users…
Security experts frequently discover vulnerabilities in consumer electronics, but this case is exceptional. It was not a bug. Rather, Adups intentionally designed the software to help a Chinese phone manufacturer monitor user behavior…
At the heart of the issue is a special type of software, known as firmware, that tells phones how to operate. Adups provides the code that lets companies remotely update their firmware, an important function that is largely unseen by users. Normally, when a phone manufacturer updates its firmware, it tells customers what it is doing and whether it will use any personal information. Even if that is disclosed in long legal disclosures that customers routinely ignore, it is at least disclosed. That did not happen with the Adups software, Kryptowire said.
The software was written at the request of an unidentified Chinese manufacturer that wanted the ability to store call logs, text messages and other data, according to the Adups document. Adups said the Chinese company used the data for customer support.
Because Adups has not published a list of affected phones…
Kryptowire discovered the problem through a combination of happenstance and curiosity. A researcher there bought an inexpensive phone, the BLU R1 HD, for a trip overseas. While setting up the phone, he noticed unusual network activity…
You’d think there was a reason for this. Maybe some tech specialists they wanted windows into would routinely travel overseas and buy these phones as temporary devices, or some interesting characters buy lots of these cheap phones as burners to hide from prying eyes.
It seems like doing this just to do this to everyone would generate too large a quantity of data, unless they had some specific target profile they were looking for.
Still, one more reason to be careful with cheap Chinese tech if you have something to hide, or object to being watched.
Not that American tech is any different, though. Controlling secrets will become very important when K-selection comes, if you have any hope of being on of the few who enjoy comfort. Until then, you objective should be practicing.
[…] Buy Chinese Tech, Get Chinese Spyware […]
The advice in the last line…. LMAO.
(Took me a moment too!)
Cold War reenactment clubs could be an interesting way to promote practicing good tradecraft.
The Chinese recently bought Opera. Made me sad as I liked that browser.
If you have cheap hardware with a web interface and a login screen and you are smart enough to change the password from the factory settings – double check whether this is REALLY a login screen: The old password SHOULD now be invalid.
I hear that some of these login screens do exactly nothing and let anything through.