‘Budget Android Smartphones’ Could Be Stealing Personal Details And Sending It To China; 700M Users In Danger; Built In Firmaware The Culprit?
It could be shocking to know that budget Android smartphones in U.S. are stealing the data of owners and sending it to China. The security firm, Kryptowire did an analysis and found many low budget US Android smartphones are coming with an in-built firmware and it is secretly sending sensitive personal details and other information to a third party company located in China.
In the analysis of budget Android smartphones, it is found that the stolen information includes call logs, messages, contacts, user location and app usage data and it is been sent in every 72 hours. This means that almost all the information from those budget Android smartphones can be accessed by the Chinese firm.
Software Used in Mobile Phones Sends Texts, Location Data and… https://t.co/rMfEgbabcy #Android #firmware #Kryptowire #infosec #security pic.twitter.com/WuvFthz0L4
— George Moraetes ℹ (@TriumphCISO) November 16, 2016
Interestingly, the budget Android smartphone BLU R1 HD is listed as a device in the list with stealing firmware in it. It should be remembered that the phone is listed on Amazon for around $50. The remaining list of budget Android smartphones is not available at this time.
But, the developer of the firmware, Shanghai Adups Technology Co. Ltd stated that it was mistakenly included in budget Android smartphones and it was actually built for an OEM selling devices company in China. It even transmitted the IMSI and IMEI numbers to the developer. Also, the firmware is equipped to control the device including installing apps, updating software, reprogram the devices remotely etc., without users' consent.
To understand the depth of the crisis generated by firmware in budget Android smartphones, people should know that the Adups Technology is claimed to have 700 million users and the market share of the firm is more than 70 percent in almost 200+ countries and regions. The technology the firm use to transmit the data is found to be Firmware Over The Air (FOTA) and this system is integrated into semiconductor vendors, wearables, mobile phones etc.
Chinese law: network operators to provide “technical support” for national #security & criminal investigations https://t.co/x8T9GRftNK — Kryptowire (@kryptowire) November 8, 2016
Adups now says that it has deleted all the stored information after Kryptowire reported the same, but stands on the point that it accidentally stored the details through firmware on budget Android smartphones. The Kryptowire report says that the firmware on budget Android smartphones was able to bypass the antivirus and hence it proved to be in-built and not any malware.
Adups confirms that it is working on mitigation strategies to the firmware on budget Android smartphones according to the report. It is an important checkpoint for everyone that budget phones are not safe for keeping sensitive data in it, especially if it is not a well-known manufacturer. If required, use only for the basic needs without using sensitive data. As Pres. Barack Obama said while talking about Artificial Intelligence, worry about the hostile actors and their ability to access systems.
