If you bought a new Android phone and learned it was silently sending your contact lists, full text messages, telephone number, and geo-location back to some server in Shanghai, would you be concerned? I sure would, and unfortunately this exact scenario could be happening if you happened to buy a BLU R1 HD phone, and potentially other Android models. Watch today’s video to learn more about a new “backdoor” that researchers found installed on inexpensive Android devices.
Episode Runtime: 5:55
Direct YouTube Link: https://www.youtube.com/watch?v=_vjtMnJBF3g
EPISODE REFERENCES:
- Secret Android backdoor calling home to China – NYTimes
- Company in Shanghai installs backdoor spyware on Android phone – Ars Technica
- Researchers blog post on the Adup backdoor – Kryptowire
- Other researchers also notice Adup months before – XDA Developers
— Corey Nachreiner, CISSP (@SecAdept)
Larry says
“Why would the tech firm need “Text messages” to troubleshoot their customers problems…”
They must be going above and beyond Customer service…
(with text messages they collect, the can call up and offer relationship advice, or help with their customers (personal) problems(?))
😀
Corey Nachreiner says
Totally agree…. seems nuts that you could ever justify silently stealing the actual body of text messages from your customers. Of course, certain theories about this incident, especially considering the nation the traffic went too, fall more under espionage… However, I try to stay away from commenting that way without all the facts… but what we know about the incident makes it very sketchy.
Adrian says
It is getting to the point where we will need a pocket Watchguard Firebox (no Ethernet ports) to secure our phones at both the Wi-Fi and mobile carrier interfaces. When it gets to the office, it “docks” with the bigger Firebox for Dimension logging etc.
Corey Nachreiner says
Hehe… Thanks, I’ll steal that idea and productize it! 🙂
In all seriousness, we are always exploring ways to help secure mobile and IoT solutions…