• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • Daily Security Bytes
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Adups Android Backdoor? – Daily Security Byte

November 16, 2016 By Corey Nachreiner

If you bought a new Android phone and learned it was silently sending your contact lists, full text messages, telephone number, and geo-location back to some server in Shanghai, would you be concerned? I sure would, and unfortunately this exact scenario could be happening if you happened to buy a BLU R1 HD phone, and potentially other Android models. Watch today’s video to learn more about a new “backdoor” that researchers found installed on inexpensive Android devices.

Episode Runtime: 5:55

Direct YouTube Link: https://www.youtube.com/watch?v=_vjtMnJBF3g

EPISODE REFERENCES:

  • Secret Android backdoor calling home to China – NYTimes
  • Company in Shanghai installs backdoor spyware on Android phone – Ars Technica
  • Researchers blog post on the Adup backdoor – Kryptowire
  • Other researchers also notice Adup months before – XDA Developers

— Corey Nachreiner, CISSP (@SecAdept)

Share This:

Related

Filed Under: Security Bytes Tagged With: Infosec news

Comments

  1. Larry says

    November 16, 2016 at 3:15 pm

    “Why would the tech firm need “Text messages” to troubleshoot their customers problems…”

    They must be going above and beyond Customer service…
    (with text messages they collect, the can call up and offer relationship advice, or help with their customers (personal) problems(?))

    😀

    Reply
    • Corey Nachreiner says

      November 17, 2016 at 1:29 pm

      Totally agree…. seems nuts that you could ever justify silently stealing the actual body of text messages from your customers. Of course, certain theories about this incident, especially considering the nation the traffic went too, fall more under espionage… However, I try to stay away from commenting that way without all the facts… but what we know about the incident makes it very sketchy.

      Reply
  2. Adrian says

    November 16, 2016 at 9:38 pm

    It is getting to the point where we will need a pocket Watchguard Firebox (no Ethernet ports) to secure our phones at both the Wi-Fi and mobile carrier interfaces. When it gets to the office, it “docks” with the bigger Firebox for Dimension logging etc.

    Reply
    • Corey Nachreiner says

      November 17, 2016 at 1:31 pm

      Hehe… Thanks, I’ll steal that idea and productize it! 🙂

      In all seriousness, we are always exploring ways to help secure mobile and IoT solutions…

      Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • USA’s Answer to GDPR
  • Rolling PWN

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Private Sector Offensive Actors
  • USA’s Answer to GDPR
  • Rolling PWN
  • Over a Billion Records Leaked in Shanghai National Police Database Hack
  • LockBit Ransomware Group Introduces Bug Bounties and More
View All

Search

Archives

Copyright © 2022 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use