the Company Kryptowire, which deals with security in network, she discovered the back door in the software budget smartphones Darling sold online Amazon.
the spyware was from the beginning installed on smartphones, it is also possible that this infection malicious code from outside. The program, which was originally discovered in a model Blu R1 HD, was made in another application and send huge amounts of data about cell and the activities of its users on servers in China. The owner of the server is AdUps Technologies engaged in the supply and updating of software installed on smartphones. the the Stolen data included the number, location information, content of text messages the list of outgoing calls, a set of information about installed apps, and those that currently were in use.
Shanghai AdUps Technologies appears to be intentionally developed a vulnerability to help Chinese mobile phone manufacturers and operators to track the behavior of their customers, that would help us in schools more effective ads. The company boasts that its software helps to upgrade more than 700 million devices worldwide, including smartphones, tablets and multimedia system in the car. Installed on smartphones Huawei and ZTE sold in China.
says AdUps, the function control programs (because, apparently, it sounds beautiful name for spyware), was developed specifically for the Chinese market. the Company explains that unintentionally see it also in the software for smartphone Darling. the Lawyer AdUps gave edition of The New York Times that the data are not collected for the Chinese government. He said that his employers “- a private company that made a mistake.”
the spyware was part of the commercial Firmware Over The Air (FOTA), whose task was to provide devices Darling software updates. In the report Kryptowire you can read:
these Devices actively transmit data of the user and device information, including the full content of text messages, contact list, call history with all the phone numbers, and unique device identifiers, including IMSI and IMEI. The programme included the identification of a specific user and search for certain keywords in text messages. Collect and transmit information about the use of applications installed on the controlled device. It is possible that remote access to the Android settings app permissions, so that you reprogram the device without the knowledge and consent of the owner. The range of this could be, for example, an app or transmission of accurate data on the location of the device.
After discovering suspicious data, Kryptowire uploaded the more accurate the results of the study Google, Blu, AdUps and Amazonu, which is the exclusive seller of model R1 Blu HD in the United States.
the user Data was sent in JavaScript Object Notation (JSON) for multiple servers with names: bigdata.adups.com, bigdata.adsunflower.com, bigdata.adfuture.cn and bigdata.advmob.cn. As a rule, this happens in intervals: every 72 or 24 hours.
Blu R1 HD
Press Secretary Darling powiedzaił edition of ArsTechnica that the rear gate in the software to influence the “limited number of devices Blu” and “the functionality of the software updates (probably talking about FOTA – approx. ed.) checked, and will not have to have the ability to collect and transmit information from applications".
analysis of the New York Times, Blu previously reported 120000 users of their devices on łatce correcting a software problem with AdUps Technologies. Amazon stopped selling Blu R1 HD in your store in USA (only there, these smartphones were available).
Blu R1 HD Amazon won’t buy
there are No prerequisites, which may indicate that software AdUps is installed on devices intended for a market other than the Chinese. The company indirectly admitted to spying on smartphone users, is their program, however, it seems that was just bad luck, placing it on a model that fell outside of China. Otherwise the matter would not have emerged, because Kryptowire got on the trail of the spyware completely by accident.
the Chair Darling, Samuel Ohev-Zion explains that I was absolutely not aware of what was hidden in the installed firmware. Darling knew about a spy in smartphones or not, the credibility of the manufacturer was deeply podkopane. You probably put it off until some sprowadzaniem phones from China, or even give up the integrity of other Chinese smartphone manufacturers. While ignoranctwem would be to throw all in a heap, claiming that any “Chinese” he watches over us and sends it to the far East servers. If, however, we had plans to buy in China some phone from Darling, in order to have some time to think about it.
source: theregister.that.UK arstechnica.com, amazon.com
No comments:
Post a Comment