Of course this week’s big stinker of a story was how some Android devices were sending user data to a server in China. Yeah, certain devices, including the BLU R1 HD smartphone and others sold here in the U.S. were found to have a backdoor built into the phone’s firmware.
The backdoor, and it was a nasty one, transmits user’s data such as contact lists, text messages, call history, and the phones IMSI (International Mobile Subscriber Identity) and IMEI (International Mobile Equipment Identity). But wait there’s more! The backdoor also allowed non-permissioned remote program installation, remote code execution with escalated privileges and root access. Thought that was enough? NO! The backdoor was also running targeted search-n-collect actions on specific user messages and analytics data. So not only did it have complete control of your phone but it was actively seeking MORE information to send back to China, above and beyond your normal use. Did I forget to mention it could also reprogram your entire phone? Well, I think that goes without saying, but sheesh!
The discovering researchers at Kryptowire, had determined that the firmware was collecting data and receiving instruction, completely hidden, during OTA (Over The Air) updates via utilizing several apps to collect and transmit. OTA is something that most every phone does on a frequent basis and some apps do it several times a day.
According to Kryptowire, the backdoor comes from a FOTA (Firmware Over The Air) management firm known as ADUPS Technology Co. Ltd. The device’s data was transmitted to four servers, each being owned by ADUPS, and they have even admitted to collecting “some” data. The really scary part is that ADUPS claims that its firmware is on over 700 million devices. While we cannot confirm this number, even a percentage of that would be enough to cause serious harm. ADUPS explained that the data collection was requested by its clients as a way to flag junk texts and junk calls, as to provide better features and services. However ADUPS could not explain the added functionality to its firmware update system or why it needed such a broad scope. Or even how those added functions made it into their system. But they did ensure that any and all transmitted data was encrypted. Gee, thanks.