AuthorTopic: Preinstalled Backdoor On 700 Million Android Phones Sending Users' Data To China  (Read 1074 times)

Offline Palloy

  • Moderator
  • Sous Chef
  • *****
  • Posts: 3754
    • View Profile
    • https://palloy.wordpress.com
If Android wasn't already dead, this should kill it off forever.  Throw your Android smartphone away - unless you are happy to share all your data with China and become their bot. 

The reason is because Android runs on a wide variety of different phone hardware, the differences being "standardised" by firmware (the lowest level of software, below the Operating System) which is written by the hardware manufacturer to match what Android expects a phone to be able to do.  But this firmware is invisible to you, and Android, and you don't know what it could contain - a backdoor in this case that watches what you are doing and sends it back to China.  Moreover, Android is powerless to stop it, or even tell that it's happenning.  And you can't uninstall Android and install something else, even if there was a something else, because Android won't let you.  Android is totally fucked.

There are Linux developers working on writing open source firmware, but it only works on a very limited number of phones, and the chances they will get round to your particular phone type is nil.

http://thehackernews.com/2016/11/hacking-android-smartphone.html
Pre-installed Backdoor On 700 Million Android Phones Sending Users' Data To China
November 15, 2016
Swati Khandelwal

Do you own an Android smartphone? You could be one of those 700 Million users whose phone is secretly sending text messages to China every 72 hours.

You heard that right. Over 700 Million Android smartphones contain a secret 'backdoor' that surreptitiously sends all your text messages, call log, contact list, location history, and app data to China every 72 hours.

Security researchers from Kryptowire discovered the alleged backdoor hidden in the firmware of many budget Android smartphones sold in the United States, which covertly gathers data on phone owners and sends it to a Chinese server without users knowing.

First reported on by the New York Times on Tuesday, the backdoored firmware software is developed by China-based company Shanghai AdUps Technology, which claims that its software runs updates for more than 700 Million devices worldwide.

Infected Android Smartphone WorldWide

Moreover, it is worth noting that AdUps provides its software to much larger handset manufacturers, such as ZTE and Huawei, which sell their Android phones worldwide, across over 150 countries and regions.

Besides sniffing SMS message content, contact lists, call logs, location data and other personal user information and automatically sending them to AdUps every 72 hours, AdUps' software also has the capability to remotely install and update applications on a smartphone.

The secret backdoor is said to be there intentionally and not accidently or due to a security flaw, although, according to the US authorities, at the moment it is unclear whether the data is being collected for advertising purposes or government surveillance.

Kryptowire says the company discovered the secret backdoor on the BLU R1 HD device sold by Florida-based smartphone manufacturer BLU Products, which sells its devices in the U.S., and some other countries from South America, online through Amazon and Best Buy.

Massive Amount of Users' Data Sent to Chinese Servers

Based on the received commands, the security firm found the software executing multiple operations, detailed below:

    Collect and Send SMS texts to AdUps' server every 72 hours.
    Collect and Send call logs to AdUps' server every 72 hours.
    Collect and Send user personally identifiable information (PII) to AdUps' server every 24 hours.
    Collect and Send the smartphone's IMSI and IMEI identifiers.
    Collect and Send geolocation information.
    Collect and Send a list of apps installed on the user's device.
    Download and Install apps without the user's consent or knowledge.
    Update or Remove apps.
    Update the phone's firmware and Re-program the device.
    Execute remote commands with elevated privileges on the user's device.



No, Users Can't Disable or Remove the Backdoor

The backdoor has been discovered in two system applications – com.adups.fota.sysoper and com.adups.fota – neither of which can be disabled or removed by the user.

On contacting, BLU Products confirmed that approximately 120,000 of its smartphones have the AdUps' software installed, which is being removed from its devices.

    "BLU Products has identified and has quickly removed a recent security issue caused by a third-party application which had been collecting unauthorized personal data in the form of text messages, call logs, and contacts from customers using a limited number of BLU mobile devices," the company said in a statement.

    "Our customer's privacy and security are of the upmost (sic) importance and priority. The affected application has since been self-updated, and the functionality verified to be no longer collecting or sending this information."


Besides BLU Products, Kryptowire immediately notified Google, AdUps, as well as Amazon, which is the exclusive retailer of the BLU R1 HD, of its findings.

Google also issued a statement saying that the company is working with all affected parties to patch the issue, though the tech giant said that it doesn't know how widely AdUps distributed its software.

However, According to AdUps, its software featured on the smartphone tested by the security firm was not intended to be included on smartphones in the United States market and was just designed to help Chinese phone manufacturers to monitor user behavior.
The State is a body of armed men

Offline Eddie

  • Administrator
  • Master Chef
  • *****
  • Posts: 15825
    • View Profile
Anybody checked their iPhone for that kind of breach?

We don't need the NSA. We can just buy what we need to know about our own citizens from China. Very Milo Minderbinder.

What makes the desert beautiful is that somewhere it hides a well.

Offline Palloy

  • Moderator
  • Sous Chef
  • *****
  • Posts: 3754
    • View Profile
    • https://palloy.wordpress.com
I would need to check, but Android probably has a file called /sys/class/net/connection/statistics/tx_bytes which is continuously updated with the number bytes that have been transmitted over the internet since the device was last switched on.  The file rx_bytes likewise counts the received bytes. Someone could write an app that monitored this file every second and displayed a simple bar showing the data rate, or bleep a warning if it was transmitting too much.  Then if you aren't doing anything with the phone and you see the bar showing sending going on, you know your being backdoored.

My Android 4.1 displays on its icon bar a Wifi icon and an up-arrow and a down-arrow.  It's the up-arrow that you would be interested in, but its so tiny you can hardly see it.  Also if you're not using the phone you wouldn't be looking at the screen, so both a bar and an audible warning would be best.

I can't connect to a phone network, because none are in range at home, but it looks like "connection" should be "ip6tunl0", and when I'm connecting through my router's wifi "wlan0".

OK, so now you can tell if you are being backdoored, but what can you do about it? - nothing apparently.   :-[
The State is a body of armed men

Offline Palloy

  • Moderator
  • Sous Chef
  • *****
  • Posts: 3754
    • View Profile
    • https://palloy.wordpress.com
Quote
Anybody checked their iPhone for that kind of breach?

Since iPhones are all made for Apple, Apple would know all the firmware needed to run any iOS on any Apple hardware.  You still can't trust them not to have their own backdoor, but at least they would know they were doing it. 

But with Google, they let anyone make the hardware and write the firmware, and then licence Android to sit on top of it.  Even worse, rip-off merchants like Samsung lease Android from Google and then don't even bother to update their Android versions, even when Google finds bugs in Android.  So there is no way for a Samsung phone to be up to date and bug-free.  It's an absolutely fucking hopeless idea.

Rumors of Microsoft having backdoors in Windows have been around for years, and there will always be these rumors because they will never give out their code,  and never admit to it of course.  For a Win-10 clean installation, the OS is already collecting lots of information about you, but you can go into the settings and switch most of that off (if you believe Microsoft when they say the switch off works).

Only Linux is open source.  It's also free.  They still have bugs of course, but at least there are people trying to find backdoors.
The State is a body of armed men

Offline K-Dog

  • Administrator
  • Sous Chef
  • *****
  • Posts: 2580
    • View Profile
    • K-Dog
Quote
Anybody checked their iPhone for that kind of breach?

Since iPhones are all made for Apple, Apple would know all the firmware needed to run any iOS on any Apple hardware.  You still can't trust them not to have their own backdoor, but at least they would know they were doing it. 

But with Google, they let anyone make the hardware and write the firmware, and then licence Android to sit on top of it.  Even worse, rip-off merchants like Samsung lease Android from Google and then don't even bother to update their Android versions, even when Google finds bugs in Android.  So there is no way for a Samsung phone to be up to date and bug-free.  It's an absolutely fucking hopeless idea.

Rumors of Microsoft having backdoors in Windows have been around for years, and there will always be these rumors because they will never give out their code,  and never admit to it of course.  For a Win-10 clean installation, the OS is already collecting lots of information about you, but you can go into the settings and switch most of that off (if you believe Microsoft when they say the switch off works).

Only Linux is open source.  It's also free.  They still have bugs of course, but at least there are people trying to find backdoors.

It is no mystery to me.  I stopped using Windows and use Linux exclusively because a few years ago when I discovered that Army units were trolling the net (they still are) and would not be quiet about it; my Windows machine was turned against me.  'They' programmed it so it would turn on by itself when I got home. By monitoring my movements with my phone my location was know and 'they' did this to try and drive me crazy.  'They' also made it 'eat' any thumb drive that was plugged into a USB port and they killed my laptop's hard drive twice in a week by writing cylindrical read errors to it.   It is also not a rumor when you are deliberately infected with a virus that sends reports of your computer use to the mother ship.  If you are fortunate to have such a virus on a thumb drive (as I did) and know someone who works for law enforcement (as I do) you can give it to them and they can plug it in behind a law enforcement firewall and watch the fireworks.  Your contact can see how long it takes before IT responds and shuts down the computer remotely.

If you want to beat my record they will have to do a remote shutdown within thirty seconds!  Normal software did not detect the virus at all.   

Get on the Men in Black radar and they will try and drive you crazy.  They may not succeed but if they can get you agitated anybody you talk to won't believe a damn word you say because we all reject agitated people as being crazy and we always ignore what they say.  'They' know what they are doing and have little respect for any of us because we are so easily intimidated and controlled.


« Last Edit: November 16, 2016, 10:50:45 PM by K-Dog »
Under ideal conditions of temperature and pressure the organism will grow without limit.

Offline K-Dog

  • Administrator
  • Sous Chef
  • *****
  • Posts: 2580
    • View Profile
    • K-Dog
I said:

Quote
Army units were trolling the net (they still are)

I am forced to elaborate.  This being the case I’ll be entertaining about it.

The Cat Came Back:

Old Bill Lewis had troubles of his own
He had an old black cat that wouldn't leave home
Tried everything he could to give the cat away
He even gave him to the preacher and told him where to stay
But the cat came back the very next day
The cat came back they thought he was a gonner
But the cat came back cause he wouldn't stay away

Oh the cat was a terror so they though it was best
To give him to a fellow who was goin' out west
Now the train has smashed when it hit a broken rail
Not one single person lived to tell the tale
But the cat came back the very next day
The cat came back they thought he was a gonner
But the cat came back cause he wouldn't stay away

And the cat had company out in the back yard
Someone threw a boot and it hit him awful hard
It hit him right behind the ear and he thought there was a fight
When down came a chimney brick and drove hime outta sight
But the cat came back the very next day
The cat came back they thought he was a gonner
But the cat came back cause he wouldn't stay away

Oh the cat the birds all sittin' in a bunch
Upon the electric wire said he'd eat em for his lunch
He climbed up the pole till he reached the top
Put his foot on the electric wire tied him in a knot
But the cat came back the very next day
The cat came back they thought he was a gonner
But the cat came back cause he wouldn't stay away

We'll they gave him to a fella goin' up in a balloon
And they told the guy to take the cat to the moon
But the balloon it busted and everybody said tem miles away they picked the guy up dead
But the cat came back the very next day
The cat came back they thought he was a gonner
But the cat came back cause he wouldn't stay away

Now the farmer on the corner said he'd shoot the cat on sight
So he filled up his gun with nails and dynamite
He waited in the garden until the cat came around
Seven little pieces of the man was all they found
But the cat came back the very next day
The cat came back they thought he was a gonner
But the cat came back cause he wouldn't stay away

Yeah, they thought he was a gonner
But the cat came back cause he wouldn't, no he wouldn't stay away.


<a href="http://www.youtube.com/v/TQyPAw-lk9A" target="_blank" class="new_win">http://www.youtube.com/v/TQyPAw-lk9A</a>

Now to the content:


The following is trolls trolling trolls to get a response with the exception of moi.  After years of being gone the avatar at Kunstler's fly trap has returned and it was my outing of this troll as an employee of Uncle Sam which began the troubles I have mentioned above.  'Asoka' showed up last week and later his post was deleted along with a response from me.  'They' have control of the Kunstler database and can and do edit tracks away.

Pucker November 17, 2016 at 2:20 am #


The probable new Chairman of the DNC is a member of Louis Farrakhan’s Nation of Is…Lam who, together with Black Lives Matter,will probably try to reach out to unemployed, rural white hillbillies in Kentucky, Ohio, Michigan and West Virginia.
Reply   

    Asoka November 17, 2016 at 3:06 am #

    “The probable new Chairman of the DNC is a member of Louis Farrakhan’s Nation of Is…Lam” –Pucker

    False. Ellison is not a member of Nation of Islam. Ellison used a Quran owned by Thomas Jefferson to take his oath of office. President Obama cited his swearing in an example of America’s religious tolerance in a 2009 speech in Cairo.

    When the controversy first erupted in 2006, Ellison denied that he was ever a member of the Nation of Islam. He clarified that, while he had never joined the group, he had organized a Minnesota delegation to the 1995 Million Man March, at which the Nation’s leader Farrakhan spoke.

    Ellison also apologized at the time for some positive articles he had written as a student in the late 1980s about Farrakhan, saying he hadn’t “adequately scrutinized the positions” of the movement’s leaders. He said then that he believed “they were and are anti-Semitic.”

    Now, thirty years later, the same allegations are being floated on the right as a pre-emptive argument against his bid for DNC chair.

    In a nation founded on freedom of religion, a nation which has over three million practicing Muslims, the attacks on Ellison will fail. There is nothing wrong with being a Muslim and Ellison in fact does represent rural white Minnesota farmers.
    Reply   
        elysianfield November 17, 2016 at 10:20 am #


        “Ellison also apologized at the time for some positive articles he had written as a student in the late 1980s about Farrakhan, saying he hadn’t “adequately scrutinized the positions” of the movement’s leaders.”

        Asoka,
        Right…. Just like a founding member of NAMBLA, after 30 years of active pedastry, denying his preferences, saying he’d not “adequately scrutinized his position”. …Uh, Ruby…I can SPLAIN’ everything…!
        Reply   
        K-Dog November 17, 2016 at 10:26 am #


        “There is nothing wrong with being a Muslim and Ellison in fact does represent rural white Minnesota farmers.”

        This is true and I’d put everybody’s name on a list that disagrees if I were you. Then like Santa I’d check it twice. Do homeland security agents get paid for the checking it twice part?
        Reply
   


Yet, it could also just be a coincidence or Kunstler plays games this time around.  Nobody needs to point out coincidence to me.  It was most definitely not coincidence last time around when I had a time stamp to nail Asoka with and things happened to me.  Kunstler once had a tracker on his site which when examined closely revealed 'The Department of Defence Network" among other secrets.  Below is part of what was deleted last week.  It was quoted by me in the now extinct fray which was seen by perhaps a dozen people.

Quote
Again, in the case of anonymous journalism I seem to have said a great deal without getting out the point very clearly. Anonymous journalism is dangerous, and is poisonous in our existing life simply because it is so rapidly becoming an anonymous life. That is the horrible thing about our contemporary atmosphere. Society is becoming a secret society. The modern tyrant is evil because of his elusiveness. He is more nameless than his slave. He is not more of a bully than the tyrant of the past; but he is more of a coward.
- G. K. Chesterton

Trolls of course always being anonymous.  Trolls let the oxygen out of the room.  It infuriates me that we have to pay for them and that Trump will be using them.  Concerning my response in the above, responding to the bait in an agreement or disagreement will list you.  It will be decided later if you have been naughty or nice.
« Last Edit: November 17, 2016, 09:08:24 AM by K-Dog »
Under ideal conditions of temperature and pressure the organism will grow without limit.

 

Related Topics

  Subject / Started by Replies Last post
0 Replies
564 Views
Last post August 08, 2016, 05:30:35 PM
by Palloy
0 Replies
192 Views
Last post November 21, 2016, 12:40:01 PM
by Palloy
0 Replies
245 Views
Last post April 26, 2017, 02:47:58 PM
by Palloy2