Slashdot Mirror

← Back to Stories (view on slashdot.org)

Manufacturer's Backdoor Found On Popular Chinese Android Smartphone

Posted by samzenpus on from the sneaking-in dept.

Trailrunner7 writes that researchers at Palo Alto Networks have found a backdoor in Android devices sold by Coolpad. "A popular Android smartphone sold primarily in China and Taiwan but also available worldwide, contains a backdoor from the manufacturer that is being used to push pop-up advertisements and install apps without users' consent. The Coolpad devices, however, are ripe for much more malicious abuse, researchers at Palo Alto Networks said today, especially after the discovery of a vulnerability in the backend management interface that exposed the backdoor's control system. Ryan Olson, intelligence director at Palo Alto, said the CoolReaper backdoor not only connects to a number of command and control servers, but is also capable of downloading, installing and activating any Android application without the user's permission. It also sends phony over-the-air updates to devices that instead install applications without notifying the user. The backdoor can also be used to dial phone numbers, send SMS and MMS messages, and upload device and usage information to Coolpad."

4 of 82 comments (clear)

  1. buy cheap ... by Anonymous Coward · · Score: 3, Insightful

    ... get what you pay for

  2. Sony Xperias cellphonmes have backdoors too by Anonymous Coward · · Score: 2, Insightful

    From RealVNC press release:
    "27th February 2012: RealVNC’s remote access technology has been integrated in Sony Mobile Communication’s Android based Xperia smartphones, enabling them to connect to vehicle infotainment systems so that drivers can access their smartphone applications safely from the dashboard display. The technology can also be used in customer support services by helpdesk agents to provide better support to Xperia users."

  3. What? Even "free" has a price? by rainer_d · · Score: 1, Insightful

    News at 11!

    --
    Windows 2000 - from the guys who brought us edlin
  4. Re:Sounds like my Sony Blu-Ray player by Gaygirlie · · Score: 3, Insightful

    Have you checked if it uses HTTP or HTTPS for its traffic? If it's just plain-old HTTP you could redirect the traffic to Sony's servers to a server of your own instead and always just reply with "everything is ok, no updates available, please continue." That's what I've done to several apps and appliances, thereby removing myself from their prying eyes and granting me access to things even when manufacturer's servers are unavailable.