Slashdot Mirror

← Back to Stories (view on slashdot.org)

Secret Backdoor in Some US Phones Sent Data To China (nytimes.com)

Posted by msmash on from the china-and-backdoors dept.

Security contractors have warned that many Android smartphones ship with preinstalled software that has a backdoor that sends all your text messages to China every 72 hours. (Editor's note: the link could be paywalled; here's the press release.) The New York Times reported Tuesday that "the American authorities say it is not clear whether this represents secretive data mining for advertising purposes or a Chinese government effort to collect intelligence." From the report: International customers and users of disposable or prepaid phones are the people most affected by the software. But the scope is unclear. The Chinese company that wrote the software, Shanghai Adups Technology Company, says its code runs on more than 700 million phones, cars and other smart devices. One American phone manufacturer, BLU Products, said that 120,000 of its phones had been affected and that it had updated the software to eliminate the feature. Kryptowire, the security firm that discovered the vulnerability, said the Adups software transmitted the full contents of text messages, contact lists, call logs, location information and other data to a Chinese server. The code comes preinstalled on phones and the surveillance is not disclosed to users, said Tom Karygiannis, a vice president of Kryptowire, which is based in Fairfax, Va. "Even if you wanted to, you wouldn't have known about it," he said.

17 of 111 comments (clear)

  1. Ads or government collection by Calydor · · Score: 5, Insightful

    Why not both?

    Is there some magical thing that says if something is collecting for advertisement purposes it can't be shared with intelligence agencies?

    --
    -=This sig has nothing to do with my comment. Move along now=-
    1. Re:Ads or government collection by Darinbob · · Score: 2

      So many web devs adamantly support advertising as the way to make money and keep their jobs. So why not support government spying a a means to make money, they've already sold their souls to the advertisers so one more concession shouldn't be a big deal, right? After all government spying at least is not as intrusive as ads, the government actually makes it a point to not clutter up the web pages or interrupt you in the middle of a video, and takes a neutral stance in the war between Budweiser and Coors.

  2. Oh no what an awful accident by Anonymous Coward · · Score: 4, Funny

    No reason to be alarmed. Clearly this is just a testing and debugging feature introduced by some errant developer that's been accidentally left in the release build firmware. It will be patched and fixed and you can all go back to buying these phones in safety. No way the Chinese government would have deliberately done this.

    1. Re:Oh no what an awful accident by ShanghaiBill · · Score: 2

      I'm not worried either considering Mao's been dead for forty years.

      History is repeating itself. Xi Jinping is purging his political opponents, mostly by accusing them of corruption, and promoting a personality cult. It will be interesting to see if he steps down at the end of his term in office, or whether he stays on "for the good of the nation".

  3. Another Day, Another Android Exploit by TheFakeTimCook · · Score: 2, Funny

    This is like Windows XP. What a cluster!

    1. Re: Another Day, Another Android Exploit by Anonymous Coward · · Score: 5, Insightful

      This has nothing to do with Android... it's not a bug. This is preinstalled malware on Chinese phones.

      Stop drinking the koolaid.

  4. Always a good sign... by fuzzyfuzzyfungus · · Score: 5, Interesting

    The really disturbing thing isn't that some shit Chinese handsets are full of spyware; but that our own technology industry is so overrun with advertisers, tracking, and 'analytics', that we can't distinguish between espionage and the Chinese just catching up with our business models; because the only real difference is that espionage tends to run at a loss, while advertising is economically self sustaining.

    1. Re:Always a good sign... by Anonymous Coward · · Score: 4, Informative

      This isn't new. Has everyone already forgot about Carrier IQ?

    2. Re:Always a good sign... by alvinrod · · Score: 4, Informative

      If a government can legally compel a company to hand over their advertising information, there's no functional difference between the two. I can think of very little that a government might want to know about a person that an advertising agency would have no interest in collecting.

      I think that Bill Hicks's thoughts on the matter are still quite appropriate.

  5. willing to bet, or at least think about by w3bd4wg · · Score: 2

    I am willing to bet that this code was originally meant to monitor Chinese users and was either put in by a Chinese agent without the companies knowledge or forded to be put in by the Chinese government. I would be willing to think that someone forgot to take it out, or someone said lets try this, but for the Chinese government to do something so obvious...I do now know.

  6. "updated the software to eliminate the feature" by SpankiMonki · · Score: 5, Funny

    Oh, it was just a feature. Whew! What a relief. For a second there, I thought it might be malware.

  7. Japanese by Oswald+McWeany · · Score: 5, Funny

    I'm going to send texts saying I'm eating Japanese food on a more regular basis now.

    Hey honey, look at this Japanese sweet and sour chicken I'm eating. I feel like going to the Japanese restaurant for General Tsao's chicken tonight.

    - that oughta piss 'em off.

    --
    "That's the way to do it" - Punch
    1. Re:Japanese by Culture20 · · Score: 3, Funny

      No one in China knows what the hell General Tso's Chicken is.

      It's four pay grades better than Colonel Sanders' chicken, that's what it is!

  8. Is your phone affected? by resfilter · · Score: 5, Informative

    From the press release, the affected phones have the following services installed:

        com.adups.fota.sysoper
        com.adups.fota

    I'd probably check your phone to ensure those don't exist. ... And it sends data to the following domains, if ya wanted to firewall or sniff it or whatever:

        bigdata.adups.com (primary)
        bigdata.adsunflower.com
        bigdata.adfuture.cn
        bigdata.advmob.cn

  9. In Soviet America, Chinese chairman spies you! by fubarrr · · Score: 2

    In Soviet America, Chinese chairman spies you!

  10. It's called "root". (Adminstrator for Windows user by raymorris · · Score: 2

    It's called root. You enable root, then choose from any of the many apps which mount the "rom" read-write and you check off which pre-installed apps you want to remove.

  11. Re:General Tso's chicken is "chinese" food by avandesande · · Score: 3, Funny

    India is West of Japan

    --
    love is just extroverted narcissism