Barnes & Noble's Latest Tablet Is Running Spyware From Shanghai (linuxjournal.com)

← Back to Stories (view on slashdot.org)

Barnes & Noble's Latest Tablet Is Running Spyware From Shanghai (linuxjournal.com)

Posted by BeauHD on Tuesday December 20, 2016 @12:45PM from the buyer-beware dept.

Long-time Slashdot reader emil writes about how ADUPS, an Android "firmware provisioning" company specializing in both big data collection of Android usage and hostile app installation and/or firmware control, has been found pre-loaded on Barnes and Noble's new $50 tablet: ADUPS was recently responsible for data theft on BLU phones and an unsafe version of the ADUPS agent is pre-loaded on the Barnes and Noble BNTV450. ADUPS' press releases claim that Version 5.5 of their agent is safe, but the BNTV450 is running 5.2. The agent is capable of extracting contacts, listing installed apps, and installing new apps with elevated privilege. Azzedine Benameur, director of research at Kryptowire, claims that "owners can expect zero privacy or control while using it."

63 comments

Min score:

Reason:

Sort:

Big Brother... by Anonymous Coward · 2016-12-20 12:46 · Score: 1

is watching. And he's not nice...
1. Re: Big Brother... by Anonymous Coward · 2016-12-21 02:11 · Score: 0
  
  More like Uncle Charlie
2. Re:Big Brother... by unixisc · 2016-12-21 06:18 · Score: 1
  
  Sounds like Big Comrade Zhou Tsai
in other words... by Anonymous Coward · 2016-12-20 12:56 · Score: 2, Interesting

"owners can expect zero privacy or control while using it."
In other words, much like every "web app" ever. Gmail. Twitter. Instagram. Etc.
The people have spoken. They're cool with having zero privacy or control. That ship fucking SAILED.
1. Re:in other words... by Anonymous Coward · 2016-12-20 14:28 · Score: 2, Insightful
  
  It's not that people are 'cool with it'.
  Much like climate change and illegal government spying, the reason that people don't seem to mind is that only about 0.00001% of users actually experience something they perceive as harmful as a result of pre-installed spyware. It's hard to get people exited about something that they don't perceive as affecting them.
2. Re:in other words... by CaptainDork · 2016-12-20 14:54 · Score: 1, Insightful
  
  This.
  I'm a retired IT guy and, like many of you, I can perform miracles of a semi-religious nature with computing platforms.
  I have to provide permission for my computer to flip a bit.
  Even so, I know full well that every fucking thing I do is recorded and used without my permission.
  When laypersons ask me, "What can be done?"
  I say, "Nothing."
  I'm not worried about it, though because it actually works both ways.
  My motto is:
  "For every motherfucker out there with a computer, there's another motherfucker out there with a computer."
  It's all good.
  
  --
  It little behooves the best of us to comment on the rest of us.
3. Re:in other words... by Anonymous Coward · 2016-12-21 05:52 · Score: 0
  
  The people have spoken. They're cool with having zero privacy or control. That ship fucking SAILED.
  Sure, I guess, if you want to be a lilly-livered, yellow-bellied, pussy-ass, fuccboi little COWARD, and just lie there and take it up the ass, like apparently YOU are doing..
  
  ..or you can FIGHT BACK, not use these unnecessary devices in the first place (BUY PAPER BOOKS, DAMNIT!), not download a bunch of shitty 'apps' for your smartphone (which 95% of you could live without anyway -- get a basic non-smartphone, damnit!), and otherwise give a damn about your privacy!
  
  Come on, humans: Stop being stupid about this!
4. Re:in other words... by Anonymous Coward · 2016-12-21 06:22 · Score: 1
  
  Sure, I guess, if you want to be a lilly-livered, yellow-bellied, pussy-ass, fuccboi little COWARD, and just lie there and take it up the ass, like apparently YOU are doing.. ..or you can FIGHT BACK, not use these unnecessary devices in the first place (BUY PAPER BOOKS, DAMNIT!), not download a bunch of shitty 'apps' for your smartphone (which 95% of you could live without anyway -- get a basic non-smartphone, damnit!), and otherwise give a damn about your privacy!
  Come on, humans: Stop being stupid about this!
  Says the guy on the interwebz...
5. Re:in other words... by Anonymous Coward · 2016-12-21 06:28 · Score: 0
  
  Because non-smartphones can't be used to spy on you?
"Owners can expect zero privacy or control" by Anonymous Coward · 2016-12-20 13:01 · Score: 0

So exactly like every other tablet or phone, then.
1. Re:"Owners can expect zero privacy or control" by Anonymous Coward · 2016-12-20 17:43 · Score: 0
  
  True, the amount of spying is the same, only the data monetizing company name changes. And at least one is not paying $900 for the company for exploiting his data.
2. Re:"Owners can expect zero privacy or control" by unixisc · 2016-12-21 06:19 · Score: 1
  
  But if one's data's gonna be exploited either way, why not get it subsidized?
erase and cyanogen, or? by mah! · 2016-12-20 13:02 · Score: 0

has anyone tried CyanogenMod on it? Would any of these work: https://download.cyanogenmod.org ?
1. Re:erase and cyanogen, or? by koick · 2016-12-20 13:19 · Score: 1, Informative
  
  Got one of these for my mom (they kick ass compared to Amazon's Fire), but now potentially regretting it. Been keeping an eye out for rooting this bad boy and installing CM, but google searches for "root BNTV450" or "cyanogenmod BNTV450", come up with nothing.
2. Re:erase and cyanogen, or? by Anonymous Coward · 2016-12-20 14:41 · Score: 2, Funny
  
  That's not true, I just searched "cyanogenmod BNTV450" and this link is the first result.
3. Re:erase and cyanogen, or? by jandersen · 2016-12-20 21:51 · Score: 2
  
  has anyone tried CyanogenMod on it?
  I haven't. One of the reasons I have stayed away from cyanogen and rooting until now is that when I have looked at what I can find about this subject, I can't shake off the feeling that this is mostly a bunch of script kiddies, who try to sound like they are cool and with it, but are actually rather dim - Beavis and Butthead trying to get you to blindly download and install something in the hope that it won't brick the device you have paid actual money for. My last, cheap phone still cost something like $600, so I will only start playing around with it like that, if I feel really confident in the guidance and the SW; and that means open source software and good quality documentation. And by good quality documentation I don't mean lots of pictures of how you click on menues, but thorough explanations of what to do, why to do it, and what to do if/when things go wrong.Unless you are very familiar with things, the worst experience you can have is to get stuck halfways with no idea what the hell to do next. That simply must not happen.
4. Re: erase and cyanogen, or? by Anonymous Coward · 2016-12-20 23:40 · Score: 1
  
  A $600 phone is not a cheap phone.
5. Re: erase and cyanogen, or? by Anonymous Coward · 2016-12-21 00:14 · Score: 1
  
  Yeah, nobody needs you to try CM, lol. Were you expecting someone to argue with you?
6. Re:erase and cyanogen, or? by Anonymous Coward · 2016-12-21 01:36 · Score: 0
  
  My last, cheap phone still cost something like $600
  I think I just figured out the reason CM isn't ever going to work out f or you: you're retarded. People who can't even understand numbers aren't likely to understand anything else, either.
7. Re: erase and cyanogen, or? by mrchew1982 · 2016-12-21 02:22 · Score: 2
  
  It has been done: http://blog.the-ebook-reader.c... CyanogenMod is going by CM7 these days, might be why you didn't find it. Might have to give myself one of these for Xmas...
8. Re: erase and cyanogen, or? by fbobraga · 2016-12-21 04:13 · Score: 1
  
  mod parent up!
9. Re: erase and cyanogen, or? by fbobraga · 2016-12-21 04:16 · Score: 1
  
  A $600 phone is not a cheap phone.
  I second this: a "cheap phone" don't surpasses the US$100 barrier...
10. Re: erase and cyanogen, or? by Schnapple · 2016-12-21 05:11 · Score: 1
  
  Note that this is a set of instructions from 2012 and is referring to an older Nook tablet, which was also 7". This article is referring to a new Nook released in the last month.
  
  --
  Schnapple
11. Re: erase and cyanogen, or? by koick · 2016-12-21 05:11 · Score: 1
  
  Sorry, but that is the Nook tablet from 2 years ago. The one we are talking about came out a little more than a month ago.
12. Re: erase and cyanogen, or? by Anonymous Coward · 2016-12-21 05:23 · Score: 0
  
  That is the 2012 version of the Nook, not the current one.
  http://blog.the-ebook-reader.com/2016/11/16/bn-releasing-new-nook-tablet-for-49-a-fire-tablet-clone/
13. Re:erase and cyanogen, or? by Ginguin · 2016-12-21 06:58 · Score: 1
  
  Having experienced bricking a cheap $35 router trying to build a pirate box in the early days of its development, I completely understand what you are saying. I got stuck halfway through the process with no (documented) options for moving forward. The documentation for that project was even better than what I see with the "remake your phone" crowd. It's especially worse when they have you downloading random programs/utilities with little to no explanation as to what is in them and what they do.
  I will not do that with my phone unless I am comfortable losing it. I have had success with cheap tablets, but that was in spite of the documentation, not because of it.
  
  --
  "Anything you say can and will be used against you in a targeted advertisement" - Adam Harvey
14. Re: erase and cyanogen, or? by jandersen · 2016-12-21 20:53 · Score: 1
  
  Cheap comes in all sizes, I suppose. When you are old enough that your children have left to live their own lives, and you look back at nearly 30 years of experience with development, you begin to notice that you always seem to have money left over every month, and after a while you look differently at certain things like the price of a phone. For what I've got for my money, I think $600 was cheap - also considering that I don't buy a new one every few years. There are certainly phones out there that are far more expensive thatn what I would pay; but that goes for anything, really - hotels are my favourite in that respect: to me a cheap, but reasonable hotel would cost about 25 - 30 euro, and would have only just what is needed to stay overnight - that is what I prefer. But I came across one hotel in London where you can get a "room" that costs Â£18,000 per night. Admittedly, you do get 8 or 12 luxurious bedrooms, exclusive use of a butler, free use of one of the hotel's Rolls Royces (incl chauffeur) etc etc. Seen in that light, a mere Â£1500 per night probably looks very cheap, but I'm more into the basic options when it comes to accomodation - I can't see why I would stay in a hotel room for any length of time except when sleeping.
15. Re: erase and cyanogen, or? by jandersen · 2016-12-21 20:55 · Score: 1
  
  Yet, here you are, doing what exactly? ;-)
I hear by Anonymous Coward · 2016-12-20 13:12 · Score: 0

Roots agrowing... Root the darn thing and be done with it.
Zero privacy or control by Anonymous Coward · 2016-12-20 13:20 · Score: 0

is exactly what you have on Android to begin with. Instead of all your information only building a profile of you with Google and Eric Schmidt's Departement of Justice, it also now goes to an advertisement company in Shanghai.
If you're concerned about your privacy, you shouldn't be using Android in the first place.
1. Re:Zero privacy or control by Anonymous Coward · 2016-12-20 14:08 · Score: 2, Insightful
  
  If you're concerned about your privacy, you shouldn't be using a smart phone. Period.
2. Re: Zero privacy or control by fbobraga · 2016-12-21 04:20 · Score: 1
  
  If you are concerned about your privacy you should be using an iPhone, period.
  In think you have cognitive problems, AC: iOS is not even open-source (what makes cyanogenmod.org possible)...
3. Re: Zero privacy or control by green1 · 2016-12-21 04:24 · Score: 2
  
  Because you believe Apple doesn't ever look at all the data they collect about you? That they would never share it with anyone?
  At least with Android it's your choice. You can root the phone and decide exactly how much you want going where. Now if you want to actually use any services you'll have to share something, but it's up to you what the trade-off is. On iPhone you have no choice, Apple gets all of it no matter what you do.
4. Re: Zero privacy or control by Anonymous Coward · 2016-12-21 04:49 · Score: 0
  
  The suspiciously long delays between security researchers disclosing security issues in iOS and macOS, and Apple actually fixing them, even in trivial cases, clearly reveals that Apple will let others (assumedly NSA and CIA) dictate how secure your Apple device and system should be. Don't for a second think your Apple devices are secure.
News? by Frosty+Piss · 2016-12-20 13:34 · Score: 0

When products like these come out, the real story will be the ones that DON'T have crap like this installed.

--
If you want news from today, you have to come back tomorrow.
Discount? by Tablizer · 2016-12-20 13:49 · Score: 1

Does that mean I can get a discount on one? I don't care if China reads my books.

--
Table-ized A.I.
1. Re:Discount? by Anonymous Coward · 2016-12-20 14:21 · Score: 2, Insightful
  
  You've already got a discount on one, that's why it costs $50.
2. Re:Discount? by Anonymous Coward · 2016-12-20 15:08 · Score: 1
  
  Can I get a discount too? I don't care if China has access to my financial info and personal info. Also, I'm fine with them compromising family and friends and all the other people in my contact list. They can have my texts and emails too. Small price to pay!
3. Re:Discount? by Tablizer · 2016-12-20 15:46 · Score: 1
  
  If you do your taxes on a $50 tablet, you deserve that.
  
  --
  Table-ized A.I.
In other news by LightningBolt! · 2016-12-20 14:09 · Score: 3, Funny

Barnes & Noble is still trying to sell tablets.

--
Old people fall. Young people spring. Rich people summer and winter.
1. Re:In other news by Anonymous Coward · 2016-12-21 03:09 · Score: 0
  
  I don't know anyone that likes Kindle other than as a cheap tablet for kids to play games on. Whereas, Nook owners love their Nooks and use them exclusively for reading books.
2. Re:In other news by Agripa · 2016-12-21 17:33 · Score: 1
  
  Barnes & Noble is still trying to sell tablets.
  It sounds more like they are selling (out) their customers.
Bought the First Color Nook by Anonymous Coward · 2016-12-20 14:56 · Score: 0

Used it to read PDF versions of public domain books and arXiv preprints. Then I got CM running on it - A simple of matter of just plugging in a properly configured SD card. Used it for a while, but now it just serves as a very expensive alarm clock.
Stronger protections needed by melting_clock · 2016-12-20 15:58 · Score: 4, Interesting

Spyware and adware were once universally considered to be malware but there appears to be some exceptions now... Many ad supported mobile apps are known to leak personal data to Ad networks with no protections on how that data or sold. This should be considered spyware but many people are willing to accept it. While the subject of this article is a more extreme example of the spectrum of spyware, it isn't clear where people draw the line. Without strong legal protections, consumers are at the mercy of device manufacturers that are driven by profit, with little interest in looking after their customers privacy. Manufacturers might be embarrassed when the a caught out with poor security practises or when they are spying on users but that is a pretty weak form of protection.
A scary escalation is the move of this sort of software from the mobile device to traditional computing platforms (laptop and desktop). Windows 10 telemetry could, and should, be considered to be spyware. After MS started displaying ads it became adware as well.
When it is law enforcement or security agencies spying on the public there is much more of a reaction than when a company does it.
1. Re:Stronger protections needed by Anonymous Coward · 2016-12-20 17:10 · Score: 0
  
  Spyware and adware were once universally considered to be malware but there appears to be some exceptions now... Many ad supported mobile apps are known to leak personal data to Ad networks with no protections on how that data or sold. This should be considered spyware but many people are willing to accept it.
  I don't get the point of this post. Spyware is spyware. Windows 10 telemetry IS spyware and malware and should be considered as such. Anyone can make the mistake of choosing to run malware. That doesn't make it any less stupid or the software any less malicious.
2. Re:Stronger protections needed by Anonymous Coward · 2016-12-20 17:56 · Score: 0
  
  I don't get the point of this post. Spyware is spyware. Windows 10 telemetry IS spyware and malware and should be considered as such. Anyone can make the mistake of choosing to run malware. That doesn't make it any less stupid or the software any less malicious.
  My problem with windows 10 telemetry is you can only reduce it, not turn it off entirely. I suppose I could block it with effort. Then again I just reinstalled linux mint. I was only keeping it for sketchup and it looks like it is going to run under playonlinux.
  Basically a computer should do what the person who paid for it tells it to do. If you cannot turn off its spying functionality, then you no longer really have control of it, which is likely the point...
3. Re:Stronger protections needed by wildstoo · 2016-12-20 21:31 · Score: 1
  
  When it is law enforcement or security agencies spying on the public there is much more of a reaction than when a company does it.
  This is, increasingly, a distinction without a difference.
4. Re:Stronger protections needed by green1 · 2016-12-21 04:28 · Score: 1
  
  There is a difference. One has the authority to throw me in jail, or worse take me somewhere offshore and torture me. The other might show me more ads.
  I don't want either one spying on me, but there's certainly an order of preference here!
Bill? Uh, Bill...? by AthanasiusKircher · 2016-12-20 16:08 · Score: 1

Is that you, Bill? We all know you'd love to be in on something like this...
Re: by Anonymous Coward · 2016-12-20 21:33 · Score: 1

And that's why I 've henceforth committed to only buying Nexus or Google-branded devices. My Lenovo tab also has a user experience and a lenovo id process I don't know what they do (I mean, besides reducing battery life on standby by 30%). Never again.
It's not a bug, by CptLoRes · 2016-12-20 22:40 · Score: 1

it's a feature..
Being A US National by Anonymous Coward · 2016-12-21 02:52 · Score: 0

Better spyware from Shanghai than spyware from Langley.
1. Re:Being A US National by fbobraga · 2016-12-21 04:08 · Score: 1
  
  Better spyware from Shanghai than spyware from Langley.
  from Langley is Microsoft made... we need Android!
And yet still no crap like that on IOS.... by Anonymous Coward · 2016-12-21 03:25 · Score: 0

Could the Apple haters explain me again why Apple using a walled garden is bad ?
1. Re: And yet still no crap like that on IOS.... by Anonymous Coward · 2016-12-21 03:46 · Score: 0
  
  Going to use an obviously hyperbolic example, but picking one good point out of bad is like saying Hitler was a great man, he saved Germany from economic collapse and all !
2. Re:And yet still no crap like that on IOS.... by fbobraga · 2016-12-21 04:29 · Score: 1
  
  And yet still no crap like that on IOS....
  
  ... that we know: it's a closed-souce software...
  
  * why posting AC? Can't login?
3. Re:And yet still no crap like that on IOS.... by bill_mcgonigle · 2016-12-21 13:29 · Score: 1
  
  Apple tells developers what features and technologies they may support in their applications:
  http://www.ibtimes.co.uk/jaxx-...
  Do you always agree with the current Apple management?
  
  --
  My God, it's Full of Source!
  OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Nexus or Google-branded Devices Suck by Anonymous Coward · 2016-12-21 03:53 · Score: 0

I've been buying Google products thinking that I would be getting better support and faster Android updates. However, Google is easily distracted and they have no desire to support older devices when they change direction. I have a Google phone and a Nexus tablet that have been pre-maturely abandoned by Google and will not be receiving further updates. The devices would be great if Google cared to support them.
I'm very happy with my Motorola/Lenovo Moto G4 Plus phone which can be purchased unlocked to give carrier freedom, and it runs stock Android (better than poorly implemented manufacturer builds from Samsung LG etc.). Good price, great battery life, great GPS, great screen, much better than my Google/Samsung device. Hopefully Moto will keep up the Android security updates (TBD).
The Lenovo PC's I have bought have been very solid, although I've wiped them and installed stock Windows to jettison the manufacturer crapware.
1. Re:Nexus or Google-branded Devices Suck by fbobraga · 2016-12-21 04:26 · Score: 1
  
  Google products thinking that I would be getting better support and faster Android updates. However, Google is easily distracted and they have no desire to support older devices when they change direction.
  There's always cyanogenmod.org...
Somebody preloaded a company onto a tablet??!? by pem · 2016-12-21 03:54 · Score: 1

I'll take one if the company is profitable. Hell, maybe even if it's not -- I could use the tax write-off.
Re: It's hard to get people exited... by slashrio · 2016-12-21 07:39 · Score: 1

I guess I just missed the exit...

--
"Trump!!", the new Godwin.