Slashdot Mirror

← Back to Stories (view on slashdot.org)

Barnes & Noble's Latest Tablet Is Running Spyware From Shanghai (linuxjournal.com)

Posted by BeauHD on from the buyer-beware dept.

Long-time Slashdot reader emil writes about how ADUPS, an Android "firmware provisioning" company specializing in both big data collection of Android usage and hostile app installation and/or firmware control, has been found pre-loaded on Barnes and Noble's new $50 tablet: ADUPS was recently responsible for data theft on BLU phones and an unsafe version of the ADUPS agent is pre-loaded on the Barnes and Noble BNTV450. ADUPS' press releases claim that Version 5.5 of their agent is safe, but the BNTV450 is running 5.2. The agent is capable of extracting contacts, listing installed apps, and installing new apps with elevated privilege. Azzedine Benameur, director of research at Kryptowire, claims that "owners can expect zero privacy or control while using it."

2 of 63 comments (clear)

  1. in other words... by Anonymous Coward · · Score: 2, Interesting

    "owners can expect zero privacy or control while using it."

    In other words, much like every "web app" ever. Gmail. Twitter. Instagram. Etc.

    The people have spoken. They're cool with having zero privacy or control. That ship fucking SAILED.

  2. Stronger protections needed by melting_clock · · Score: 4, Interesting

    Spyware and adware were once universally considered to be malware but there appears to be some exceptions now... Many ad supported mobile apps are known to leak personal data to Ad networks with no protections on how that data or sold. This should be considered spyware but many people are willing to accept it. While the subject of this article is a more extreme example of the spectrum of spyware, it isn't clear where people draw the line. Without strong legal protections, consumers are at the mercy of device manufacturers that are driven by profit, with little interest in looking after their customers privacy. Manufacturers might be embarrassed when the a caught out with poor security practises or when they are spying on users but that is a pretty weak form of protection.

    A scary escalation is the move of this sort of software from the mobile device to traditional computing platforms (laptop and desktop). Windows 10 telemetry could, and should, be considered to be spyware. After MS started displaying ads it became adware as well.

    When it is law enforcement or security agencies spying on the public there is much more of a reaction than when a company does it.