Slashdot Mirror

← Back to Stories (view on slashdot.org)

Chinese Backdoor Still Active on Many Android Devices (bleepingcomputer.com)

Posted by msmash on from the security-woes dept.

Catalin Cimpanu, writing for BleepingComputer: Many Android users may still have a backdoor on their device, according to new revelations made today by the Malwarebytes' mobile security research team. Their discovery is related to the Adups case from last year. Back in mid-November 2016, US cyber-security firm Kryptowire revealed it discovered that firmware code created by a Chinese company called Adups was collecting vasts amount of user information and sending it to servers located in China. According to Kryptowire, the backdoor code was collecting SMS messages, call history, address books, app lists, phone hardware identifiers, but it was also capable of installing new apps or updating existing ones. The backdoor was hidden inside a built-in and unremovable app named com.adups.fota, the component responsible for the phone's firmware-over-the-air update (FOTA) system.

30 comments

  1. not the back door!!! by Anonymous Coward · · Score: 0

    Thatâ(TM)s for exit only

    1. Re:not the back door!!! by Anonymous Coward · · Score: 0

      That's not what your mom said. She really enjoys a good stool push.

  2. Data selling and coin mining by Anonymous Coward · · Score: -1, Troll

    That is the cost of free. Pay the Apple tax instead.

    1. Re:Data selling and coin mining by Anonymous Coward · · Score: 0

      You're a dumbass.

    2. Re:Data selling and coin mining by Zaelath · · Score: 1

      OTOH I don't have a Chinese backdoor on my phone and saved $1000 on a phone that has more RAM than an iPhone X, and can take an SD card or dual SIM....

    3. Re:Data selling and coin mining by Anonymous Coward · · Score: -1

      Yeah but it's chick repellant, bruh. No hottie is going to even talk to someone carrying a phone like that. Can you get a case that makes it look like an Apple?

    4. Re:Data selling and coin mining by Anonymous Coward · · Score: -1

      Tim Cock colludes with China to install back door. Jony Ived iOS is shitty as hell, but you faggets don't care anyway.

    5. Re:Data selling and coin mining by Anonymous Coward · · Score: 0

      And has a jack, and superior USB 3 port. win win

    6. Re:Data selling and coin mining by Anonymous Coward · · Score: 1

      The FCC or some Consumer mob should put in a defect and RECALL on all affected phones, and ban all future imports because they are intrusive - the EU should also step on board.

      A specific RECALL will be effective in shutting down imports. Put a block on the IMEI's is another suggestion.

  3. baddroid by Anonymous Coward · · Score: 0

    Yeah rebrand it

  4. Why care about Chinese when you have Google? by SuperKendall · · Score: 1, Insightful

    To me it seems a little silly to care about any Chinese backdoors when Google is already sucking everything you do off the phone anyway.

    It's like having a bunch of horses, building a barn with no doors or roof or walls (think Les Nessman Tape Barn) and then worrying about them getting out. Hint: they are already out.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
    1. Re:Why care about Chinese when you have Google? by WilliamGeorge · · Score: 1

      I don't worry about Google stealing my identity, though. On the other hand, a backdoor could be abused by malware authors - even if the company that built it isn't doing anything too horrible.

      A quick look over the article didn't seem to name phones or brands, but this is one of the reasons I stick to Google's Nexus / Pixel devices. I am hoping that they do a good job of keeping third party stuff off their phones. 'Better the devil you know' and all that sort of stuff.

      --
      William George
    2. Re:Why care about Chinese when you have Google? by Anonymous Coward · · Score: -1

      To me kendall you will always be an apologist faggot for the worst kind of shit, you're basically a cunt slathered in distracting traitor sauce 24/7. Hint : Kill yourself.

      (Think bullet to the dysfunctional apologist faggot brain stem)

    3. Re:Why care about Chinese when you have Google? by WaffleMonster · · Score: 2

      To me it seems a little silly to care about any Chinese backdoors when Google is already sucking everything you do off the phone anyway.

      Can't tell anymore if this was intended to be a joke or you're being serious.

      It's like having a bunch of horses, building a barn with no doors or roof or walls (think Les Nessman Tape Barn) and then worrying about them getting out. Hint: they are already out.

      Or a drive by shooting. Once one has been shot at once - second time is no big deal.

    4. Re:Why care about Chinese when you have Google? by Anonymous Coward · · Score: 0

      So if raped once, your kids are fair game forever?

      Maybe we would prefer to choose just one corporate overlord to see all our bits, not do a group thing.

    5. Re:Why care about Chinese when you have Google? by Anonymous Coward · · Score: 1

      It must be terrible to want him, and know that you can never have him.

  5. Russian backdoor still active at 1600 Penn ave. by Anonymous Coward · · Score: 0

    And the garbage out is a product of electing garbage in.

    1. Re:Russian backdoor still active at 1600 Penn ave. by Anonymous Coward · · Score: 0

      But Hillary lost, dude.

  6. No by Anonymous Coward · · Score: 0

    No

  7. Amazon Tablets are Android... by Anonymous Coward · · Score: -1

    Does that include the Amazon Fire 7 Tablet that I picked up for $30 USD?

    1. Re: Amazon Tablets are Android... by Anonymous Coward · · Score: 1

      Creimer spam. Mod down. Please report him to Amazon for spamming forums. You can get his affiliate ID from the links he posts.

  8. Yes by Anonymous Coward · · Score: 0

    Yes

  9. Most android devices still haven't patched KRACK by Anonymous Coward · · Score: 1

    If your patch level isn't at least Nov 6, 2017, then you're still vulnerable to KRACK. Source: Android Security Bulletin -- November 2017

    If you're using an Android device with KRACK vuln on a wireless network, then you're compromising everyone on the network, and you deserve to have your device bricked.

  10. re by Geldmarket · · Score: 1

    I think that most software has a backdoor but specially left

  11. Android Never Heard of Sandboxing? by TheFakeTimCook · · Score: 0

    This would NEVER happen on iOS. Apps MUST ask (and get) Permission to access data outside of the App's directory. ...And NOT just at Installation-Time; but when they actually want to DO it!

    https://support.apple.com/en-u...

    1. Re:Android Never Heard of Sandboxing? by Anonymous Coward · · Score: 1

      This is not about an app, it is about a built in tool that was intended to be the "component responsible for the phone's firmware-over-the-air update".
      Pretty sure an iOS user wouldn't be able to remove permissions for the OS updating tools either. Tho you may be able to decide not to accept an OS update.

  12. Those crazy orientals! by Anonymous Coward · · Score: 0

    What are they creepin round our phones for?

  13. Android is not securable. by jcr · · Score: 1

    In a related story, water remains wet.

    -jcr

    --
    The only title of honor that a tyrant can grant is "Enemy of the State."
  14. The New Normal by Anonymous Coward · · Score: 0

    Every Android phone has a Chinese backdoor. It a feature.

  15. Re:Most android devices still haven't patched KRAC by Anonymous Coward · · Score: 0

    You are a petulant child.