Pre-installed Spying Firmwares On Your Device?

[Hervé]

Security company finds 700 million Android phones have spying firmware pre-installed

Mike Wehner BGR Tue, 20 Dec 2016 16:26 UTC

© Flickr/asgw

The term "mobile phone security" is something of a joke these days, with the number of exploits, bugs, and breaches that are endlessly assaulting us and putting our personal information at risk. So, when security outfit Kryptowire sounded the alarm on Chinese company Adups for using its preinstalled apps to spy on Android users with Blu smartphones, it wasn't exactly a shock. Now, however, the impact of Adups alleged spying is growing in magnitude, and it's dragging other Android device manufacturers into the quagmire.

Adups is a company that facilitates over-the-air updates for mobile devices, so its firmware is pre-installed on lots of devices. However, the firmware does much more than it claims, and has the ability to snoop in areas that it shouldn't, and without the user ever knowing. That information can then be collected by Adups for whatever purposes it desires.

Trustlook, another digital security firm, dug deeper on what devices utilize Adups and could be used by the Chinese company to scrape your private information, and the list is absolutely massive. Trustlook says that over 700 million Android smartphones have Adups firmware installed that puts the user at risk of having text messages, call histories, and device information collected without their knowledge or consent.

Many of the manufacturers who utilize Adups are smaller companies who only release their devices in Asia or specific smaller markets. However, there are a few notable names on the list, including Lenovo, ZTE, and the aforementioned Blu.

The Blu R1 HD was the first device found to be relaying this sensitive information back to Adups, and the company took action to halt the app's nefarious habits, but it's now up to the rest of the dozens and dozens of manufacturers on the list to do the same. The best course of action right now seems to be keeping the phone as updated as possible, and installing any security patches that come down the pipeline.

[Hervé]

Although independent, simultaneous inventions can occur planet wide, one may still wonder if the idea wasn't pushed on to the Chinese from some other quarter(s):

How the NSA’s Firmware Hacking Works and Why It’s So Unsettling

One of the most shocking parts of the recently discovered spying network Equation Group is its mysterious module designed to reprogram or reflash a computer hard drive’s firmware with malicious code. The Kaspersky researchers who uncovered this said its ability to subvert hard drive firmware—the guts of any computer—“surpasses anything else” they had ever seen.

The hacking tool, believed to be a product of the NSA, is significant because subverting the firmware gives the attackers God-like control of the system in a way that is stealthy and persistent even through software updates. The module, named “nls_933w.dll”, is the first of its kind found in the wild and is used with both the EquationDrug and GrayFish spy platforms Kaspersky uncovered.

[...]

Full article: http://www.wired.com/2015/02/nsa-firmware-hacking/

-----------------------------------------------------------------------------

In the case of a firmware hack, the only solution left is trash the hard drive and buy a new one... but how to know that, that new HDD isn't already infected right out of its manufacturing process... directly at the factory? You know, that "Intel Inside" kind of stuff?

[Ernie Nemeth]

On sort of the same topic. Today, waiting in line at the bank, I tried connecting to the free wifi. I don't know what possessed me to do so but I did. I know better. The pop-up TD flyer stopped my data connection entirely, and for a while after my phone would not make or receive calls (until I remembered the fix - restart phone).

It is insidious, insulting and ultimately a dangerous practice , this innocently creating spy ware that even the most trusted brands employ.