Secret Backdoor in Some U.S. Phones Sent Data to China, Analysts Say By MATT APUZZO and MICHAEL S. SCHMIDT NOV. 15, 2016 WASHINGTON — For about $50, you can get a smartphone with a highdefinition display, fast data service and, according to security contractors, a secret feature: a backdoor that sends all your text messages to China every 72 hours. Security contractors recently discovered preinstalled software in some Android phones that monitors where users go, whom they talk to and what they write in text messages. The American authorities say it is not clear whether this represents secretive data mining for advertising purposes or a Chinese government effort to collect intelligence. International customers and users of disposable or prepaid phones are the people most affected by the software. But the scope is unclear. The Chinese company that wrote the software, Shanghai Adups Technology Company, says its code runs on more than 700 million phones, cars and other smart devices. One American phone manufacturer, BLU Products, said that 120,000 of its phones had been affected and that it had updated the software to eliminate the feature. Kryptowire, the security firm that discovered the vulnerability, said the Adups software transmitted the full contents of text messages, contact lists, call logs, location information and other data to a Chinese server. The code comes preinstalled on phones and the surveillance is not disclosed to users, said Tom Karygiannis, a vice president of Kryptowire, which is based in Fairfax, Va. “Even if you wanted to, you wouldn’t have known about it,” he said. Security experts frequently discover vulnerabilities in consumer electronics, but this case is exceptional. It was not a bug. Rather, Adups intentionally designed the software to help a Chinese phone manufacturer monitor user behavior, according to a document that Adups provided to explain the problem to BLU executives. That version of the software was not intended for American phones, the company said. “This is a private company that made a mistake,” said Lily Lim, a lawyer in Palo Alto, Calif., who represents Adups. The episode shows how companies throughout the technology supply chain can compromise privacy, with or without the knowledge of manufacturers or customers. It also offers a look at one way that Chinese companies — and by extension the government — can monitor cellphone behavior. For many years, the Chinese government has used a variety of methods to filter and track internet use and monitor online conversations. It requires technology companies that operate in China to follow strict rules. Ms. Lim said Adups was not affiliated with the Chinese government. At the heart of the issue is a special type of software, known as firmware, that tells phones how to operate. Adups provides the code that lets companies remotely update their firmware, an important function that is largely unseen by users. Normally, when a phone manufacturer updates its firmware, it tells customers what it is doing and whether it will use any personal information. Even if that is disclosed in long legal disclosures that customers routinely ignore, it is at least disclosed. That did not happen with the Adups software, Kryptowire said. According to its website, Adups provides software to two of the largest cellphone manufacturers in the world, ZTE and Huawei. Both are based in China. Samuel OhevZion, the chief executive of the Floridabased BLU Products, said: “It was obviously something that we were not aware of. We moved very quickly to correct it.” He added that Adups had assured him that all of the information taken from BLU customers had been destroyed.
MVP9596 said: I don't fee like creating an account to read that article, but I was just looking at a recap of it. Hopefully it doesn't affect my Oneplus. In Firefox, right-click the link and select "open in new private window".
kamalktk said: MVP9596 said: I don't fee like creating an account to read that article, but I was just looking at a recap of it. Hopefully it doesn't affect my Oneplus. In Firefox, right-click the link and select "open in new private window".
Why have I never heard of this before? I feel this should be a buzzfeed lifehack.
MVP9596 said: I don't fee like creating an account to read that article, but I was just looking at a recap of it. Hopefully it doesn't affect my Oneplus. i assumed everyone can get at least 10 free articles per month on nytimes.com. i get the edu discount to $1/week online version.
Disclaimer: By providing links to other sites, FatWallet.com does not guarantee, approve or endorse the information or products available at these sites, nor does a link indicate any association with or endorsement by the linked site to FatWallet.com.
Members of our community may attach files to a post in accordance with the User Agreement. FatWallet is not responsible for the content, accuracy, completeness or validity of any information contained in any attached file. Files have *not* been scanned for viruses. Be especially wary of Excel files which may contain malicious content.
Earn Cash Back while you shop - just 3 simple steps.
1. Sign Up so we know who to pay! (It's FREE.)
2. Shop through FatWallet for deals from your favorite stores. Your online purchases earn Cash Back that builds in your FatWallet account.
3. Get Paid by requesting a payment via check or PayPal.
FatWallet coupons help you save more when shopping online. Use our Coupons Search to browse coupons and offers from thousands of stores, gathered into one convenient location.
As part of our FatWallet Community, you can share deals with almost a million shoppers in our forums. Forum content is generated by consumers for consumers. Share deals, money-saving tips, and more. It's FREE, fun, and addicting.
Our customer experience team is here around the clock - real people ready to assist.