• filter:
  • Page :
  • 1
  • Text Only
  • Search this Topic »
rated:
http://www.nytimes.com/2016/11/16/us/politics/china-phones-softw...

looks like BLU phones are affected in the US.

Thanks for visiting FatWallet.com. Join for free to remove this ad.
rated:
I don't fee like creating an account to read that article, but I was just looking at a recap of it.  Hopefully it doesn't affect my Oneplus.

rated:
And this is just the one of the few we are aware of. Skynet is here.

rated:
Secret Backdoor in Some U.S. Phones Sent Data to China, Analysts Say By MATT APUZZO and MICHAEL S. SCHMIDT NOV. 15, 2016 WASHINGTON — For about $50, you can get a smartphone with a high­definition display, fast data service and, according to security contractors, a secret feature: a backdoor that sends all your text messages to China every 72 hours. Security contractors recently discovered preinstalled software in some Android phones that monitors where users go, whom they talk to and what they write in text messages. The American authorities say it is not clear whether this represents secretive data mining for advertising purposes or a Chinese government effort to collect intelligence. International customers and users of disposable or prepaid phones are the people most affected by the software. But the scope is unclear. The Chinese company that wrote the software, Shanghai Adups Technology Company, says its code runs on more than 700 million phones, cars and other smart devices. One American phone manufacturer, BLU Products, said that 120,000 of its phones had been affected and that it had updated the software to eliminate the feature. Kryptowire, the security firm that discovered the vulnerability, said the Adups software transmitted the full contents of text messages, contact lists, call logs, location information and other data to a Chinese server. The code comes preinstalled on phones and the surveillance is not disclosed to users, said Tom Karygiannis, a vice president of Kryptowire, which is based in Fairfax, Va. “Even if you wanted to, you wouldn’t have known about it,” he said. Security experts frequently discover vulnerabilities in consumer electronics, but this case is exceptional. It was not a bug. Rather, Adups intentionally designed the software to help a Chinese phone manufacturer monitor user behavior, according to a document that Adups provided to explain the problem to BLU executives. That version of the software was not intended for American phones, the company said. “This is a private company that made a mistake,” said Lily Lim, a lawyer in Palo Alto, Calif., who represents Adups. The episode shows how companies throughout the technology supply chain can compromise privacy, with or without the knowledge of manufacturers or customers. It also offers a look at one way that Chinese companies — and by extension the government — can monitor cellphone behavior. For many years, the Chinese government has used a variety of methods to filter and track internet use and monitor online conversations. It requires technology companies that operate in China to follow strict rules. Ms. Lim said Adups was not affiliated with the Chinese government. At the heart of the issue is a special type of software, known as firmware, that tells phones how to operate. Adups provides the code that lets companies remotely update their firmware, an important function that is largely unseen by users. Normally, when a phone manufacturer updates its firmware, it tells customers what it is doing and whether it will use any personal information. Even if that is disclosed in long legal disclosures that customers routinely ignore, it is at least disclosed. That did not happen with the Adups software, Kryptowire said. According to its website, Adups provides software to two of the largest cellphone manufacturers in the world, ZTE and Huawei. Both are based in China. Samuel Ohev­Zion, the chief executive of the Florida­based BLU Products, said: “It was obviously something that we were not aware of. We moved very quickly to correct it.” He added that Adups had assured him that all of the information taken from BLU customers had been destroyed.

rated:
MVP9596 said:   I don't fee like creating an account to read that article, but I was just looking at a recap of it.  Hopefully it doesn't affect my Oneplus.
  In Firefox, right-click the link and select "open in new private window".

rated:
kamalktk said:   
MVP9596 said:   I don't fee like creating an account to read that article, but I was just looking at a recap of it.  Hopefully it doesn't affect my Oneplus.
  In Firefox, right-click the link and select "open in new private window".

  
Why have I never heard of this before?  I feel this should be a buzzfeed lifehack.

rated:
MVP9596 said:   I don't fee like creating an account to read that article, but I was just looking at a recap of it.  Hopefully it doesn't affect my Oneplus.
  i assumed everyone can get at least 10 free articles per month on nytimes.com. i get the edu discount to $1/week online version.

rated:
https://www.engadget.com/2016/11/15/blu-smartphones-security-bre...
in engadget. also, i was a little surprised i didn't see this on engadget nor the verge nor android central this morning.

rated:
For your techies, here's more detail:

https://krebsonsecurity.com/2016/11/chinese-iot-firm-siphoned-te...

The firmware maker, ADUP, actually adverstised such things as "Device data mining", "mobile advertising", and "app push" according to web cache from 2015.

  • Quick Reply:  Have something quick to contribute? Just reply below and you're done! hide Quick Reply
     
    Click here for full-featured reply.


Disclaimer: By providing links to other sites, FatWallet.com does not guarantee, approve or endorse the information or products available at these sites, nor does a link indicate any association with or endorsement by the linked site to FatWallet.com.

Thanks for visiting FatWallet.com. Join for free to remove this ad.

While FatWallet makes every effort to post correct information, offers are subject to change without notice.
Some exclusions may apply based upon merchant policies.
© 1999-2016