Android smartphones in US sending personal data to China: Report

These devices were available through major US-based online retailers like Amazon and BestBuy and included popular smartphones such as BLU R1 HD devices, Kryptowire said in a statement.

Indo-Asian News Service
Washington, Publish Date: Nov 16 2016 3:52PM | Updated Date: Nov 16 2016 3:52PM
Android smartphones in US sending personal data to China: ReportRepresentational Image

US security firm Kryptowire has identified Android smartphones with a "backdoor" software in the country that collected sensitive personal data and transmitted this data to third-party servers in China without disclosure or the users' consent.

These devices were available through major US-based online retailers like Amazon and BestBuy and included popular smartphones such as BLU R1 HD devices, Kryptowire said in a statement.
 
"The core of the monitoring activities took place using a commercial Firmware Over The Air (FOTA) update software system that was shipped with the Android devices we tested and were managed by Shanghai Adups Technology Co. Ltd," Kryptowire said.
 
These devices actively transmitted user and device information including text messages, contact lists, call history with full telephone numbers, unique device identifiers including the International Mobile Subscriber Identity (IMSI) and the International Mobile Equipment Identity (IMEI).
 
Adups claims to have a worldwide presence with over 700 million active users, and a market share exceeding 70 per cent across over 150 countries and regions with offices in Shanghai, Shenzhen, Beijing, Tokyo, New Delhi and Miami.
 
"The Adups website also stated that it produces firmware that is integrated in more than 400 leading mobile operators, semiconductor vendors, and device manufacturers spanning from wearable and mobile devices to cars and televisions," the Kryptowire statement late on Tuesday read.
 
Later, a lawyer for Shanghai AdUps Technologies told The New York Times that the data was not being collected for the Chinese government, stating: "This is a private company that made a mistake."
 
A BLU spokesperson told technology website Ars Technica that the software backdoor affected a "limited number of BLU devices" and that the "affected application has since been self-updated and the functionality verified to be no longer collecting or sending this information". 
 
The firmware that shipped with the mobile devices and subsequent updates allowed for the remote installation of applications without the users' consent and, in some versions of the software, the transmission of fine-grained device location information, the Kryptowire statement said.
 
The firmware also collected and transmitted information about the use of applications installed on the monitored device, bypassed the Android permission model, executed remote commands with escalated (system) privileges, and was able to remotely reprogramme the devices.
 
"Our findings are based on both code and network analysis of the firmware. The user and device information was collected automatically and transmitted periodically without the users' consent or knowledge,a the global security firm noted.
 
The collected information was encrypted with multiple layers of encryption and then transmitted over secure web protocols to a server located in Shanghai.
 
This software and behaviour bypasses the detection of mobile anti-virus tools because they assume that software that ships with the device is not malware and thus, it is white-listed.
 
"We analysed the Personally Identifiable Information (PII) collected and transmitted in an encrypted format to servers in Shanghai, including one of the bestselling unlocked smartphones sold by major online retailers," Kryptowire added.
 
Kryptowire was jump-started by the US Defense Advanced Research Projects Agency (DARPA) and the Department of Homeland Security (DHS).

Latest News

  1. Video: Brave Sikh cop saves Muslim youth from angry mob outside temple in Uttarakhand
  2. Video: Brave Sikh cop saves Muslim youth from angry mob outside temple in Uttarakhand
  1. Police asked to investigate Hajin killing on fast-track basis: Naeem Akhtar
  2. Police asked to investigate Hajin killing on fast-track basis: Naeem Akhtar
  1. Srinagar family seeks help to trace missing elderly woman
  2. Srinagar family seeks help to trace missing elderly woman
  1. Pakistan warns of dangerous situation over water issues with India
  2. Pakistan warns of dangerous situation over water issues with India
  1. Khajuraho hottest place in India at 47.5 degrees
  2. Khajuraho hottest place in India at 47.5 degrees
  1. SSB announces change in test venues for teacher posts
  2. SSB announces change in test venues for teacher posts
  1. Want international support to press for Rohingyas' return: Hasina
  2. Want international support to press for Rohingyas' return: Hasina
  1. Major Gogoi to face Court of Inquiry
  2. Major Gogoi to face Court of Inquiry
  1. Muslim labourer thrashed for failing to name PM Modi, West Bengal Chief Minister
  2. Muslim labourer thrashed for failing to name PM Modi, West Bengal Chief Minister
  1. Karnataka CM Kumaraswamy wins floor test
  2. Karnataka CM Kumaraswamy wins floor test
  1. Hasina hopes India, Bangladesh will resolve disputes amicably
  2. Hasina hopes India, Bangladesh will resolve disputes amicably
  1. Mirwaiz blames deployment of forces for tension, agitation outside Jamia Masjid
  2. Mirwaiz blames deployment of forces for tension, agitation outside Jamia Masjid
  1. Car bomb kills six in Libya's Benghazi
  2. Car bomb kills six in Libya's Benghazi
  1. Army chief hints at extending Ramadhan ceasefire in Kashmir
  2. Army chief hints at extending Ramadhan ceasefire in Kashmir
  1. Dozens injured in Downtown Srinagar clashes
  2. Dozens injured in Downtown Srinagar clashes
  1. South Kashmir: Army's sniffer dog killed in Kulgam grenade blast
  2. South Kashmir: Army's sniffer dog killed in Kulgam grenade blast
  1. Exemplary punishment for Major Leetul Gogoi if found guilty: Army chief
  2. Exemplary punishment for Major Leetul Gogoi if found guilty: Army chief
  1. Police foil rifle-snatching bid by militants in south Kashmir; area cordoned off
  2. Police foil rifle-snatching bid by militants in south Kashmir; area cordoned off
  1. 2 Palestinians wounded in Gaza border clashes die
  2. 2 Palestinians wounded in Gaza border clashes die
  1. Omar Abdullah releases Rs 1.30 lakh rupees to help Kawoosa girl’s father build house
  2. Omar Abdullah releases Rs 1.30 lakh rupees to help Kawoosa girl’s father build house
  1. Special NIA court convicts five IM militants in Bodh Gaya serial blasts case
  2. Special NIA court convicts five IM militants in Bodh Gaya serial blasts case
  1. Gadkari advocates bringing fuel under GST
  2. Gadkari advocates bringing fuel under GST
  1. 15 injured in Canada Indian restaurant IED blast
  2. 15 injured in Canada Indian restaurant IED blast
  1. Train service suspended on Srinagar-Banihal route after protests
  2. Train service suspended on Srinagar-Banihal route after protests
  1. Four injured in Jammu grenade attack
  2. Four injured in Jammu grenade attack
  1. Five killed, eight injured in Jammu road accident
  2. Five killed, eight injured in Jammu road accident
  1. Missing Hajin youth joins militant ranks, gun-wielding picture surfaces on social media
  2. Missing Hajin youth joins militant ranks, gun-wielding picture surfaces on social media
  1. Man found dead with his throat slit in Hajin in north Kashmir
  2. Man found dead with his throat slit in Hajin in north Kashmir