Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
China Android Google Privacy Security The Internet

Chinese Backdoor Still Active on Many Android Devices (bleepingcomputer.com) 30

Catalin Cimpanu, writing for BleepingComputer: Many Android users may still have a backdoor on their device, according to new revelations made today by the Malwarebytes' mobile security research team. Their discovery is related to the Adups case from last year. Back in mid-November 2016, US cyber-security firm Kryptowire revealed it discovered that firmware code created by a Chinese company called Adups was collecting vasts amount of user information and sending it to servers located in China. According to Kryptowire, the backdoor code was collecting SMS messages, call history, address books, app lists, phone hardware identifiers, but it was also capable of installing new apps or updating existing ones. The backdoor was hidden inside a built-in and unremovable app named com.adups.fota, the component responsible for the phone's firmware-over-the-air update (FOTA) system.
This discussion has been archived. No new comments can be posted.

Chinese Backdoor Still Active on Many Android Devices

Comments Filter:
  • To me it seems a little silly to care about any Chinese backdoors when Google is already sucking everything you do off the phone anyway.

    It's like having a bunch of horses, building a barn with no doors or roof or walls (think Les Nessman Tape Barn) and then worrying about them getting out. Hint: they are already out.

    • I don't worry about Google stealing my identity, though. On the other hand, a backdoor could be abused by malware authors - even if the company that built it isn't doing anything too horrible.

      A quick look over the article didn't seem to name phones or brands, but this is one of the reasons I stick to Google's Nexus / Pixel devices. I am hoping that they do a good job of keeping third party stuff off their phones. 'Better the devil you know' and all that sort of stuff.

    • To me it seems a little silly to care about any Chinese backdoors when Google is already sucking everything you do off the phone anyway.

      Can't tell anymore if this was intended to be a joke or you're being serious.

      It's like having a bunch of horses, building a barn with no doors or roof or walls (think Les Nessman Tape Barn) and then worrying about them getting out. Hint: they are already out.

      Or a drive by shooting. Once one has been shot at once - second time is no big deal.

  • If your patch level isn't at least Nov 6, 2017, then you're still vulnerable to KRACK. Source: Android Security Bulletin -- November 2017 [android.com]

    If you're using an Android device with KRACK vuln on a wireless network, then you're compromising everyone on the network, and you deserve to have your device bricked.

  • I think that most software has a backdoor but specially left
  • This would NEVER happen on iOS. Apps MUST ask (and get) Permission to access data outside of the App's directory. ...And NOT just at Installation-Time; but when they actually want to DO it!

    https://support.apple.com/en-u... [apple.com]

    • by Anonymous Coward

      This is not about an app, it is about a built in tool that was intended to be the "component responsible for the phone's firmware-over-the-air update".
      Pretty sure an iOS user wouldn't be able to remove permissions for the OS updating tools either. Tho you may be able to decide not to accept an OS update.

  • In a related story, water remains wet.

    -jcr

To be a kind of moral Unix, he touched the hem of Nature's shift. -- Shelley

Working...