Chinese Backdoor Still Active on Many Android Devices (bleepingcomputer.com) 30
Catalin Cimpanu, writing for BleepingComputer: Many Android users may still have a backdoor on their device, according to new revelations made today by the Malwarebytes' mobile security research team. Their discovery is related to the Adups case from last year. Back in mid-November 2016, US cyber-security firm Kryptowire revealed it discovered that firmware code created by a Chinese company called Adups was collecting vasts amount of user information and sending it to servers located in China. According to Kryptowire, the backdoor code was collecting SMS messages, call history, address books, app lists, phone hardware identifiers, but it was also capable of installing new apps or updating existing ones. The backdoor was hidden inside a built-in and unremovable app named com.adups.fota, the component responsible for the phone's firmware-over-the-air update (FOTA) system.
Re: (Score:2)
OTOH I don't have a Chinese backdoor on my phone and saved $1000 on a phone that has more RAM than an iPhone X, and can take an SD card or dual SIM....
Re: (Score:1)
The FCC or some Consumer mob should put in a defect and RECALL on all affected phones, and ban all future imports because they are intrusive - the EU should also step on board.
A specific RECALL will be effective in shutting down imports. Put a block on the IMEI's is another suggestion.
Why care about Chinese when you have Google? (Score:2, Insightful)
To me it seems a little silly to care about any Chinese backdoors when Google is already sucking everything you do off the phone anyway.
It's like having a bunch of horses, building a barn with no doors or roof or walls (think Les Nessman Tape Barn) and then worrying about them getting out. Hint: they are already out.
Re: (Score:2)
I don't worry about Google stealing my identity, though. On the other hand, a backdoor could be abused by malware authors - even if the company that built it isn't doing anything too horrible.
A quick look over the article didn't seem to name phones or brands, but this is one of the reasons I stick to Google's Nexus / Pixel devices. I am hoping that they do a good job of keeping third party stuff off their phones. 'Better the devil you know' and all that sort of stuff.
Re: (Score:1)
It must be terrible to want him, and know that you can never have him.
Re: (Score:3)
To me it seems a little silly to care about any Chinese backdoors when Google is already sucking everything you do off the phone anyway.
Can't tell anymore if this was intended to be a joke or you're being serious.
It's like having a bunch of horses, building a barn with no doors or roof or walls (think Les Nessman Tape Barn) and then worrying about them getting out. Hint: they are already out.
Or a drive by shooting. Once one has been shot at once - second time is no big deal.
Re: Amazon Tablets are Android... (Score:1)
Creimer spam. Mod down. Please report him to Amazon for spamming forums. You can get his affiliate ID from the links he posts.
Most android devices still haven't patched KRACK (Score:1)
If your patch level isn't at least Nov 6, 2017, then you're still vulnerable to KRACK. Source: Android Security Bulletin -- November 2017 [android.com]
If you're using an Android device with KRACK vuln on a wireless network, then you're compromising everyone on the network, and you deserve to have your device bricked.
re (Score:1)
Android Never Heard of Sandboxing? (Score:1)
This would NEVER happen on iOS. Apps MUST ask (and get) Permission to access data outside of the App's directory. ...And NOT just at Installation-Time; but when they actually want to DO it!
https://support.apple.com/en-u... [apple.com]
Re: (Score:1)
This is not about an app, it is about a built in tool that was intended to be the "component responsible for the phone's firmware-over-the-air update".
Pretty sure an iOS user wouldn't be able to remove permissions for the OS updating tools either. Tho you may be able to decide not to accept an OS update.
Re: (Score:2)