Security researchers have discovered pre-installed software in some Android phones that monitors their users’ whereabouts, calls, and text messages, and sends the data back to China once every 72 hours over Wi-Fi. As of now, American officials are unsure whether the data is being mined for use by advertisers or Chinese intelligence agencies.
Kryptowire, the cybersecurity firm that discovered the software, has reported that it takes sensitive user data, which includes the full contents of text messages, encrypts it, and transmits the information back to a Chinese server “without disclosure or the users’ consent.” Kryptowire also noted that the backdoor allows for remote installation of applications on users’ device without their knowledge.
The software was developed by Shanghai Adups Technology Company, which stated that the code was installed in more than 700 million devices, ranging from smartphones to cars. While Adups has admitted to intentionally developing the software, it claims that it was not meant for US smartphones, according to The New York Times. Instead, Adups claims that the software was developed for an unnamed Chinese phone manufacturer to help it identify junk texts and calls.
While it is known that major Chinese manufacturers such as ZTE and Huawei use the software, Adups has refused to disclose the full list of manufacturers who have bought it. One of the affected U.S. manufacturers, BLU Products, stated that 120,000 of its phones had been affected, and that the vulnerability was subsequently patched when they were made aware of it.
Whether or not Adups intended to distribute the software to millions of devices worldwide, the episode demonstrates the complexity of the global technology supply chain and highlights how easily user privacy can be compromised without detection.
Want a FREE iPhone 7? Click here to enter our monthly contest for a chance!
Follow us on Apple News by pressing the (+) button at the top of our channel
from http://ift.tt/2fG0ybn
via IFTTT
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.