Smartphone Secretly Sends Private Data to China

This is pretty amazing:

International customers and users of disposable or prepaid phones are the people most affected by the software. But the scope is unclear. The Chinese company that wrote the software, Shanghai Adups Technology Company, says its code runs on more than 700 million phones, cars and other smart devices. One American phone manufacturer, BLU Products, said that 120,000 of its phones had been affected and that it had updated the software to eliminate the feature.

Kryptowire, the security firm that discovered the vulnerability, said the Adups software transmitted the full contents of text messages, contact lists, call logs, location information and other data to a Chinese server.

On one hand, the phone secretly sends private user data to China. On the other hand, it only costs $50.

Posted on November 18, 2016 at 2:22 PM • 35 Comments

Comments

Bubba MustafaNovember 18, 2016 2:50 PM

pre-paid burner phones *really* offering up a lot of high quality info/data? Criminals not doing banking and poor people with nothing to steal.

The value of the data is akin to collecting spam.

pfhNovember 18, 2016 2:59 PM

Industrial espionage and gay hookups (or straight extramarital hookups) alone would be enough reason to watch burner phones. I'm sure we all could think of how to search for that information in the giant mess of data.

Clive RobinsonNovember 18, 2016 3:45 PM

From what I've read in several places the real cause of the problem is that all the phones concerned are in effect "off the peg" designs.

If you want to get a phone on the market with minimal effort and low cost you end up buying not just the silicon but the software as well with malware thrown in for the cheap price...

Based on some figures it looks like the silicon manufacturer is actually selling at cost or below. So is in effect "dumping" and thus presumably making profit some other way...

GarfieldNovember 18, 2016 5:19 PM

Pre-installed malware at the request of the Chinese government, according to a statement from Adups. These phones were never intended to be distributed to markets outside of China.

The malware also has root access which means it can install additional software on the phone remotely. It can also delete software to cover it tracks.

I'm sure Huawei and ZTE aren't too happy being caught red handed with pre-installed spyware on their phones. It kind of makes life difficult for them with regulators and customers in markets outside of China.

No doubt China's newly passed cyber security law will make forcing backdoors into products and services under Chinese jurisdiction all the more easy.

Hegemony at all cost.

http://www.theregister.co.uk/2016/11/15/android_phoning_home_to_china/

ab praeceptisNovember 18, 2016 5:34 PM

Garfield

Could we stop the China bashing and just for a change use our brains?

- China has become a major player in the field because us-americans greedy corps outsourced massively to increase their profit.

- Nobody forces the corps to blindly grab whatever in China and to sell it without so much as a closer look elsewhere.

- It's the greed of those corps that makes them avoid what a reasonable company would do, namely to check the products and to put their own software on the chinese hardware.

- ios, android and all that crap wasn't invented in nor pushed by China.

So, when a us-american or a french or whatever western company ultra-cheaply buys in China and ignoring any reasonable caution and process just pumps that stuff into a western market then that's the fault of China? I don't think so.

Darryl DaughertyNovember 18, 2016 5:49 PM

Taking "off the peg" as the point of concern, I'd be more worried about the firmware in storage devices. Free state-sponsored malware with every USB stick... The mind boggles at the possibilities.

Ross SniderNovember 18, 2016 6:33 PM

This is newsworthy because it isn't secretly sending information to the United States government?

National Security: Certify Software Hardware - Limit TOSNovember 18, 2016 6:35 PM

62% of discriminating Americans get their bogus news from social media. Even President Obama commented on this embarrsing issue.

Based upon this level of sheer stupidity, how many of the 22 million OPM background dossier/top-secret clearance holders have purchased Vizio products from Costco??
Has Truthful-Clapper asked under contract Palantir to run this query?

LeEco is buying Vizio (the plan all-along ?)
“Data-miner LeEco may share information with our Affiliates, partners, or vendors that help us provide LeEco Services, including to process payments, analyze data, provide customer service, and help LeEco market and advertise to you. These third parties may be located ANYWHERE IN THE WORLD, including outside of your country of residence."
http://www.leeco.com/us/privacy-policy/

Plaintiffs say that Vizio TVs are too nosy already, but the issue could go cloak and dagger as LeEco purchases the U.S. company.
http://www.hollywoodreporter.com/thr-esq/leeco-purchase-vizio-privacy-lawsuit-920387

National Security: Certify Software and Hardware
With hundreds of these long-ignored gross security leaks, its little wonder Team Trump has kept American Intelligence in-the-dark. Hopefully we can drop who can use what bathrooms and certify all foreign communication software and hardware. IFurther we must restrict intrusive 168 pages of Terms-of-Service where naive citizens give-up their constitutional rights. Can America regain its common sense?

ThothNovember 18, 2016 6:44 PM

WHICH PHONE does NOT send/leak data back "home". Even Samsung and Apple does.

I can't think of any model that proofs in concrete manner it can be trusted.

Clive RobinsonNovember 19, 2016 12:31 AM

@ Darryl Daugherty,

Taking "off the peg" as the point of concern, I'd be more worried about the firmware in storage devices.

It happens, and is but one small part of "supply chain poisoning".

The only uncertainty involved is the real "directing mind" behind who does it and why or more correctly the excuses they give when caught.

Because most Governments like to maintain atleast a little "plausible deniability" thus use "NOC" agents/contractors not Officers etc. The thing is it's "all smoke and mirrors" an "agent" or "entity" gets very limited contact usually only via a single "handler", the bona fides of which they have no real ability to verify. Thus the handler may say they are working for Gov X where as in fact they work for Gov Y and are running a false flag operation.

LeilaNovember 19, 2016 3:28 PM

Everything we use sends data to someone! The PC, smartphones, TV's even my fridge are trying to call my mom when I don't have milk. So get used to it and stay away from hot data.

Disingenuous Much?November 19, 2016 3:40 PM

@ab praeceptis

- Nobody forces the corps to blindly grab whatever in China and to sell it without so much as a closer look elsewhere.

Disingenuous much?

Get LostNovember 19, 2016 3:48 PM

What's wrong with you guys?
How can this article be called China bashing, @ab praeceptis?
Because Americans do it illegally, the Chinese should also be entitled to do it?
Neither the Chinese, nor the Americans or anyone else has a legitimation to absolute supervision and stealing data without the consent of the owner.
Are some of you indoctrinated to the point of condoning unethical practices from one side just because the other parties does it as well?
I just can't believe these BS comments

anonymousNovember 19, 2016 4:58 PM

Related to smartphones and anything else electronic;
The PATRIOT Act (Persecuting Americans That Read I.T. Oriented Tabloids Act) violates 1st and 4th amendments of the Bill of rights; https://www.linuxjournal.com/content/nsa-linux-journal-extremist-forum-and-its-readers-get-flagged-extra-surveillance https://daserste.ndr.de/panorama/aktuell/NSA-targets-the-privacy-conscious,nsa230.html
Violating the Bill of Rights is insurrection, which is a form of treason. The death penalty is often advocated towards traitors. Rule 41 changes set for Dec.1 2016 are far more radical and militant than the human rights abuses of the PATRIOT Act.
Call your senator and leave a message asking him or her to support the "stop mass hacking act".

furloinNovember 19, 2016 8:27 PM

Did some digging and the firmware update over the air software they provide must be the culprit. It is called com.adups.fota along with its dependencies. Why is this suprising? It is difficult to securely set up such crucial access to the system securely. Also avoid hotknot in these Chinese phones. By Mediatech, hotknot phones home to china, google, and is presumably backdoored. Lets see unsecure 'smart' phones, nothing new to see here.

@thoth

"I can't think of any model that proofs in concrete manner it can be trusted."

Well until we get to see the sources to any devices modem drivers. I do not trust that any data on any smart phone with a modem is secure or not able to be siphoned off to some server somewhere. I only could find a single FOSS source for a software modem's drivers and it was for kernel, not modem firmware. It only worked with 3g. Any others I may have missed?

@all

"pre-paid burner phones *really* offering up a lot of high quality info/data? Criminals not doing banking and poor people with nothing to steal.

The value of the data is akin to collecting spam."

The scary part is this software might be in cars. They also are backdoored. This makes no sense, why backdoor them without telemetry? This makes even less sense since the modems are already clearly backdoored somehow.

HermanNovember 20, 2016 2:36 AM

It would be great if we could hack the backdoors for free online data access or document storage, or at the very least hook all the backdoors together so that the various spooks around the world could listen to each other, instead of listening to us.

Clive RobinsonNovember 20, 2016 4:13 AM

@ Furloin,

The scary part is this software might be in cars. They also are backdoored. This makes no sense, why backdoor them without telemetry?

It does make sense but not from a security standpoint.

It's roots are the same as Quality Managment and go back many decades, to the time when the Japanese started mass producing transistor radios that displaced home manufactured valve radios.

At first reliability rates were low but due to the BOM and manufacturing differential between transistors on PCBs and valves on folded metal chassis and hand soldered conponents on tag strips the profit in transistor radios was very very large. Thus shipping an extra ten or twenty percent as replacments for those that failed in warranty was a large but not significant cost, especially when many could be repaired in the home country not back in Japan, and as the valve radios had also been as unreliable there was an established repair network.

Competition in the market started to bring the price of radios down quite quickly and thus the replace cost caused a tightening of manufacturing standards which brought reliability up. However it started to kill of the home repair network. Thus repair costs started to rise, thus manufacturing standards and reliability rose. But only so far, and droping prices rapidly reduced profit, especially when warranty items had to be "shipped individually" back to a repair center. Thus the goods out shipping cost per item was a small fraction of the return for repair under warranty cost. This cost imbalance was proportional to distance, thus even a small rise in return rates could wipe out any profit.

Then in 1980 Sony started shipping the ICF2001 "synthesized" portable "Travel Radio"[1] which was the first all band Shortwave / AM / FM portable radio of it's type. Importantly it had a cmos CPU in it with embbeded software in ROM. Thus software reliability became a new and significant issue in consumer goods as other radio manufactures raced to catch up and add more features.

In time microcontrolers and their software moved into increasing numbers of Fast Moving Consumer Electronics (FMCE) and it became the new "inhibitor" in that the software took upwards of ten times the time to develop and test than the incrementally improving hardware which benifited from reduced design times due to improvments in chip manufacturing.

The drop in the cost of electrically erasable and reprogramable memory came to the rescue much as floppy disk based software did to Personal Computers.

The problem unlike the PC was how to "upgrade" non user accessable devices like mobile radios, thus Over The Air updates were developed and standardized. The assumption was that security would not be required due to the fact the "Service Provider Owned the Network"...

The rest you can probably see for yourself, but each step on the way was only seen as a way to reduce cost and increase features, security never ever, and still does not get a lookin. At best it gets lip-service via standard libraries that are not secure (see my previous comments on AES). But nobody in the marketing department cares as long as the "SSH" etc laundry list is ticked, and manufacturing want "fast" trouble free access so hard coded passwords...

Sometimes you have to examine the individual stes of a journy to realise how the current destination was arrived at. But as with all journeys way points can and do change when external events come into play. Often this is by government regulation.

[1] http://www.shortwaveradio.ch/radio-e/sony-icf2001-e.htm

My InfoNovember 20, 2016 10:38 AM

All these "cheap" goods from China come with known and unknown strings attached. The Chinese actively and aggressively collect intelligence on Americans, and we happily hand it over.

Cars: when the Mob or an enemy can hack the ABS system, and disable the brakes in a moving car at will, it's all over.

I'm getting really, really sick of all this Asian electronic and computer garbage. It's cheap, it floods the market, and you can never really trust it.

Gerard van VoorenNovember 20, 2016 10:59 AM

@ My Info,

ab praeceptis covered that pretty well in this thread. You should read it.

Clive RobinsonNovember 20, 2016 11:14 AM

@ My info,

I'm getting really, really sick of all this Asian electronic and computer garbage. It's cheap, it floods the market, and you can never really trust it.

And do you really think the likes of Intel or AMD are any better?

To be blunt they are all at it one way or another, so you need to think of ways to deal with it or become a goat herder or some such...

albertNovember 20, 2016 4:15 PM

@My Info,
If, by "the Mob", you refer to the original Mafia, then yes, they are still around, but have a lower profile then they did in the past. Why run the rackets, when payday loans offer 30% interest, banks launder drug money, and corporations avoid taxes. Might as well be legit nowadays. You can steal millions, get bailed out, and walk away rich. It's not your grand dads Mafia anymore. It's been legitimized:)

Kinda takes all the fun out of it...

. .. . .. --- ....

Bong-Smoking Primitive Monkey-Brained SpookNovember 20, 2016 7:25 PM

@albert,

It's not your grand dads Mafia anymore

Watch The Big Short and see how five trillion dollars "disappeared"!

ab praeceptisNovember 20, 2016 7:41 PM

Bong-Smoking Primitive Monkey-Brained Spook

5 trillion? Wasn't it 6.x trillion that disappeared in the pentagon?
And does that mean the pentagon is the new mob headquarters? If so: They wore nicer suits in the old days but, granted, their guns are bigger now and they are holding up whole countries.
Or did I get something wrong there?

Bong-Smoking Primitive Monkey-Brained SpookNovember 20, 2016 7:58 PM

@ab praeceptis,

5 trillion? Wasn't it 6.x trillion that disappeared in the pentagon?

Different story, ma man! This one's about the housing bubble. Worth watching.

Who?November 21, 2016 4:06 AM

Time to buy a "secure" BlackPhone with a "secure" Android flavour on it.

Mobile devices security is a joke, but it sells.

AnonNovember 21, 2016 7:12 AM

OTA updates are nice in theory, but what prevents a malicious actor using them to push malware?

I'm slightly puzzled as to why this gained wider media attention. Do people really think China WOULDN'T do this, and are surprised that they have?

Also, what's with the double-standard on spying/espionage? You buy communications equipment from a foreign source, expect shenanigans.

art guerrillaNovember 22, 2016 10:27 AM

at national security TLDR-name:
i am first in line to both excoriate the intelligence of fat, stupid, lazy merikans, AND to dismiss the relevancy of the ego-masturbatory circle-jerks known as 'social-media, most especially including farcebook, which i have only visited a time or two for family pix...
however, for the superficial, bullshit, non-news we are spoonfed, does it really matter i read a headline on farcebook that says t-rump won the election, or i read it on the front page of the new york times ? ? ?
for that level of superficial 'reporting', i can get judt as good of info from just about anywhere...
no, it is what is MISSING, what is NOT reported on that is important, and you will only find evidence of that on non-mainstream -you know, 'fake' news sites...
um, PREZACTLY WHY the powers that be want to knock them out...

Marc EspieNovember 23, 2016 8:07 AM

Well, the cynic in me thinks "oh, one stupid company that got caught red-handed".

Considering how much firmware and proprietary data there is in every smartphone, how likely do you think that other companies are doing the ethical thing ?

For me, it's more a choice of "who do you want to share your private data with ?" south korea, us, china, somewhere else ?

hopefully im just paranoid and all the reporters are wrongNovember 24, 2016 3:01 AM

Please post something wrong about the below because I really want to be wrong about at least some of it.

Regarding flashing CopperheadOS and Replicant onto Google Nexus/Google Pixel/certain Samsung Galaxy variants/the 2 or 3 other phones supporting CopperheadOS/Replicant(the only OSs for phones that don't phone-home);

New phones from Google cost over $400 up front with no option for contracts, and with all the vulnerabilities in stock browsers (newest Google Pixel's Chrome browser hacked in 90 seconds), it's not safe to assume that a used phone hasn't been infected, unless you know the seller and greatly trust his prudence.

There are known instances of the NSA infecting read-only CD's in transit, not because the sender or receiver were suspected of any crime, but simply because of them showed evidence of bring intellectual. Source; https://www.wired.com/2015/02/kapersky-discovers-equation-group/
It would be easier to do this with phones(they're writable with normal tools), and anyone buying phones that have less permanent-unremovable-backdoors than most phones have is going to look even more "suspicious" than those poor scientists. The only known permanent backdoors in Nexus/Pixel are the baseband firmware.

Still, with new Chinese phones shipping with spyware as bad as Carrier IQ, a used Nexus might be safer than a new Xiao. But no phone is reasonably safe.

Bong-Smoking Primitive Monkey-Brained SpookNovember 24, 2016 3:34 AM

@hopefully im just paranoid and all the reporters are wrong,

Please post something wrong about the below because I really want to be wrong about at least some of it.

You're not paranoid. But "the reporters" can't be all wrong and can't be all right.

Still, with new Chinese phones shipping with spyware as bad as Carrier IQ, a used Nexus might be safer than a new Xiao. But no phone is reasonably safe.

What country do you think the Nexus is manufactured in? They probably come out of the same assembly line!

Regarding the wired Kaspersky article:

Do Kaspersky's researchers say anything about their FSB, or do they fear that Alexander Bortnikov will send them on a scenic "From Russia, with love: P-210 journey" to unite with Alexander Litvinenko?

not paranoidNovember 24, 2016 10:41 PM

@Bong-Smoking Primitive Monkey-Brained Spook
Isn't the only Chinese Google Nexus the 6P from Huawei? Are any of the other Google Nexi(sp?) related to Chinese spyware OR CarrierIQ? Are the Taiwanese ones affected? I k ow they're gelogically close to China but thought that they were politically and financially separate.

I don't know if FSB sabotages Russian companies(like Kaspersky) a lot, but I know that the GCHQ and NSA sabotage Western companies a lot, even more than the FSB and PLA together sabotage Western companies.

GCHQ and NSA, under the guise of "protecting national security from all the terrorist super-hackers" have done far more damage to Western cybersecurity and to Westen freedoms and liberties/privacy than any terrorist or communist groups ever.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.