Chinese-Authored Spyware Found on More Than 700 Million Android Phones
More than 700 million Android smartphones, some of which were used in the U.S., carried hidden software that enabled surveillance by tracking user’s movements and communications, a Virginia-based team of security researchers found.
The firmware, discovered by Kryptowire, was reportedly authored by Chinese startup Shanghai Adups Technology Company. It was largely discovered on disposable and prepaid phones made overseas. An undisclosed Chinese manufacturing company is believed to have paid for Adups’ work.
The malicious software was so well hidden that it was nearly impossible to detect, researchers told CyberScoop. It remains unclear whether this backdoor was designed to siphon data as part of an espionage operation or if the perpetrators wanted to indiscriminately collect bulk data for business-related purposes.
“The traffic was encrypted multiple times and the servers that were being used were also part of the firmware checking and updating process,” said Kryptowire Vice President Tom Karygiannis.
“Even if an average user was able to notice the traffic, he/she would not be able to understand what this traffic was about. Given that this same domain was used for firmware updates, it is highly unlikely that the users or an internet provider for that matter, would have recognized the traffic as [personal identifiable information] transmission because it was camouflaged as part of the firmware updating/checking process,” Karygiannis told CyberScoop.
The researchers discovered that Adups’ firmware transmitted data packets to a Chinese server every 72 hours. These packets contained user’s call logs, text messages, contact lists, GPS location and other data.
Though flaws in software are commonly exploited to exfiltrate private information, that isn’t what happened between Adups and BLU. Instead, it appears that a backdoor was purposefully installed without the knowledge of retailers or the customers eventually relying on those devices.
“Intentional or not, these hidden backdoors can be dangerous as adversaries can become aware of their existence and use them to intercept traffic or disable a communications system in a way that firewall and intrusion detection systems aren’t able to detect,” said Kevin Kelly, CEO of supply chain cybersecurity firm LGS Innovations.