Researchers from Kryptowire gave their speech at Black Hat USA 2017 on Wednesday, July 26th entitled “All Your SMS & Contacts Apply to Adups & Others”. Kryptowire has a deal with the United States’ Department of Homeland Security, although their analysis on the Adups back door was irrelevant to their work for the Department of Homeland Security. The Chinese company liable for the back door is Shanghai Adups Technology. In late 2016 it was found that smartphones made by BLU were communicating the Chinese servers. At the time a lawyer based in California who was serving Adups declared that the organization had simply “made a mistake.” The CEO of BLU also declared that the problem had been fixed and that none of their machines were communicating with the Chinese servers anymore.
However, notwithstanding the requirements from Adups and BLU, the researchers at Kryptowire discovered that Adups’ software was still sending data to third party Chinese servers without the information of the user, only now the group was doing more to cover what it was doing. Kryptowire researchers said that they had observed three separate smart phones which were still writing with a command and control server in China that is engaged by Adups. Ryan Johnson of Kryptowire told News that Adups’ back doors were compensated “with nicer versions,” and stated that he had “taken the network traffic of them doing the command and control channel when they did it.” The Adups back door enabled the business to run commands, install and delete apps, take screenshots, record calls, and texts, and even wipe the machine all without permission from the user. It would further send device identifiers such as the MAC address, IMSI, IMEI, and the serial number. It could track a user’s position through knowledge obtained by local cell phone towers.
During their research, Kryptowire examined the firmware of over twenty cheap smartphones. All of the things they studied were vulnerable and received a MediaTek chipset. The MediaTek chipset ships with an administration called MTKLogger. These devices were vulnerable to becoming browser history and GPS location spied on. Like Adups, MediaTek announced late last year that they had decided this issue, however, Kryptowire found that the BLU Advance 5.0 was being sold with MTKLogger still connected. BLU Advance 5.0 also seems to be the third most popular smartphone available on Amazon. It does not allow for users to update the firmware.
Take your time to comment on this article.
