Nearly three million Android handsets are vulnerable to attacks that could secretly install malware
Security firm BitSight Technologies registered the two domain names and control them. Since taking over these two domain names, 2.8 million devices have used it to try to connect to find software that can be used with with phones that have been rooted. In other words, the vulnerability could allow the installation of malware on affected handsets, without the phone's owner ever knowing. The malware, installed as apps, could track keystrokes, bug calls, and more.
This news comes on the heels of a report in the New York Times that said certain software from a Chinese company named Shanghai Adups Technology, became a back door on certain Android devices. Servers in China reportedly received information from these handsets including location data, texts, and the calls made on each phone.
Phones manufactured by ZTE, Huawei and BLU were mentioned in the Times report as having the so-called Adups software installed. Both ZTE and Huawei reached out to us with official statements. ZTE said that none of its U.S. devices contained the software, and Huawei said that it never did any business with the company. For its part, BLU CEO Samuel Ohev-Zion told the New York Times that the company had no knowledge of the Adups software. He also said that the software is not on any BLU handset currently in its lineup. The vulnerability discovered by BitSight has nothing to do with the Adups software.
According to BitSight, 55 known Android models tried to send data to the two sink holes that it owns. Of the 55 models, 26% were manufactured by BLU. Infinix was next with 11%, and Doogee was third with 8%. 47% of the phones did not give information that could pinpoint the manufacturer. The devices connecting to the domains came from different sectors including government, healthcare and banking.
Of the manufacturers whose phones appear to be involved, only Miami's BLU has promised to issue an update to get rid of this flaw. BitSight wasn't sure if the update would be installed automatically, or if it had to be manually downloaded. The security firm said that BLU did not respond to calls seeking comment. BitSight purchased a BLU Studio G from a Best Buy store, and discovered that it sent to the server in China information pertaining to the device itself; that included the unique IMEI number that identifies the phone.
The Depart of Homeland Security issued a CERT advisory about the vulnerability, listing three hosts that the affected phones are trying to communicate with. Note that the first one listed is the server in China, while the other two are the sink holes owned by BitSigtht. The warning listed the Android phones affected, which are:
- BLU Studio G
- BLU Studio G Plus
- BLU Studio 6.0 HD
- BLU Studio X
- BLU Studio X Plus
- BLU Studio C HD
- Infinix Hot X507
- Infinix Hot 2 X510
- Infinix Zero X506
- Infinix Zero 2 X509
- DOOGEE Voyager 2 DG310
- LEAGOO Lead 5
- LEAGOO Lead 6
- LEAGOO Lead 3i
- LEAGOO Lead 2S
- LEAGOO Alfa 6
- IKU Colorful K45i
- Beeline Pro 2
- XOLO Cube 5.0
source: BitSight, CERT via arstechnica
Posts: 7523; Member since: Feb 17, 2016
posted on Nov 18, 2016, 9:00 PM 3
posted on Nov 18, 2016, 11:51 PM 4
Posts: 7613; Member since: Mar 16, 2013
posted on Nov 19, 2016, 11:23 AM 1
Posts: 6794; Member since: Mar 29, 2012
posted on Nov 18, 2016, 9:58 PM 3
Posts: 6794; Member since: Mar 29, 2012
posted on Nov 20, 2016, 11:26 PM 0
Posts: 812; Member since: Dec 19, 2014
posted on Nov 18, 2016, 10:17 PM 1
Posts: 987; Member since: Sep 02, 2015
posted on Nov 18, 2016, 10:20 PM 6
Posts: 1390; Member since: Oct 05, 2014
posted on Nov 19, 2016, 8:11 AM 1
Posts: 1354; Member since: Aug 31, 2016
posted on Nov 19, 2016, 12:53 AM 5
Posts: 98; Member since: Dec 15, 2014
posted on Nov 19, 2016, 7:57 AM 0
PhoneArena Comments Rules
A discussion is a place, where people can voice their opinion, no matter if it is positive, neutral or negative. However, when posting, one must stay true to the topic, and not just share some random thoughts, which are not directly related to the matter.
Things that are NOT allowed:
- Off-topic talk - you must stick to the subject of discussion
- Trolling - see a description
- Flame wars
- Offensive, hate speech - if you want to say something, say it politely
- Spam/Advertisements - these posts are deleted
- Multiple accounts - one person can have only one account
- Impersonations and offensive nicknames - these accounts get banned
Moderation is done by humans. We try to be as objective as possible and moderate with zero bias. If you think a post should be moderated - please, report it.
Have a question about the rules or why you have been moderated/limited/banned? Please, contact us.
Send a warning to post author
Send a warning to Selected user.
The user has 0 warnings currently.
Next warning will result in ban!
Ban user and delete all posts
Message to PhoneArena moderator (optional):