Nearly three million Android handsets are vulnerable to attacks that could secretly install malware

Nearly three million Android handsets are vulnerable to attacks that could secretly install malware
According to a report published today, nearly three million Android handsets are vulnerable to man-in-the middle-attacks that could turn over full control of the handsets to hackers. The affected phones are currently residing in various regions of the world with the U.S. the number one location. The attack hits at root level and sends device information and more to a server in China, and to two domain names that were hard-wired into the affected handset's firmware.

Security firm BitSight Technologies registered the two domain names and control them. Since taking over these two domain names, 2.8 million devices have used it to try to connect to find software that can be used with with phones that have been rooted. In other words, the vulnerability could allow the installation of malware on affected handsets, without the phone's owner ever knowing. The malware, installed as apps, could track keystrokes, bug calls, and more.

This news comes on the heels of a report in the New York Times that said certain software from a Chinese company named Shanghai Adups Technology, became a back door on certain Android devices. Servers in China reportedly received information from these handsets including location data, texts, and the calls made on each phone.

Phones manufactured by ZTE, Huawei and BLU were mentioned in the Times report as having the so-called Adups software installed. Both ZTE and Huawei reached out to us with official statements. ZTE said that none of its U.S. devices contained the software, and Huawei said that it never did any business with the company. For its part, BLU CEO Samuel Ohev-Zion told the New York Times that the company had no knowledge of the Adups software. He also said that the software is not on any BLU handset currently in its lineup. The vulnerability discovered by BitSight has nothing to do with the Adups software.

According to BitSight, 55 known Android models tried to send data to the two sink holes that it owns. Of the 55 models, 26% were manufactured by BLU. Infinix was next with 11%, and Doogee was third with 8%. 47% of the phones did not give information that could pinpoint the manufacturer. The devices connecting to the domains came from different sectors including government, healthcare and banking.

Of the manufacturers whose phones appear to be involved, only Miami's BLU has promised to issue an update to get rid of this flaw. BitSight wasn't sure if the update would be installed automatically, or if it had to be manually downloaded. The security firm said that BLU did not respond to calls seeking comment. BitSight purchased a BLU Studio G from a Best Buy store, and discovered that it sent to the server in China information pertaining to the device itself; that included the unique IMEI number that identifies the phone.

The Depart of Homeland Security issued a CERT advisory about the vulnerability, listing three hosts that the affected phones are trying to communicate with. Note that the first one listed is the server in China, while the other two are the sink holes owned by BitSigtht. The warning listed the Android phones affected, which are:

  • BLU Studio G
  • BLU Studio G Plus
  • BLU Studio 6.0 HD
  • BLU Studio X
  • BLU Studio X Plus
  • BLU Studio C HD
  • Infinix Hot X507
  • Infinix Hot 2 X510
  • Infinix Zero X506
  • Infinix Zero 2 X509
  • DOOGEE Voyager 2 DG310
  • LEAGOO Lead 5
  • LEAGOO Lead 6
  • LEAGOO Lead 3i
  • LEAGOO Lead 2S
  • LEAGOO Alfa 6
  • IKU Colorful K45i
  • Beeline Pro 2
  • XOLO Cube 5.0

source: BitSight, CERT  via arstechnica

FEATURED VIDEO

32 Comments

1. kiko007

Posts: 7493; Member since: Feb 17, 2016

Wow......

10. Mxyzptlk unregistered

Android and security aren't mixable apparently.

12. sukrith2194 unregistered

Well one can't access data from the device when it's locked though that's a plus!

25. sgodsell

Posts: 7365; Member since: Mar 16, 2013

The vast majority of these phones are Android 4.4.2 or the first version of lollypop 5.0. Not even 5.1. This is the problem with OEMs not updating or maintaining their software. BLU, Infinix, and Leagoo are some of the worst. You buy it with what ever OS it comes with, and that is it. The same is true for the rest of these devices in particular.

26. sgodsell

Posts: 7365; Member since: Mar 16, 2013

Thank God this doesn't hold true for the rest of the Android OEMs.

27. Mxyzptlk unregistered

Sounds more like excuses for Android.

13. Podrick

Posts: 1285; Member since: Aug 19, 2015

You must be happy.

28. Mxyzptlk unregistered

I don't care.

34. xfire99

Posts: 1205; Member since: Mar 14, 2012

LOL? Obvious you does since you bothers to comments or else you are just a hypocrite.

33. NoToFanboys

Posts: 3231; Member since: Oct 03, 2015

Congratulation! You just received your Mxy lame 12 year old response!

16. NoToFanboys

Posts: 3231; Member since: Oct 03, 2015

When iOS has a vulnerability: nothing is secure. When Android has a vulnerability: Android security is crap.

22. LanjaKodaka

Posts: 219; Member since: Sep 27, 2016

Well said bro

29. Mxyzptlk unregistered

Another well constructed comment from the guy who continues to show that he doesn't know what he is talking about.

32. NoToFanboys

Posts: 3231; Member since: Oct 03, 2015

"the guy who continues to show that he doesn't know what he is talking about." Man, for 72638th time, stop talking about yourself.

20. j2001m

Posts: 3061; Member since: Apr 28, 2014

I can easy get into your iPhone if I had it in my hand, it's easy hacked if you have not turn something off, hahahahahah

2. DeusExCellula

Posts: 1390; Member since: Oct 05, 2014

I feel like this happens every other day...

3. joey_sfb

Posts: 6794; Member since: Mar 29, 2012

That's why Android phone = Windows PC need constant vigilant. A day may come that we may eventually need anti malware and rootkits detector on every phone.

36. joey_sfb

Posts: 6794; Member since: Mar 29, 2012

4. cmdacos

Posts: 4201; Member since: Nov 01, 2016

With billions of Android devices out there, there is little to worry about. Especially as most of the affected models have never been heard of.

5. phonehome

Posts: 812; Member since: Dec 19, 2014

I try not to buy anything made overseas. Know there isn't much of a choice right now (notably with smartphones), but hopefully President Trump can and will change that. America first.

6. combatmedic870

Posts: 984; Member since: Sep 02, 2015

99 percent of phones are made overseas

15. piyath

Posts: 2445; Member since: Mar 23, 2012

Apple is made in USA. It has all the USA tech and security in it.

17. Pattyface

Posts: 1658; Member since: Aug 20, 2014

Apple isnt made in the US.. its imagined in the US and built in china

19. DeusExCellula

Posts: 1390; Member since: Oct 05, 2014

8. hemedans

Posts: 755; Member since: Jun 01, 2013

one word mediatek, all mediatek soc allow apps to gain root access and change to system app then install all kind of malware.

9. piyath

Posts: 2445; Member since: Mar 23, 2012

WOW! Welcome to android.....lol

21. VZWuser76

Posts: 4974; Member since: Mar 04, 2010

Welcome to technology.

11. Podrick

Posts: 1285; Member since: Aug 19, 2015

Read the title as three billion by mistake for a moment. That scared me.

14. NarutoKage14

Posts: 1324; Member since: Aug 31, 2016

Which is why I stay away from products by Chinese based companies. Lots of them are partially owned by the government. Not much I can do about the country I live in spying on me but I don't want others to do it too.

18. thunderc8

Posts: 98; Member since: Dec 15, 2014

oh no somebody please help us disaster is coming to android haha. this is ridiculous we are talking about Chinese phones that are designed for Chinese pockets and minds there's nothing to worry about because of you have shine intellect in you, you wouldn't own any of the hand phones above.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.