Such as we mentioned yesterday, ερευνητές ασφαλείας από την Kryptowire ανακάλυψαν ένα backdoor στο firmware πολλών smartphones Android που πωλούνται στις ΗΠΑ. Το backdoor συγκεντρώνει κρυφά πληροφορίες από τους κατόχους κινητών και τις αποστέλλει σε έναν διακομιστή στην China.
According to Kryptowire, the server belongs to a company called Shanghai Adups Technology Co. Ltd, η οποία κατασκευάζει και πωλεί ένα σύστημα ενημέρωσης software FOTA (Firmware Over The Air) used by many manufacturers in their devices.
This malicious update system of Android devices, FOTA behaves just like any backdoor trojan. It communicates with the server of the Chinese company asking for instructions and based on the commands received, it can perform multiple functions, which are described below:
- Collect and send SMS text messages to the Chinese server every 72 hours
- It collects and sends call log information to the Chinese server every 72 hours
- Collects and sends the user personally identifiable information to the Chinese server every 24 hours
- Collects and sends IMSI and IMEI on the phone
- Collects and sends geo-location information
- Collects and sends a list of applications installed on the user's device
- It downloads and installs applications without the user's consent or knowledge
- Updates or deletes applications
- Updates the phone firmware and reprograms the device
- It performs remote commands with increased management rights on the user's device
How can you protect yourself:
Check your device (you'll need root privileges) and look for the following two system apps:
com.adups.fota.sysoper com.adups.fota
If you find the packages you can delete them using an application that allows you to delete system packages. One of these is Jumobile's System App Remover.
Adups reports on her website that her firmware is running over 700 million Android devices. The company does not clear whether all these devices run the FOTA update system.
We thank our friend Stavros Anagnostopoulos for the information he gave us.
Update: Removing the above packages will disable control over software updates. Proceed only if you are not interested.