Remove the last backdoor from your Android device

Such as we mentioned yesterday, security researchers from Kryptowire have discovered a backdoor in the firmware of many Android smartphones sold in the US. The backdoor secretly gathers information from mobile owners and sends them to a server in China.

According to Kryptowire, the server belongs to a company called Shanghai Adups Technology Co. Ltd, which manufactures and sells a FOTA (Firmware Over The Air) software update system that by many manufacturers in their devices.hack

This malicious update system for Android devices, FOTA behaves just like any backdoor trojan. It communicates with the server of the Chinese company requesting instructions and based on the received ones , can perform multiple functions, described below:

  • Collect and send SMS text messages to the Chinese server every 72 hours
  • It collects and sends call log information to the Chinese server every 72 hours
  • Collects and sends the user personally identifiable information to the Chinese server every 24 hours
  • Collects and sends IMSI and IMEI on the phone
  • Collects and sends geo-location information
  • Collects and sends a list of applications installed on the user's device
  • It downloads and installs applications without the user's consent or knowledge
  • Updates or deletes applications
  • Updates the phone firmware and reprograms the device
  • It performs remote commands with increased management rights on the user's device

How can you protect yourself:

Check your device (you'll need root privileges) and look for the following two system apps:

com.adups.fota.sysoper com.adups.fota

If you find the packages you can delete them using an application that allows it system packages. One of them is Jumobile's System App Remover.

android
Image by Stavros Anagnostopoulos

Adups states on its website that its firmware runs at over 700 Android devices. The company does not clarify whether all these devices are running the FOTA update system.

We thank our friend Stavros Anagnostopoulos for the information he gave us.

Update: Removing the above packages will disable control over software updates. Proceed only if you are not interested.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.087 registrants.

androidbackdoor cutsCOfirmwareI'm sureimeiimsiremoverserversmartphonessystemtechnologytrojanUpdatesecurityapplicationAppliancessystem

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).