Security Market Segment LS
Wednesday, 23 November 2016 10:02

ADUPS spyware may have been state-sponsored Featured

By

Despite ADUPS publicly announcing that its data snooping on 700 million Android smartphones was a “technical mistake”, the New York Times has said that American authorities say it is not clear whether the Chinese government was involved in the collection of this personal data. In the past China has been known to use a variety of methods to filter and track Internet usage and monitor online conversations.

The issue started when Florida-based BLU Products admitted that some of its handsets made in China and used in the US were transmitting sensitive user information back to a server in Shanghai, China.

Samuel Ohev-Zion, the chief executive of the Florida-based BLU Products, told the New York Times: “It was obviously something that we were not aware of. We moved very quickly to correct it and requested all data be destroyed.”

iTWire's Sam Varghese reported on this and mentioned that ADUPS also provided software to ZTE and Huawei. ZTE has since stated, “No handsets sold in the US have ADUPS.” Huawei stated that it takes its customers' privacy and security seriously, and it works diligently to safeguard that privacy and security. It said the company mentioned in this report was not on its list of approved suppliers, and it had never conducted business with them.

According to the New York Times, American authorities say it is not clear whether this represents secretive data mining for advertising purposes or a Chinese government effort to collect intelligence.

ADUPS  says it is blameless too. The software (firmware updater) was written long ago at the request of an unidentified Chinese manufacturer that wanted the ability to store call logs, text messages, and other data for customer support. “Adups is just there to provide functionality that the phone distributor asked for,” said Lily Lim, a lawyer in Palo Alto, Calif., who represents ADUPS.

ADUPS will not release a list of affected brands or handsets. The software continues to be used unchanged in China and many other countries – it has just been fixed for phones sold in the US, about 120,000 BLU handsets.

Kryptowire discovered the issue and has a great article here showing what is collected. It is way more than what could be reasonably expected.

But this is not the first time similar things have happened.

A few years ago every bit of Chinese technology was suspect – Huawei and others paid dearly for the campaigns waged against them.

In 2014, Chinese smartphone manufacturer Xiaomi was accused of sending user data to China. Lenovo — like many other device manufacturers — installed “Superfish bloatware” on devices before shipping to inject advertisements into browsers but there were security vulnerabilities within the software that enabled attackers to read encrypted browsing data including passwords and other sensitive items.

Flashpoint summarises what many are wondering:

Despite the incentive against abusing their supply-chain dominance for intelligence purposes, the Chinese government possesses considerable powers to compel companies and manufacturers to do so. The recent passing of China’s new Cybersecurity Law only expands these powers.

However, these risks are not exclusive to Chinese-based manufacturers. Many non-Chinese firms manufacture and/or assemble their components and devices in the PRC; hence, the threat to the supply chain remains even if using non-Chinese devices. As such, malicious hardware, firmware, or software could be injected at any stage of the process, although the ease with which this is done may differ considerably.

What can you do?

The spyware is likely installed on “low cost” smartphones, especially those that are white labelled by telcos, and third parties or those who use advertising to reduce handset costs.

ADUPS says on its website it has a worldwide presence with more than 700 million active users, and that its firmware is integrated into “more than 400 leading mobile operators, semiconductor vendors and device manufacturers spanning from wearable and mobile devices to cars and televisions".

Trustlook,  a next-generation mobile device security company, has released a new feature in its Trustlook Mobile Security app that identifies the presence of rogue firmware from ADUPS.

The Trustlook Mobile Security app can be download for free from Google Play. It currently checks for all known versions of the ADUPS system apps that conduct aggressive data collection, with more being added as they are discovered.

 TL 1

TL 2

TL 3

 


Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Ray Shaw

joomla stats

Ray Shaw ray@im.com.au  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments