by WorldTribune Staff, November 17, 2016
Chinese-authored spyware that can be used to track a user’s movements and communications has been found on some 700 million Android smartphones, security researchers said.
The spyware, discovered by Virginia-based Kryptowire, was reportedly authored by Chinese startup Shanghai Adups Technology Company.
“The Department of Homeland Security was recently made aware of the concerns discovered by Kryptowire and is working with our public and private sector partners to identify appropriate mitigation strategies,” said U.S. Department of Homeland Security spokesperson Marsha Catron.
“We also encourage all Americans to take precautions to ensure the security of their data and personal information, including using strong passwords, maintaining up-to-date antivirus software and minimizing the amount of personal data they share online.”
The researchers said the spyware was so well hidden on the devices that it was nearly impossible to detect.
“The traffic was encrypted multiple times and the servers that were being used were also part of the firmware checking and updating process,” Kryptowire Vice President Tom Karygiannis told CyberScoop.
“Even if an average user was able to notice the traffic, he/she would not be able to understand what this traffic was about. Given that this same domain was used for firmware updates, it is highly unlikely that the users or an internet provider for that matter, would have recognized the traffic as [personal identifiable information] transmission because it was camouflaged as part of the firmware updating/checking process.”
The researchers told CyberScoop that the Adups firmware transmitted data packets to a Chinese server every 72 hours. The data packets contained call logs, text messages, contact lists, GPS location and other user data.
Adups’ clients include two of China’s largest cellphone manufacturers: ZTE and Huawei. BLU Products, an American phone manufacturer, told the New York Times that 120,000 of its phones were affected and that a subsequent software update would eliminate the surveillance feature.
In a statement sent to WorldTribune.com, Huawei said: “Huawei takes our customers’ privacy and security very seriously, and we work diligently to safeguard that privacy and security. The company mentioned in this report is not on our list of approved suppliers, and we have never conducted any form of business with them.”
Related: China’s PLA-backed Huawei to expand presence, investment in Turkey, Dec. 23, 2011
“Intentional or not, these hidden backdoors can be dangerous as adversaries can become aware of their existence and use them to intercept traffic or disable a communications system in a way that firewall and intrusion detection systems aren’t able to detect,” said Kevin Kelly, CEO of supply chain cybersecurity firm LGS Innovations.