The New York Times reported that some security contractors discovered hidden software on some android phones that has been secretly sending user’s text messages to china every 72 hours.
The software tracks where users go, who they talk to, what they say, along with keeping track of the user’s entire contact list and other phone data. Customers with disposable or prepaid phones have been the most affected.
The security firm, Kryptowire discovered the secret software and has determined that it was created by China’s Shanghai Adups Technology Company and this code runs on more than 700 million devices.
Kryptowire discovered the software by happenstance. A researcher at firm noticed it after purchasing an inexpensive phone, the BLUE R1 HD and saw some unusual network activity. Analysts then discovered that the phone was sending messages to an Adups server in Shanghai.
BLU Product, an American phone manufacturer, said 120,000 of its phones had the secret software and they had to eliminate the feature.
It has yet to be determined why the software was developed for either advertising or collecting intelligence. However, it was determined that it was no way just a bug.
“Security experts frequently discover vulnerabilities in consumer electronics, but this case is exceptional. It was not a bug. Rather, Adups intentionally designed the software to help a Chinese phone manufacturer monitor user behavior, according to a document that Adups provided to explain the problem to BLU executives. That version of the software was not intended for American phones, the company said,” writes the New York Times.
Even though it wasn’t intended for American phones, it’s a terrifying occurrence showing how these technology companies can access private information and then can easily send it elsewhere.
“The episode shows how companies throughout the technology supply chain can compromise privacy, with or without the knowledge of manufacturers or customers. It also offers a look at one way that Chinese companies — and by extension the government — can monitor cellphone behavior,” writes the New York Times. “For many years, the Chinese government has used a variety of methods to filter and track internet use and monitor online conversations. It requires technology companies that operate in China to follow strict rules. Ms. Lim said Adups was not affiliated with the Chinese government.”
Fortunately, this is uncommon. Adups never alerted BLU Products of the function even though it is standard protocol.
“Adups provides the code that lets companies remotely update their firmware, an important function that is largely unseen by users. Normally, when a phone manufacturer updates its firmware, it tells customers what it is doing and whether it will use any personal information. Even if that is disclosed in long legal disclosures that customers routinely ignore, it is at least disclosed. That did not happen with the Adups software, Kryptowire said,” writes the New York Times.
“It was obviously something that we were not aware of. We moved very quickly to correct it,” said Samuel Ohev-Zion, the chief executive of the Florida-based BLU Products.
Adup said all the information transmitted from BLU users have been destroyed.
So what was Adup’s reasoning for this software? Customer support.
“The software was written at the request of an unidentified Chinese manufacturer that wanted the ability to store call logs, text messages and other data, according to the Adups document. Adups said the Chinese company used the data for customer support,” writes the New York Times.
“Ms. Lim said the software was intended to help the Chinese client identify junk text messages and calls.”
Adup isn’t planning on releasing a list of affected phone either and it’s not easy for the average user to identify the software.
BLU has assured their customers that their phones are no longer collecting this information.
Author’s note: We don’t buy Adup’s explanation for the software. Seems too suspicious to be just for customer service purposes. Where was this information really going?
Editor’s note: We’ve talked about the erosion of privacy in America before, but it still seems our politicians are clueless. Just because someone proclaims an innocent use of the data and says it is destroyed, doesn’t mean it is so. The Chinese intelligence service is thoroughly integrated with Chinese industry, so anything of interest will be sucked up and provided to the government.
Law enforcement cannot pursue this, because it is not illegal.