How 700 million Chinese Phones with Adups firmware can Spy on You

“[They were] recently made aware of the concerns discovered by Kryptowire and is working with our public and private sector partners to identify appropriate mitigation strategies.”

Marsha Catron, a spokeswoman for the Department of Homeland Security, speaking o the discovery of the Adups Technology Company firmware backdoor

Looks like the Chinese Government are spying on the West again, this time by going into your stuff on that ultra-cheap smartphone that you picked up in China.

Kryptowire, the security firm discovered code for a backdoor written by Shanghai software developer Adups Technology Company that’s inside of 700 million phones, cars and other smart devices. More interestingly, this backdoor can be found in 120,000 phones made by BLU, a bran that makes dual-SIM smartphones that are very popular in Jamaica.

The Adups software apparently uses the backdoor and collects the full contents of the following data from unsuspecting users:

  • Text messages
  • Contact lists
  • Call logs
  • Location information
  • GPS data

Kryptowire, a Homeland Security contractor, discovered the problem in a very serendipitous manner. Apparently a Security researcher working with Kryptowire, bought the BLU R1 HD, for a trip overseas. He then notice unusual network activity while setting up the phone with the VPN and email required to communicate securely while abroad.

He then alerted another fellow analysts and within a week, analysts noticed that the phone was transmitting text messages to a server in Shanghai registered to Adups Technology Company. Kryptowire took its findings to the United States government, independent of their contract with the US government Agency. They eventually published their report on Tuesday November 15th 2016.

So how did this happen?

Adups, the Big Data Gather – Intelligence Gathering or predicting Future product trends

Adups Technology Company writes firmware for two (2) of the largest cell phone manufactures in the world; ZTE and Huawei, both of whom are based in China. They designed the code that not only allows the firmware to update automatically.

But Adups Technology Company also wrote in code at the request of an unidentified Chinese manufacturer that also allows the firmware to collect the records mentioned above and sends them to the Chinese Server registered to Adups. The software was intended to help the Chinese client identify junk text messages and calls. Interestingly, Adups is not in trouble here; it the telephone makes that allowed the firmware to be preinstalled into their phones without alerting customer that their personal data was being collect without their knowledge.

So says Lily Lim, a lawyer in Palo Alto, Calif. representing Adups Technology Company, quote: “Adups was just there to provide functionality that the phone distributor asked for”. In other words it ws business as usual for Adups, whose website clearly states that they provide “big data” services to help companies study their customers and quote: “to know better about them, about what they like and what they use and there they come from and what they prefer to provide better service”.

So what can you do?

Big Data or Big Government – Blurring the lines between trend tracking and Surveillance

Nothing really; you’d probably not notice it unless you have some super Java coding skills. Even if you did, you’ll have to remove the firmware and find firmware free of the Adups Technology Company, a task that’s hard to achieve.

Still Google, makers of the Android operating system, have since told Adups to remove the firmware from phone that run Google Play Store Apps .However, smartphone users of BLU, Huawei, ZTE and any other smartphone using the firmware in China are not covered by this recall, due to China’s heavy censorship in China.

This whole fiasco show how companies can invade your privacy in the name of their pursuit to make profits from customer data, also known as “Big Data” in data Science circles. This as studying such large volumes of data can lead to discovering current and future product trend and help companies to anticipate which  products will be a hit and which will be a miss and even create product you’ll like.

Or ……it can be used by an Intelligence agency, be if Chinese, American or British, to spy on anyone it desired, known in what you said, who you said it, when and where you said it. Welcome to Big Brother surveillance by corporate Entities and Government spies via low-cost Chinese smartphones!

The following two tabs change content below.
Lindsworth is a Radio Frequency and Generator Maintenance Technician who has a knack for writing about his work, which is in the Telecoms Engineering Field. An inspired writer on themes as diverse as Autonomous Ants simulations, Power from Lightning and the current Tablet Wars.