Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Network Security, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Android phones dialing home, to China

Firmware on some Android phones has been detected collecting user data and transmitting it to third-party servers in China, according to mobile security firm Kryptowire.

Without users being aware, the Android devices, sold in the U.S. at major retailers, transmitted user and device information, including text messages, contact lists, call history (with full telephone numbers), and unique device identifiers, the researchers found. Not only that, but the firmware was also able to send information on the apps used and it could remotely reprogram devices. This meant that applications could be loaded onto devices from remote locations without a user's permission.

Basing their findings on both code and network analysis of the firmware, the researchers said the culprit was Shanghai Adups Technology Co. Ltd., a Shanghai-based company that provides professional Firmware Over-The-Air (FOTA) update services.

On being advised of this activity, one of the companies affected, BLU Products, issued a notice that it had removed the capability from its devices.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.