The firmware could also execute remote commands and reprogram the smartphones from a remote location
A US security company says a Chinese-made smartphone popular in the United States forwarded detailed user data and user texts back to a Chinese server without the phone owner’s knowledge.
Virginia-based Kryptowire, which provides mobile security services to government agencies and private businesses, said late on Tuesday (Nov 15) that it had discovered the problem in a number of Android-based phones using firmware from the Chinese company Shanghai ADUPS Technology.
Those phones included the popular models from US manufacturer BLU Products, sold in stores around the country.
It said the firmware – software deeply embedded in the phone – periodically transmitted data that identified the device, the numbers called and received, contact lists and full text messages back to the server for unclear purposes.
It said the firmware could also execute remote commands and reprogram the smartphones from a remote location.
“The firmware could target specific users and text messages matching remotely defined keywords,” Kryptowire said in a statement.
The report sparked fresh worries that mobile device makers – in this case Chinese – could surreptitiously suck more personal data from a person’s phone or tablet than they admit to doing, for use commercially or, for example, in espionage.
In a statement on Wednesday, Shanghai ADUPS said the firmware had been designed to help screen out junk texts and calls.
An automatic update to it made for other clients had “inadvertently” been installed on BLU Product phones, it said, and has since been disabled after objections from BLU.
“No information associated with that functionality, such as text messages, contacts, or phone logs, was disclosed to others and that any such information received from a Blu phone during that short period was deleted,” it said.
Shanghai ADUPS’ website says its software and firmware update services reach 700 million users around the world.
To China, Cyberespionage Becomes Even More Important
Secret Back Door in Some U.S. Phones Sent Data to China, Analysts Say
WASHINGTON — For about $50, you can get a smartphone with a high-definition display, fast data service and, according to security contractors, a secret feature: a backdoor that sends all your text messages to China every 72 hours.
Security contractors recently discovered preinstalled software in some Android phones that monitors where users go, whom they talk to and what they write in text messages. The American authorities say it is not clear whether this represents secretive data mining for advertising purposes or a Chinese government effort to collect intelligence.