- Second Chinese Firm in a Week Found Hiding Backdoor in Firmware of Android Devices. From Bleeping Computer.
Security researchers have discovered that third-party firmware included with over 2.8 million low-end Android smartphones allows attackers to compromise Over-the-Air (OTA) update operations and execute commands on the target’s phone with root privileges.
Mobile experts from Anubis Networks discovered the problem this week. This is the second issue of its kind that came to light this week after researchers from Kryptowire discovered a similar secret backdoo in the firmware of Chinese firm Shanghai Adups Technology Co. Ltd. This time around, the problem affected Android firmware created by another Chinese company named Ragentek Group.
- Kryptowire Discovered Mobile Phone Firmware That Transmitted Personally Identifiable Information (PII) Without User Consent Or Disclosure. From PR Newswire.
WASHINGTON, Nov. 15, 2016 /PRNewswire/ — Kryptowire has identified several models of Android mobile devices that contained firmware that collected sensitive personal data about their users and transmitted this sensitive data to third-party servers without disclosure or the users’ consent. These devices were available through major US-based online retailers (Amazon, BestBuy, for example) and included popular smartphones such as the BLU R1 HD. The core of the monitoring activities took place using a commercial Firmware Over The Air (FOTA) update software system that was shipped with the Android devices we tested and were managed by a company named Shanghai Adups Technology Co. Ltd.
These devices actively transmitted user and device information including the full-body of text messages, contact lists, call history with full telephone numbers, unique device identifiers including the International Mobile Subscriber Identity (IMSI) and the International Mobile Equipment Identity (IMEI). The firmware that shipped with the mobile devices and subsequent updates allowed for the remote installation of applications without the users’ consent and, in some versions of the software, the transmission of fine-grained device location information. The firmware could identify specific users and text messages matching remotely defined keywords. The firmware also collected and transmitted information about the use of applications installed on the monitored device, bypassed the Android permission model, executed remote commands with escalated (system) privileges, and was able to remotely reprogram the devices.
Android spyware targets business executives. From HelpNetSecurity.
Researchers from mobile security outfit Skycure have recently analyzed a malicious app they found on an Android 6.0.1 device owned by a VP at a global technology company.
The name of the malicious package is “com.android.protect”, and it comes disguised as a Google Play Services app. It disables Samsung’s SPCM service in order to keep running, installs itself as a system package to prevent removal by the user (if it can get root access), and also hides itself from the launcher.
They don’t say how the malicious app – a piece of commercial spyware they dubbed Exaspy – found its way onto the victim’s phone, but chances are someone took advantage of the physical access they had to the device to do the dirty deed.
- Cracking Android Full Disk Encryption. From Hacker News. The heated battle between Apple and the FBI provoked a lot of talk about encryption – the technology that has been used to keep all your bits and bytes as safe as possible.
We can not say a lot about Apple’s users, but Android users are at severe risk when it comes to encryption of their personal and sensitive data. Android’s full-disk encryption can be cracked much more easily than expected with brute force attack and some patience, affecting potentially hundreds of millions of mobile devices.
- ‘Godless’ Malware Is Attacking Android Devices. From PC Magazine. Researchers at Trend Micro recently discovered new Android-based malware called Godless, which targets devices running Android Lollipop or earlier. As Trend Micro points out, that covers almost 90 percent of Android devices. “Based on the data gathered from our Trend Micro Mobile App Reputation Service, malicious apps related to this threat can be found in prominent app stores, including Google Play, and has affected over 850,000 devices worldwide,” the company said in a statement.
- Data breach possible for users of Annapolis parking garages. From Capital Gazette. Malware was discovered on parking garage servers that officials believe could have stolen credit and debit card information from transient parkers using the city’s three garages. The breach is still under investigation, but officials believe it could have impacted anyone using those parking facilities between Dec. 23 and June 11. These servers handle payments for Noah Hillman, Gott’s Court and Knighton Garages.