US company BLU Products was at the heart of a smartphone scandal last year after it was discovered that its devices were leaking personal user data to China. A third-party app installed on the phones had been secretly transmitting user information from a reported 120,000 phones.
BLU subsequently acknowledged to the unauthorized data collection and transmission, and confirmed that the offending app had been updated to remove that functionality.
According to researchers at security company Kryptowire, however, at least three BLU devices are still distributing private data without notifying users.
Google's anti-malware security suite "Play Protect" now rolling out to Android phones
The news arrives from the Black Hat security conference (via CNET) which took place in Las Vegas on Wednesday. There, Kryptowire's researchers revealed that Chinese firm Shanghai Adups Technology Company is once again at the heart of the issue.
This is the developer of the MTKLogger app that comes pre-installed on a number of BLU's MediaTek powered handsets. The app is said to include software that tracks calls, text messages, GPS location, contact lists and more, but also has the potential to provide access to the command and control channel. This would allow Adups to "execute commands as if it's the user," says CNET, "meaning it could also install apps, take screenshots, record the screen, make calls and wipe devices without needing permission."
Evidence of private user data distribution was found on the BLU Advance 5.0 — currently the second biggest selling handset on Amazon.
Google's new security features will protect you from unverified apps
This issue not only raises concerns over buying cheap phones (the BLU Advance 5.0 costs $60) but also highlights failings in Google's own security systems. While its Verified Apps procedure is designed to weed out dangerous apps, this exploitation has twice been discovered first by a third-party source (both times Kryptowire).
When this spyware was first unearthed, Samuel Ohev-Zion, the BLU CEO, said it was "obviously something that [BLU was] not aware of." Since it is now aware — what has it got to say this time?
We've reached out to BLU for comment regarding this news and will update this article should we receive a response. In the meantime, you might want to hold off on picking one up.
from Android Authority http://ift.tt/2vdX2QC
via IFTTT
Aucun commentaire:
Enregistrer un commentaire