Wednesday, December 31, 2014

Pre installed Backdoor found in Chinese Smartphones


Chinese smartphone manufacturers have again been critized for having Backdoor in their handsets. But this time a different vendor’s name has come up. Earlier the popular Chinese smartphone brands, Star N9500 and Xiaomi name came up but now the China’s third largest and world’s sixth largest mobile manufacturer ‘CoolPad’, has joined the list.
            Android smartphones sold by Chinese smartphone maker Coolpad Group Ltd contains an extensive “backdoor” that is able to track users, push unwanted pop-up advertisements and install unauthorized apps onto users phone without their permission, alleged a U.S. security firm.
MORE THAN 10 MILLION USERS at RISK
Researchers at Silicon Valley online security firm Palo Alto Networks discovered the backdoor “CoolReaper”, pre installed on 24 Coolpad Android handset models, including high end ones. The attackers can completely hijack users Android device by gaining their device information with the help of the backdoor.
Features of CoolReaper backdoor:
According to Ryan Olson, intelligence director at Palo Alto, CoolReaper backdoor has ability to:
Ø  Download, install aand activate any Android application without users knowledge.
Ø  Connect to number of command and control(C&C) servers.
Ø  Wipe user data, uninstall applications or disable system applications.
Ø  Send fake software updates to devices.
Ø  Send or insert arbitrary SMS or MMS messages into the phone.
Ø  Call arbitrary phone numbers.
Ø  Upload device information including its location, application, usage information, calling and SMS history to Coolpad servers.
On examination of Coolpad smartphone models of different country, researchers suspected that Coolpad smartphone come pre installed with Coolreaper backdoor on handsets which are sold exclusively in China and Taiwan.
Coolpad is the first malware that is built and operated by an Android manufacturer.China has been criticized many times for its products. Six months ago another handset which was popular and also cheap, Star N9500 smartphone came pre-installed with a Trojan that allowed manufacturerto spy on users including personal data and conversations without their knowledge.

            Their was another allegation against the popular Chinese smartphone manufacturer, “Xiaomi of secretly stealing users information and sending it back to a server in Beijing.