Take the pledge to vote

For a better tommorow#AajSawaroApnaKal
  • I agree to receive emails from News18

  • I promise to vote in this year's elections no matter what the odds are.
  • Please check above checkbox.

    SUBMIT

Thank you for
taking the pledge

Vote responsibly as each vote counts
and makes a diffrence

Disclaimer:

Issued in public interest by HDFC Life. HDFC Life Insurance Company Limited (Formerly HDFC Standard Life Insurance Company Limited) (“HDFC Life”). CIN: L65110MH2000PLC128245, IRDAI Reg. No. 101 . The name/letters "HDFC" in the name/logo of the company belongs to Housing Development Finance Corporation Limited ("HDFC Limited") and is used by HDFC Life under an agreement entered into with HDFC Limited. ARN EU/04/19/13618
LIVE TV DownloadNews18 App
News18 English
News18 » World
2-min read

Android Smartphones in US Sending Personal Data to China: Report

These devices transmitted user and device information including text messages, contact lists, call history with full telephone numbers, unique device identifiers including the IMSI and the IMEI.

Updated:November 16, 2016, 3:01 PM IST
facebookTwitter Pocket whatsapp
Android Smartphones in US Sending Personal Data to China: Report
Picture for representation only. ©franckreporter / Istock.com

Washington: US security firm Kryptowire has identified Android smartphones with a "backdoor" software in the country that collected sensitive personal data and transmitted this data to third-party servers in China without disclosure or the users' consent.

These devices were available through major US-based online retailers like Amazon and BestBuy and included popular smartphones such as BLU R1 HD devices, Kryptowire said in a statement.

"The core of the monitoring activities took place using a commercial Firmware Over The Air (FOTA) update software system that was shipped with the Android devices we tested and were managed by Shanghai Adups Technology Co. Ltd," Kryptowire said.

These devices actively transmitted user and device information including text messages, contact lists, call history with full telephone numbers, unique device identifiers including the International Mobile Subscriber Identity (IMSI) and the International Mobile Equipment Identity (IMEI).

Adups claims to have a worldwide presence with over 700 million active users, and a market share exceeding 70 per cent across over 150 countries and regions with offices in Shanghai, Shenzhen, Beijing, Tokyo, New Delhi and Miami.

"The Adups website also stated that it produces firmware that is integrated in more than 400 leading mobile operators, semiconductor vendors, and device manufacturers spanning from wearable and mobile devices to cars and televisions," the Kryptowire statement late on Tuesday read.

Later, a lawyer for Shanghai AdUps Technologies told The New York Times that the data was not being collected for the Chinese government, stating: "This is a private company that made a mistake."

A BLU spokesperson told technology website Ars Technica that the software backdoor affected a "limited number of BLU devices" and that the "affected application has since been self-updated and the functionality verified to be no longer collecting or sending this information".

The firmware that shipped with the mobile devices and subsequent updates allowed for the remote installation of applications without the users' consent and, in some versions of the software, the transmission of fine-grained device location information, the Kryptowire statement said.

The firmware also collected and transmitted information about the use of applications installed on the monitored device, bypassed the Android permission model, executed remote commands with escalated (system) privileges, and was able to remotely reprogramme the devices.

"Our findings are based on both code and network analysis of the firmware. The user and device information was collected automatically and transmitted periodically without the users' consent or knowledge,a the global security firm noted.

The collected information was encrypted with multiple layers of encryption and then transmitted over secure web protocols to a server located in Shanghai.

This software and behaviour bypasses the detection of mobile anti-virus tools because they assume that software that ships with the device is not malware and thus, it is white-listed.

"We analysed the Personally Identifiable Information (PII) collected and transmitted in an encrypted format to servers in Shanghai, including one of the bestselling unlocked smartphones sold by major online retailers," Kryptowire added.

Kryptowire was jump-started by the US Defense Advanced Research Projects Agency (DARPA) and the Department of Homeland Security (DHS).

Get the best of News18 delivered to your inbox - subscribe to News18 Daybreak. Follow News18.com on Twitter, Instagram, Facebook, Telegram, TikTok and on YouTube, and stay in the know with what's happening in the world around you – in real time.

| Edited by: Bijaya Das
Read full article
Next Story
Next Story

facebookTwitter Pocket whatsapp

Live TV

Countdown To Elections Results
To Assembly Elections 2018 Results