Home > Cyber News > Android Firmware Acts Like Backdoor, Secretly Transmits PII to a Chinese Company

Android Firmware Acts Like Backdoor, Secretly Transmits PII to a Chinese Company


Mobile application security company Kryptowire has just disclosed a pre-installed backdoor on more than 700 Android devices. The backdoor transmits data to a server in China every 72 hours.

The firmware could target specific users and text messages matching remotely defined keywords. The firmware also collected and transmitted information about the use of applications installed on the monitored device, bypassed the Android permission model, executed remote commands with escalated (system) privileges, and was able to remotely reprogram the devices.

The backdoors enables a Chinese company, Adups, transmit information such as text messages, contact lists, and IMEI numbers (International Mobile Equipment Identity numbers). The data transmission is done without the user’s knowledge or consent.

The Adups backdoor collects the information and puts it into an archive – source.zip.

The most affected devices are found in the U.S. and are phones from Blu Products, such as BLU R1 HD. They are sold on Amazon and Best Buy. Some pre-paid and disposable phones are also affected. However, the company says that the backdoor endangers the PII of Chinese Android users.

The Chinese company says that this version of their software wasn’t meant for American devices. Its main purpose was to help phone manufacturers monitor the behavior of Chinese users.

Related: Acecard, Android Trojan and Phishing Tool Targets Over 30 Banks

Kryptowire’s findings “are based on both code and network analysis of the firmware.” As already mentioned, the user and device information was collected automatically and transmitted every 72 hours without the users’ consent or knowledge. The data was also encrypted with multiple layers of encryption and then transmitted over secure web protocols to a server located in Shanghai, Kryptowire says.

Unfortunately, this behavior is bypassed by the detection of mobile anti-virus tools. The latter presumes that software that ships with the device isn’t malicious, so it is white-listed.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree