BLU R1 HD android phones - major security incident. ADUPS

Archive
1

Is it likely that any Norton customers will be using Android mobile phones with ADUPS software? If so they/you might be interested in this Klebs article:

 

http://krebsonsecurity.com/2016/11/chinese-iot-firm-siphoned-text-messages-call-records/

2

sorry but my rationale for sticking with Brian Krebs fell off. FWIW here it is:

The New York Times articles quotes Samuel Ohev-Zion, the chief executive of the Florida-based BLU Products, as saying: “It was obviously something that we were not aware of. We moved very quickly to correct it” adding that "Adups had assured him that all of the information taken from BLU customers had been destroyed."

But later on in the article the NYT Says that because Adups has not published a list of affected phones, it is not clear how users can determine whether their phones are vulnerable. “People who have some technical skills could,” Mr. Karygiannis, the Kryptowire vice president, said. “But the average consumer? No.”

Ms. Lim (a lawyer who represents Adups) said she "did not know how customers could determine whether they were affected."

This imo throws into doubt the above statement that (per Adups) Adups "all of the information taken from BLU customers had been destroyed."

3

Interesting - but I'm sticking with Brian Krebs' opinion!  wink

4

major security incident. ADUPS???

NO:

At the heart of the issue is a special type of software, known as firmware, that tells phones how to operate. Adups provides the code that lets companies remotely update their firmware, an important function that is largely unseen by users. 

http://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html?_r=0

a firmware created by Shanghai AdUps Technology Co. Ltd which is being used to send device data and identifiable user information servers in China.

https://community.norton.com/en/comment/7244051#comment-7244051

5

much appreciated, Peter

6

I suppose Norton, and other AV companies could blog about every malware type it knows about, but that would probably cause mass hysteria.  wink

I did flag your post for my Norton contact. It is in their court now.

7

Thanks Peter. Presumably there's nothing that any security program can do to stop such hacking but do you agree that Norton should at least publicise this attack via its mobile products/blogs etc?

8

From the numbers of devices quoted, the odds are very high that there will be some Norton users affected.