Another Pre-Installed Backdoor Found On 3 Million Chinese Android Devices
Another Pre-Installed Backdoor Found On 3 Million Chinese Android Devices

Did you know that the security rating firm BitSight has discovered a new problem in Android, which specifically affects the OTA (Over The Air) system used for firmware updates, and stated that almost 3 million devices are vulnerable.

Another Pre-Installed Backdoor Found On 3 Million Chinese Android Devices

The security rating firm BitSight has discovered a new problem in Android, which specifically affects the OTA (Over The Air) system used for firmware updates, and stated that almost 3 million devices are vulnerable.

The security rating firm BitSight explains that according to this ‘security hole’ it can be used to execute arbitrary code remotely with full privileges on the attacked devices.

“However, there are multiple techniques used to hide the execution of this binary. This behavior could be described as a rootkit,” the CERT advisory associated with this vulnerability warned on Thursday.

A firmware development company of Chinese origin explained in a report about the problem which is in question that primarily affects the products of the smartphone manufacturer BLU, and it is not the only one company which vulnerable to this security flaw. Around 2.8 million devices worldwide are vulnerable and along with this company over a dozen devices from other vendors are also vulnerable to this flaw.

So, here’s the list of affected Android handsets includes:

BLU Studio G
BLU Studio G Plus
BLU Studio 6.0 HD
BLU Studio X
BLU Studio X Plus
BLU Studio C HD
Infinix Hot X507
Infinix Hot 2 X510
Infinix Zero X506
Infinix Zero 2 X509
DOOGEE Voyager 2 DG310
LEAGOO Lead 5
LEAGOO Lead 6
LEAGOO Lead 3i
LEAGOO Lead 2S
LEAGOO Alfa 6
IKU Colorful K45i
Beeline Pro 2
XOLO Cube 5.0

The rootkit in question is housed in / system / bin / debugs and allows for unencrypted communications. In fact, its own operation without encryption in data exchange, as explained, is what allows a Man-in-the-Middle attack to run malicious code on affected devices remotely.

It works similar to the recently discovered vulnerability which was detected in the devices from Sino origin and affecting more than 700,000 devices. According to this prior, AdUps, it automatically informs on the use to servers that are owned by the Chinese.

In recent months several problems have been found on Chinese devices with Android operating system. According to computer security experts those affecting only Xiaomi and simply it also allows the company to install and uninstall software on its devices remotely, without user consent and without their knowledge.

So, when we talk about the Chinese brands obviously excluded firms such as Huawei or Lenovo, operating mainly in markets like the US and Europe, and adhere to the usual practices in these territories.



COMMENTS