Please select To the mobile version | Continue to access the desktop computer version

ulefone Official Forum

Search
View: 3478|Reply: 14

[Consulting] Massive Amount of Users' Data Sent to Chinese Servers

[Copy link]

3

Threads

26

Posts

213

Credits

Intermediate Member

Rank: 3Rank: 3

Credits
213

Thanksgiving Dayulefone Metalulefone Youtube Followerulefone Twitter Followerulefone FB Followerulefone Fan from Ukraine1K Forum Members

Post time 2016-11-17 19:32:44 | Show all posts |Read mode

Sign up now, Make more friends, Enjoy with more features, Let you easily Fun Community.

You have to Login for download or view attachment(s). No Account? Register

x
Edited by Ruslan at 2016-11-17 19:38

Security researchers from Kryptowire discovered the alleged backdoor hidden in the firmware of many budget Android smartphones sold in the United States, which covertly gathers data on phone owners and sends it to a Chinese server without users knowing.

Based on the received commands, the security firm found the software executing multiple operations, detailed below:

  • Collect and Send SMS texts to AdUps' server every 72 hours.
  • Collect and Send call logs to AdUps' server every 72 hours.
  • Collect and Send user personally identifiable information (PII) to AdUps' server every 24 hours.
  • Collect and Send the smartphone's IMSI and IMEI identifiers.
  • Collect and Send geolocation information.
  • Collect and Send a list of apps installed on the user's device.
  • Download and Install apps without the user's consent or knowledge.
  • Update or Remove apps.
  • Update the phone's firmware and Re-program the device.
  • Execute remote commands with elevated privileges on the user's device.


No, Users Can't Disable or Remove the Backdoor
The backdoor has been discovered in two system applications – com.adups.fota.sysoper and com.adups.fota – neither of which can be disabled or removed by the user.


Virustotal
AdupsFota.apk (Ulefone Metal)     virustotal.com/uk/file/cbdea7d48daf9448a931f6ae2acda5b9d756b38466c48f9467a618340f3b73e3/analysis/


15

Threads

341

Posts

1237

Credits

Gold Member

Rank: 6Rank: 6

Credits
1237

Thanksgiving Dayulefone MetalGiveaway Participantsulefone Fan from CroatiaHappy HalloweenUpdate Beta team1K Forum MembersForum Star

Post time 2016-11-17 19:39:40 | Show all posts
See also posts 19-24 under:
http://forum.ulefone.com/thread-277-1-1.html

with instructions how to remove adups.fota services (you loose OTA Wireless Updates)

3

Threads

26

Posts

213

Credits

Intermediate Member

Rank: 3Rank: 3

Credits
213

Thanksgiving Dayulefone Metalulefone Youtube Followerulefone Twitter Followerulefone FB Followerulefone Fan from Ukraine1K Forum Members

 Author| Post time 2016-11-17 19:46:25 | Show all posts
Thank you! I did not see this message.

1

Threads

42

Posts

402

Credits

Intermediate Member

Rank: 3Rank: 3

Credits
402

Thanksgiving DayHappy Halloween

Post time 2016-11-19 23:07:43 | Show all posts
Edited by timar at 2016-11-19 23:13

If you tap on the three dots on the top right in the Android app settings and on "show systems processes", you can see both "Wireless Update" (com.adups.fota) and "FotaProvider" (com.adups.fota.sysoper) and temporary disable them, no root required. Of course they will be active again after reboot, but for me it is an acceptable solution while waiting for Ulefone to release the promised OTA update for the Power. I'm planning to remove both apps after receiving the update, as I don't expect Ulefone to release more updates anyway.

By the way, I was shocked to see that "FotaProvider" sent ~7 MB of data within the last month!

0

Threads

17

Posts

98

Credits

Member

Rank: 2

Credits
98

Thanksgiving Day1K Forum MembersGiveaway Participants

Post time 2016-11-22 16:26:30 | Show all posts
This should be resolved in the latest update. As of the data usagr, Go to about phone>wireless update and either disable the auto update checking or choose only by wifi.

1

Threads

42

Posts

402

Credits

Intermediate Member

Rank: 3Rank: 3

Credits
402

Thanksgiving DayHappy Halloween

Post time 2016-11-23 00:13:45 | Show all posts
@mikhael: You don't seem to have realized that the "Wireless Update" (com.adups.fota.sysoper) contains another trojan completely unrelated to the other trojan that has been removed from the recent firmware. Most antivirus apps don't detect this trojan yet. Btw. if you really think that checking for the availability of an update once a week could possibly add up to 7 MB of data per month, you are beyond hope. It would take a few kilobytes to do that.

34

Threads

126

Posts

2842

Credits

Administrator

Rank: 9Rank: 9Rank: 9

Credits
2842

ulefone TeamManagement Teamulefone Be Touch 2ulefone Be Touch 3ulefone U007ulefone Parisulefone Powerulefone Viennaulefone Metalulefone Futureulefone Youtube Followerulefone Twitter Followerulefone FB FollowerGiveaway Participantsulefone Fan from ChinaHappy Halloween1K Forum Members

Post time 2016-11-23 11:13:12 | Show all posts
We have confirm with Adups, they reply just some BLU models have this problem. Please don't worry, we will follow this thing, keep our OTA service is clean. We are small brand, but we never agree anyone upload or get the user data from our phones.

2

Threads

21

Posts

72

Credits

Member

Rank: 2

Credits
72

Thanksgiving Day1K Forum Membersulefone Power

Post time 2016-11-27 02:41:56 | Show all posts
Miles replied at 2016-11-23 11:13
We have confirm with Adups, they reply just some BLU models have this problem. Please don't worry, w ...

Miles, I have log files which say differently so we know not to trust you.

1

Threads

42

Posts

402

Credits

Intermediate Member

Rank: 3Rank: 3

Credits
402

Thanksgiving DayHappy Halloween

Post time 2016-11-27 18:10:04 From the mobile phone | Show all posts
Edited by timar at 2016-11-27 18:21

@Miles: Not true! Stop lying to your customers, or Ulefone's reputation will be damaged beyond repair. My analysis of the network connections established by the Ulefone Power clearly shows this phone to be affected, and this is confirmed by AndyGB's analysis. Btw. there is a pattern to this denialism by Ulefone - Miles' first reaction to the "Search Service" malware has been exactly the same. They only acknowledged the problem after people continued to complain and posting undeniable evidence of the malware for weeks!

0

Threads

53

Posts

1599

Credits

Gold Member

Rank: 6Rank: 6

Credits
1599

Thanksgiving DayHappy Halloweenulefone MetalGiveaway Participantsulefone Fan from RussiaUpdate Beta team1K Forum Members

Post time 2016-11-27 19:09:59 | Show all posts
You have to log in before you can reply Login | Register

Points Rules

Quick Reply To Top Return to the list