Please select To the mobile version | Continue to access the desktop computer version

ulefone Official Forum

Search
Author: AndyGB

[Discussion] Ulefone's Power comes with malware installed [Ulefone official has replied]

[Copy link]

1

Threads

42

Posts

358

Credits

Intermediate Member

Rank: 3Rank: 3

Credits
358

Thanksgiving DayHappy Halloween

Post time 2016-11-23 00:06:39 | Show all posts
Edited by timar at 2016-11-23 00:16
Killerwal replied at 2016-11-22 16:29
Here is a link to a german news about rootkit found on many chinese phones.

http://www.heise.de/new ...

No. "Only" by the much more malicious Adups trojan:

https://www.heise.de/security/meldung/Adups-China-Billighandys-spionieren-ihre-Nutzer-ab-Werk-aus-3486446.html

See this topic for instructions how to either remove the infected wireless update app on a rooted phone, or to temporarily disable it. I have choosen the latter option, to be able to use the wireless updater when Ulefone finally releases the promised OTA update. I will remove it immedeately thereafter.

2

Threads

21

Posts

72

Credits

Member

Rank: 2

Credits
72

Thanksgiving Day1K Forum Membersulefone Power

 Author| Post time 2016-11-23 02:43:46 | Show all posts
Killerwal replied at 2016-11-22 16:29
Here is a link to a german news about rootkit found on many chinese phones.

http://www.heise.de/new ...

Ulefone are knowingly installing malware on the phones yes!

1

Threads

42

Posts

358

Credits

Intermediate Member

Rank: 3Rank: 3

Credits
358

Thanksgiving DayHappy Halloween

Post time 2016-11-23 02:48:42 | Show all posts
AndyGB replied at 2016-11-23 02:43
Ulefone are knowingly installing malware on the phones yes!

But not the one the article is about...

@Miles: It has been two weeks now since you aked for testers for the firmware update. Will the firmware update ever come? My patience is really gone by now!

2

Threads

21

Posts

72

Credits

Member

Rank: 2

Credits
72

Thanksgiving Day1K Forum Membersulefone Power

 Author| Post time 2016-11-23 02:54:39 | Show all posts
Due to the lack of response from from Ulefone, I have been in contact with several major stores which sell Ulefone handsets (including Amazon) to inform them they are infected with malware and selling them in the EU is illegal. Unless Ulefone issue an update VERY SOON, the sale of Ulefone handsets are going to be banned

34

Threads

126

Posts

2096

Credits

Administrator

Rank: 9Rank: 9Rank: 9

Credits
2096

ulefone TeamManagement Teamulefone Be Touch 2ulefone Be Touch 3ulefone U007ulefone Parisulefone Powerulefone Viennaulefone Metalulefone Futureulefone Youtube Followerulefone Twitter Followerulefone FB FollowerGiveaway Participantsulefone Fan from ChinaHappy Halloween1K Forum Members

Post time 2016-11-23 10:46:21 | Show all posts
Some people talk about Adups malware, first we never know something about Adups malware, and we never have agree they upload user data. We already confirm with Adups, they said just BLU some model have this problem, not in our models.

We never know, we never agree.

We are small brand, user data for us is nothing, i mean We can't benefit from this. We just want make smartphones, that's all.

BTW, new update for ulefone Power have some bugs of the Fingerprint lock, so please give us some times. I already get  some IMEI number, when we finished, i will send this tester test first.

Thanks, all

2

Threads

21

Posts

72

Credits

Member

Rank: 2

Credits
72

Thanksgiving Day1K Forum Membersulefone Power

 Author| Post time 2016-11-25 05:14:24 | Show all posts

Speak

Edited by AndyGB at 2016-11-25 05:51

So this is what AdsUp does....

Collect and Send SMS texts to AdUps' server every 72 hours.
Collect and Send call logs to AdUps' server every 72 hours.
Collect and Send user personally identifiable information (PII) to AdUps' server every 24 hours.
Collect and Send the smartphone's IMSI and IMEI identifiers.
Collect and Send geolocation information.
Collect and Send a list of apps installed on the user's device.
Download and Install apps without the user's consent or knowledge.
Update or Remove apps.
Update the phone's firmware and Re-program the device.
Execute remote commands with elevated privileges on the user's device.


It comes part of your ROMs so either remove it, or accept you are going to get a very bad reputation form it. Ulefone have already been caught out shipping the stock rom with EWind malware, and now AdsUp. Like you said your a small brand, and having malware in your rom will make you an even smaller brand.
Speaking of which, where can I download the latest Power Rom.... The one where you said you had removed the EWind trojan? The download on your website still has it so clearly it isn't that important to you :/

1

Threads

26

Posts

143

Credits

Member

Rank: 2

Credits
143

Thanksgiving Day

Post time 2016-11-25 20:12:41 | Show all posts
AndyGB replied at 2016-11-25 05:14
So this is what AdsUp does....

Collect and Send SMS texts to AdUps' server every 72 hours.

The things you listed here. Do they belong to the callerIDSearch.apk
that is found by antivirus apps or is there an other app doing that? Do you have a link to more information concerning that?

2

Threads

21

Posts

72

Credits

Member

Rank: 2

Credits
72

Thanksgiving Day1K Forum Membersulefone Power

 Author| Post time 2016-11-25 23:28:45 | Show all posts
The list relates to AdsUp which is the software which provides Over-The-Air firmware updates.

So either...
1. Ulefone are benefiting from installing malware, maybe they get paid to do it?
2. Ulefone are forced by the state to install spying malware (most likely since a lot of Chinese phones come with malware)
3. Ulefone have absolutely no clue what they are doing, and / or have dodgy members of staff acting maliciously.

Draw you own conclusions but they are getting a bad reputation now since awareness is sweeping across social media.

The only way Ulefone can fix this is by issuing firmware for every handset, which does NOT contain their EWind or AdsUp malware. I have actually noticed it's starting to hit the newspapers here, people are advised again Chinese phones for this reason.

5

Threads

30

Posts

131

Credits

Member

Rank: 2

Credits
131

Thanksgiving DayHappy Halloween

Post time 2016-11-26 01:43:15 | Show all posts
Hey guys. If you've taken a look at my post, I have recieved the new update. I have not found any malware yet.

You can check it out at:
http://forum.ulefone.com/thread-659-1-1.html

2

Threads

21

Posts

72

Credits

Member

Rank: 2

Credits
72

Thanksgiving Day1K Forum Membersulefone Power

 Author| Post time 2016-11-26 08:07:02 | Show all posts
Edited by AndyGB at 2016-11-26 08:12

The fact that you said you "received the new firmware" would suggest you have AdsUp FOTA installed on your phone, so no it's not clean.

Scanning your phone with an antivirus application does NOT conclude the firmware is safe.  An Android rootkit would essentially hide malicious application from such anti-malware applications. You can only say the firmware is safe when you extract and decompile it. The fact your anti virus screenshot only shows 176 apps and 173 files scanned proves this. Your Android file system have tens of thousands of files!

If Ulefone have nothing to hide, they would release the firmware for download here for everyone to see.

You have to log in before you can reply Login | Register

Points Rules

Quick Reply To Top Return to the list