Wednesday, June 18, 2014

Do You Really Want a Phone With Malware On It?

Co-authored by Dr. Stephen Bryen, Chairman & CTO, ZIklag Systems

Amazon is selling a cheap but capable smartphone called the Generic Star NS9500. For $159.99 plus free shipping you might think it is a bargain. Think again.

2014-06-18-photo.JPG



The NS9500 has many attractive features. It has a big, five-inch screen and offers super HD type resolution. It has a quad-core 1.2ghz Cortex A7 processor, a full 1GB of random access memory, and the latest Android 4.2 Operating System. It supports WIFI and 3G and only lacks 4G. It has two cameras and it can take an external memory card up to 32GB. It also supports two SIM cards, so if you want to have a U.S. card and one from another country installed you can do that.

But some of the phone's buyers have come up with questions -- and these should create an awareness that bigger problems may be lurking.

One owner, named Cevyn L. Miles-monaghan, who describes herself as a "modern-day hippie" is actually a brilliant analyst. She spotted something that would soon lead to an unraveling of serious proportions.

Writing a top review of the product on Amazon, Cevyn reports "I'm going to detail how I discovered which system apps [on the NS9500] were the culprit so that you can follow a similar procedure on your Chinese Android device. The symptoms are Chinese language spam notifications that when touched will immediately begin downloading some other app, most often a game or Chinese social networking/dating app. Other times, Chinese apps would just randomly install, or links to other Chinese sites would appear on the home screen. The problem is that there is no obvious app to uninstall to stop this from happening, AdAway doesn't prevent it, and none of the ad network / push detectors or blockers available in the Play Store found anything wrong. "These apps are buried in the phone's firmware, and this must be solved with detective work," Cevyn notes.

She goes on to point out that it took her considerable effort, "rooting" the phone (being able to act as a superuser and change stuff the manufacturer put there which you normally cannot alter), and renaming a number of files and other changes.

Her fix got rid of some of the adware and other Chinese-related web sites that were constantly appearing on her phone. But was this effort good enough?

A German company called G Data is looking at the same model phone, presumably the European version. The company's product manager for Mobile Solutions, Christian Geschkat, reported on June 16th in his blog that he found something more: a Trojan, burned into the phone's firmware memory. This Trojan masquerades to look like the Google Play Store. Actually it is spy ware capable of retrieving your personal data from the phone, intercepting phone calls and even controlling the phone's cameras and microphones. "The spyware runs in the background and cannot be detected by users. Unbeknownst to the user, the smartphone sends personal data to a server located in China and is able to covertly install additional applications," reports the G Data Security Blog.

G Data goes on to report that users cannot remove the Trojan on the NS9500.

There is little reason for a Chinese company to put this kind of spyware on a smartphone on its own. What would they get? A lot of personal information that would be of little or no use. But a government, or government organization, could get quite a lot. They would automatically be able to intercept any call that interests them, follow anyone who had the phone, find out a lot about their friends, family, relationships, business activities, political attitudes. In fact, burying a Trojan in a phone that has a lot of other seemingly harmless adware and garbage on it is a pretty smart move.

Most smartphones -- Android, iPhone, Windows phones, are made in China. How many of them have Trojans lurking inside?

G Data says this is the first time they found one, but how hard have they looked? If you are worried about privacy, worry some more. Your phone may have (really) badware on it, and you likely won't know it.

No comments:

Post a Comment