We always suspected this, but seems like now there is documentary evidence that a large number of Chinese ‘smart’ phones are stealing your private data, and sending it to Chinese servers where their masters mine it for intelligence. While some of us might not even care about it, this is a rather shocking revelation and poses serious questions about the extent of espionage employed by the Chinese establishment.
Just to give you a perspective on how deep this rabbit-hole runs, they know whom you called, at what time, the contents of your text messages, your location history, and much, much more. Much, much more than what you could probably have ever imagined.
A report on NYT has brought to light these shocking facts. Apparently, a researcher from Kryptowire, which is a Homeland Security contractor, found out that the data from his phone was being sent out without his permission. He bought a cheap Chinese phone, the BLU R1 HD to be exact, during one of his overseas trips. While going through the phone’s setup process, he realized that the device was transmitting text messages to a server in Shanghai, while being registered to a company called Adups.
Kryptowire decided to investigate this mysterious device behaviour and the findings were explosive to say the least. The American firm then took its findings to the US government, and finally made them public this Tuesday.
The malicious ‘Trojan horse’ like code on the phone was written by a Chinese firm namely Shanghai Adups Technology Company. By the firm’s own admission, the code runs on more than 700 million devices (that’s almost the entire smatphone market of India, and then some). These devices include not just smartphones, but also gadgets used on cars and other smart hardware applications.
The software from the Chinese firm was actively transmitting the full contents of text messages, contact lists, call logs, location information and other data to a Chinese server. None of this activity was mentioned in the user agreement for the firmware, which clearly means that the transmission was happening without the user’s permission.
The smartphone manufacturer BLU, whose phones were first found with the malware, asserts that 120,000 of its phones had been affected, and that all of them have been updated with a security patch to rid them of the bug.
But BLU isn’t the only maker using the Adups code. Manufacturers of global repute and dominant smartphone forces such as Huawei and ZTE also employ the same company for their respective codes.
Adups, on its part says that it doesn’t have any role to play in the data theft, as it just created software as per the requirement of a smartphone maker. How exactly the software was employed and what the user agreement read was not their business. Adups actually provided a document to BLU executives, explaining that the software they made was meant for Chinese application and not intended for American phones.
Samuel Ohev-Zion, the chief executive of BLU Products, said: “It was obviously something that we were not aware of. We moved very quickly to correct it.” He also added that Adups had assured him that “all of the information taken from BLU customers had been destroyed.
But all the technicalities apart, the question that all of us should be asking ourselves is – can I check whether my phone has been affected by this violation? Well, Adups has not provided a list of affected phones, so it cannot be clearly determined as of now if a user’s phone is affected.
In an official statement on its website, Adups said
“ADUPS has been working to further improve the privacy protections in its products. ADUPS sincerely apologizes to its partners and users. We will enhance process management and work to improve transparency, and deliver high-quality products and best service to provide the best possible data security for all our customers.”
We are keeping a close eye on the developments that follow on this episode, and will keep you posted with all the updates. Stay tuned.
Source NYT
