Endpoint // Privacy
6/19/2014
08:20 AM
Tim Wilson
Tim Wilson
Quick Hits
50%
50%

Spyware Found On Chinese-Made Smartphone

Unknown manufacturer ships smartphones loaded with app that could allow a hacker to steal personal data or spy on the user, German researcher says.

A smartphone called the Star N9500 comes pre-loaded with spyware that could enable an attacker to steal personal data, place rogue phone calls, or turn on the user's camera and microphone remotely, according to researchers in Germany.

In a report published Tuesday, researchers at German security firm G Data Software told the Associated Press that they have discovered the spyware deep in the proprietary software of the N9500, which can be purchased on the Internet. G Data spokesman Thorsten Urbanski told AP that his team spent a week trying to discover the manufacturer of the device without success, but that it is made in China -- and stolen data collected by the spyware is sent to a server in China.

The AP also researched the phone and found it for sale on several major retail websites and offered by several companies based in Shenzen, China. The AP was also unable to discover the device's manufacturer.

"The manufacturer is not mentioned," Urbanski told AP. "Not in the phone, not in the documentation, nothing else."

EBay Wednesday began blocking the sale of the Star N9500, according to a report by the BBC. The device is still available on Amazon, the BBC said.

 

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Randy Naramore
50%
50%
Randy Naramore,
User Rank: Ninja
6/20/2014 | 11:22:32 AM
Re: In the words of Captain Renault ...
I'm with you, no one should be shocked by this news.
securityaffairs
50%
50%
securityaffairs,
User Rank: Ninja
6/20/2014 | 6:52:32 AM
Re: An Act of Cyber Terrorism?
Unfortunately there are many other similar cases, and motivation behind the incidents are different, from commercial intents to cyber espionage.

In April the Chinese TV station, CCTV, reported some cases where the Android Smartphones were compromised by pre-installed malware before selling them on to unwitting customers. The Smartphone supply chain was compromised by a pre-installed malware called DataService.

The real problem is that majority of mobile users still ignores principal cuber threats to their devices and doesn't use any defensive solution ... be aware cybercrime know this and in the next months will exploit mobile platforms even more, also compromising supply chain.

http://securityaffairs.co/wordpress/25829/malware/android-pre-installed-malware.html

http://securityaffairs.co/wordpress/23591/malware/pre-installed-malware-on-android.html
Christian Bryant
50%
50%
Christian Bryant,
User Rank: Ninja
6/19/2014 | 6:45:44 PM
An Act of Cyber Terrorism?
It's an interesting case because the product is complete from top to bottom, suggesting either the manufacturer knew about the malware, or their development team/contractor/sub-contractor is responsible.  I seem to remember a couple similar cases out of China and Russia regarding fully manufactured products containing spyware, and it begs the question whether this is actually a case of terrorism.  It would be a solid model, selling electronic devices primed for spying out into the American marketplace and then determining which devices will bring the most value based upon owner and placement.  I don't think cases like this should be taken lightly and a full investigation should be done, resulting in the culprits getting shut down.
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
6/19/2014 | 6:12:00 PM
Re: In the words of Captain Renault ...
Yeah, no big shocker here, @Lorna. This isn't the first case, nor will it be the last. 
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Ninja
6/19/2014 | 10:13:50 AM
In the words of Captain Renault ...
I'm shocked, shocked to find that spyware is going on in here [said no one ever]

Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8142
Published: 2014-12-20
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys w...

CVE-2013-4440
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack.

CVE-2013-4442
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers.

CVE-2013-7401
Published: 2014-12-19
The parse_request function in request.c in c-icap 0.2.x allows remote attackers to cause a denial of service (crash) via a URI without a " " or "?" character in an ICAP request, as demonstrated by use of the OPTIONS method.

CVE-2014-2026
Published: 2014-12-19
Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to inject arbitrary web script or HTML via the request parameter.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.