Endpoint // Privacy
6/19/2014
08:20 AM
Tim Wilson
Tim Wilson
Quick Hits
Connect Directly
RSS
E-Mail
50%
50%

Spyware Found On Chinese-Made Smartphone

Unknown manufacturer ships smartphones loaded with app that could allow a hacker to steal personal data or spy on the user, German researcher says.

A smartphone called the Star N9500 comes pre-loaded with spyware that could enable an attacker to steal personal data, place rogue phone calls, or turn on the user's camera and microphone remotely, according to researchers in Germany.

In a report published Tuesday, researchers at German security firm G Data Software told the Associated Press that they have discovered the spyware deep in the proprietary software of the N9500, which can be purchased on the Internet. G Data spokesman Thorsten Urbanski told AP that his team spent a week trying to discover the manufacturer of the device without success, but that it is made in China -- and stolen data collected by the spyware is sent to a server in China.

The AP also researched the phone and found it for sale on several major retail websites and offered by several companies based in Shenzen, China. The AP was also unable to discover the device's manufacturer.

"The manufacturer is not mentioned," Urbanski told AP. "Not in the phone, not in the documentation, nothing else."

EBay Wednesday began blocking the sale of the Star N9500, according to a report by the BBC. The device is still available on Amazon, the BBC said.

 

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Randy Naramore
50%
50%
Randy Naramore,
User Rank: Ninja
6/20/2014 | 11:22:32 AM
Re: In the words of Captain Renault ...
I'm with you, no one should be shocked by this news.
securityaffairs
50%
50%
securityaffairs,
User Rank: Ninja
6/20/2014 | 6:52:32 AM
Re: An Act of Cyber Terrorism?
Unfortunately there are many other similar cases, and motivation behind the incidents are different, from commercial intents to cyber espionage.

In April the Chinese TV station, CCTV, reported some cases where the Android Smartphones were compromised by pre-installed malware before selling them on to unwitting customers. The Smartphone supply chain was compromised by a pre-installed malware called DataService.

The real problem is that majority of mobile users still ignores principal cuber threats to their devices and doesn't use any defensive solution ... be aware cybercrime know this and in the next months will exploit mobile platforms even more, also compromising supply chain.

http://securityaffairs.co/wordpress/25829/malware/android-pre-installed-malware.html

http://securityaffairs.co/wordpress/23591/malware/pre-installed-malware-on-android.html
Christian Bryant
50%
50%
Christian Bryant,
User Rank: Ninja
6/19/2014 | 6:45:44 PM
An Act of Cyber Terrorism?
It's an interesting case because the product is complete from top to bottom, suggesting either the manufacturer knew about the malware, or their development team/contractor/sub-contractor is responsible.  I seem to remember a couple similar cases out of China and Russia regarding fully manufactured products containing spyware, and it begs the question whether this is actually a case of terrorism.  It would be a solid model, selling electronic devices primed for spying out into the American marketplace and then determining which devices will bring the most value based upon owner and placement.  I don't think cases like this should be taken lightly and a full investigation should be done, resulting in the culprits getting shut down.
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
6/19/2014 | 6:12:00 PM
Re: In the words of Captain Renault ...
Yeah, no big shocker here, @Lorna. This isn't the first case, nor will it be the last. 
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Ninja
6/19/2014 | 10:13:50 AM
In the words of Captain Renault ...
I'm shocked, shocked to find that spyware is going on in here [said no one ever]

Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0972
Published: 2014-08-01
The kgsl graphics driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly prevent write access to IOMMU context registers, which allows local users to select a custom page table, and consequently write ...

CVE-2014-2627
Published: 2014-08-01
Unspecified vulnerability in HP NonStop NetBatch G06.14 through G06.32.01, H06 through H06.28, and J06 through J06.17.01 allows remote authenticated users to gain privileges for NetBatch job execution via unknown vectors.

CVE-2014-3009
Published: 2014-08-01
The GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.0 through 11.0 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 does not properly handle FRAME elements, which makes it easier for remote authenticated users to conduct ph...

CVE-2014-3302
Published: 2014-08-01
user.php in Cisco WebEx Meetings Server 1.5(.1.131) and earlier does not properly implement the token timer for authenticated encryption, which allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCuj81708.

CVE-2014-3534
Published: 2014-08-01
arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACE_POKEUSR_AREA requests, which allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a c...

Best of the Web
Dark Reading Radio