Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint //

Privacy

Spyware Found On Chinese-Made Smartphone

Unknown manufacturer ships smartphones loaded with app that could allow a hacker to steal personal data or spy on the user, German researcher says.

A smartphone called the Star N9500 comes pre-loaded with spyware that could enable an attacker to steal personal data, place rogue phone calls, or turn on the user's camera and microphone remotely, according to researchers in Germany.

In a report published Tuesday, researchers at German security firm G Data Software told the Associated Press that they have discovered the spyware deep in the proprietary software of the N9500, which can be purchased on the Internet. G Data spokesman Thorsten Urbanski told AP that his team spent a week trying to discover the manufacturer of the device without success, but that it is made in China -- and stolen data collected by the spyware is sent to a server in China.

The AP also researched the phone and found it for sale on several major retail websites and offered by several companies based in Shenzen, China. The AP was also unable to discover the device's manufacturer.

"The manufacturer is not mentioned," Urbanski told AP. "Not in the phone, not in the documentation, nothing else."

EBay Wednesday began blocking the sale of the Star N9500, according to a report by the BBC. The device is still available on Amazon, the BBC said.

 

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Randy Naramore
50%
50%
Randy Naramore,
User Rank: Ninja
6/20/2014 | 11:22:32 AM
Re: In the words of Captain Renault ...
I'm with you, no one should be shocked by this news.
securityaffairs
50%
50%
securityaffairs,
User Rank: Ninja
6/20/2014 | 6:52:32 AM
Re: An Act of Cyber Terrorism?
Unfortunately there are many other similar cases, and motivation behind the incidents are different, from commercial intents to cyber espionage.

In April the Chinese TV station, CCTV, reported some cases where the Android Smartphones were compromised by pre-installed malware before selling them on to unwitting customers. The Smartphone supply chain was compromised by a pre-installed malware called DataService.

The real problem is that majority of mobile users still ignores principal cuber threats to their devices and doesn't use any defensive solution ... be aware cybercrime know this and in the next months will exploit mobile platforms even more, also compromising supply chain.

http://securityaffairs.co/wordpress/25829/malware/android-pre-installed-malware.html

http://securityaffairs.co/wordpress/23591/malware/pre-installed-malware-on-android.html
RetiredUser
50%
50%
RetiredUser,
User Rank: Ninja
6/19/2014 | 6:45:44 PM
An Act of Cyber Terrorism?
It's an interesting case because the product is complete from top to bottom, suggesting either the manufacturer knew about the malware, or their development team/contractor/sub-contractor is responsible.  I seem to remember a couple similar cases out of China and Russia regarding fully manufactured products containing spyware, and it begs the question whether this is actually a case of terrorism.  It would be a solid model, selling electronic devices primed for spying out into the American marketplace and then determining which devices will bring the most value based upon owner and placement.  I don't think cases like this should be taken lightly and a full investigation should be done, resulting in the culprits getting shut down.
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
6/19/2014 | 6:12:00 PM
Re: In the words of Captain Renault ...
Yeah, no big shocker here, @Lorna. This isn't the first case, nor will it be the last. 
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Ninja
6/19/2014 | 10:13:50 AM
In the words of Captain Renault ...
I'm shocked, shocked to find that spyware is going on in here [said no one ever]

Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
Unreasonable Security Best Practices vs. Good Risk Management
Jack Freund, Director, Risk Science at RiskLens,  11/13/2019
Breaches Are Inevitable, So Embrace the Chaos
Ariel Zeitlin, Chief Technology Officer & Co-Founder, Guardicore,  11/13/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-2916
PUBLISHED: 2019-11-15
qtnx 0.9 stores non-custom SSH keys in a world-readable configuration file. If a user has a world-readable or world-executable home directory, another local system user could obtain the private key used to connect to remote NX sessions.
CVE-2019-12757
PUBLISHED: 2019-11-15
Symantec Endpoint Protection (SEP), prior to 14.2 RU2 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to 12.1 RU6 MP10d (12.1.7510.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt t...
CVE-2019-12758
PUBLISHED: 2019-11-15
Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to an unsigned code execution vulnerability, which may allow an individual to execute code without a resident proper digital signature.
CVE-2019-12759
PUBLISHED: 2019-11-15
Symantec Endpoint Protection Manager (SEPM) and Symantec Mail Security for MS Exchange (SMSMSE), prior to versions 14.2 RU2 and 7.5.x respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software applicat...
CVE-2019-18372
PUBLISHED: 2019-11-15
Symantec Endpoint Protection, prior to 14.2 RU2, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.