Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint //

Privacy

Spyware Found On Chinese-Made Smartphone

Unknown manufacturer ships smartphones loaded with app that could allow a hacker to steal personal data or spy on the user, German researcher says.

A smartphone called the Star N9500 comes pre-loaded with spyware that could enable an attacker to steal personal data, place rogue phone calls, or turn on the user's camera and microphone remotely, according to researchers in Germany.

In a report published Tuesday, researchers at German security firm G Data Software told the Associated Press that they have discovered the spyware deep in the proprietary software of the N9500, which can be purchased on the Internet. G Data spokesman Thorsten Urbanski told AP that his team spent a week trying to discover the manufacturer of the device without success, but that it is made in China -- and stolen data collected by the spyware is sent to a server in China.

The AP also researched the phone and found it for sale on several major retail websites and offered by several companies based in Shenzen, China. The AP was also unable to discover the device's manufacturer.

"The manufacturer is not mentioned," Urbanski told AP. "Not in the phone, not in the documentation, nothing else."

EBay Wednesday began blocking the sale of the Star N9500, according to a report by the BBC. The device is still available on Amazon, the BBC said.

 

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Randy Naramore
50%
50%
Randy Naramore,
User Rank: Ninja
6/20/2014 | 11:22:32 AM
Re: In the words of Captain Renault ...
I'm with you, no one should be shocked by this news.
securityaffairs
50%
50%
securityaffairs,
User Rank: Ninja
6/20/2014 | 6:52:32 AM
Re: An Act of Cyber Terrorism?
Unfortunately there are many other similar cases, and motivation behind the incidents are different, from commercial intents to cyber espionage.

In April the Chinese TV station, CCTV, reported some cases where the Android Smartphones were compromised by pre-installed malware before selling them on to unwitting customers. The Smartphone supply chain was compromised by a pre-installed malware called DataService.

The real problem is that majority of mobile users still ignores principal cuber threats to their devices and doesn't use any defensive solution ... be aware cybercrime know this and in the next months will exploit mobile platforms even more, also compromising supply chain.

http://securityaffairs.co/wordpress/25829/malware/android-pre-installed-malware.html

http://securityaffairs.co/wordpress/23591/malware/pre-installed-malware-on-android.html
RetiredUser
50%
50%
RetiredUser,
User Rank: Ninja
6/19/2014 | 6:45:44 PM
An Act of Cyber Terrorism?
It's an interesting case because the product is complete from top to bottom, suggesting either the manufacturer knew about the malware, or their development team/contractor/sub-contractor is responsible.  I seem to remember a couple similar cases out of China and Russia regarding fully manufactured products containing spyware, and it begs the question whether this is actually a case of terrorism.  It would be a solid model, selling electronic devices primed for spying out into the American marketplace and then determining which devices will bring the most value based upon owner and placement.  I don't think cases like this should be taken lightly and a full investigation should be done, resulting in the culprits getting shut down.
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
6/19/2014 | 6:12:00 PM
Re: In the words of Captain Renault ...
Yeah, no big shocker here, @Lorna. This isn't the first case, nor will it be the last. 
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Ninja
6/19/2014 | 10:13:50 AM
In the words of Captain Renault ...
I'm shocked, shocked to find that spyware is going on in here [said no one ever]

Overcoming the Challenge of Shorter Certificate Lifespans
Mike Cooper, Founder & CEO of Revocent,  10/15/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27605
PUBLISHED: 2020-10-21
BigBlueButton through 2.2.8 uses Ghostscript for processing of uploaded EPS documents, and consequently may be subject to attacks related to a "schwache Sandbox."
CVE-2020-27606
PUBLISHED: 2020-10-21
BigBlueButton before 2.2.8 (or earlier) does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
CVE-2020-27607
PUBLISHED: 2020-10-21
In BigBlueButton before 2.2.8 (or earlier), the client-side Mute button only signifies that the server should stop accepting audio data from the client. It does not directly configure the client to stop sending audio data to the server, and thus a modified server could store the audio data and/or tr...
CVE-2020-27608
PUBLISHED: 2020-10-21
In BigBlueButton before 2.2.8 (or earlier), uploaded presentations are sent to clients without a Content-Type header, which allows XSS, as demonstrated by a .png file extension for an HTML document.
CVE-2020-27609
PUBLISHED: 2020-10-21
BigBlueButton through 2.2.8 records a video meeting despite the deactivation of video recording in the user interface. This may result in data storage beyond what is authorized for a specific meeting topic or participant.