Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint //

Privacy

Spyware Found On Chinese-Made Smartphone

Unknown manufacturer ships smartphones loaded with app that could allow a hacker to steal personal data or spy on the user, German researcher says.

A smartphone called the Star N9500 comes pre-loaded with spyware that could enable an attacker to steal personal data, place rogue phone calls, or turn on the user's camera and microphone remotely, according to researchers in Germany.

In a report published Tuesday, researchers at German security firm G Data Software told the Associated Press that they have discovered the spyware deep in the proprietary software of the N9500, which can be purchased on the Internet. G Data spokesman Thorsten Urbanski told AP that his team spent a week trying to discover the manufacturer of the device without success, but that it is made in China -- and stolen data collected by the spyware is sent to a server in China.

The AP also researched the phone and found it for sale on several major retail websites and offered by several companies based in Shenzen, China. The AP was also unable to discover the device's manufacturer.

"The manufacturer is not mentioned," Urbanski told AP. "Not in the phone, not in the documentation, nothing else."

EBay Wednesday began blocking the sale of the Star N9500, according to a report by the BBC. The device is still available on Amazon, the BBC said.

 

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Randy Naramore
50%
50%
Randy Naramore,
User Rank: Ninja
6/20/2014 | 11:22:32 AM
Re: In the words of Captain Renault ...
I'm with you, no one should be shocked by this news.
securityaffairs
50%
50%
securityaffairs,
User Rank: Ninja
6/20/2014 | 6:52:32 AM
Re: An Act of Cyber Terrorism?
Unfortunately there are many other similar cases, and motivation behind the incidents are different, from commercial intents to cyber espionage.

In April the Chinese TV station, CCTV, reported some cases where the Android Smartphones were compromised by pre-installed malware before selling them on to unwitting customers. The Smartphone supply chain was compromised by a pre-installed malware called DataService.

The real problem is that majority of mobile users still ignores principal cuber threats to their devices and doesn't use any defensive solution ... be aware cybercrime know this and in the next months will exploit mobile platforms even more, also compromising supply chain.

http://securityaffairs.co/wordpress/25829/malware/android-pre-installed-malware.html

http://securityaffairs.co/wordpress/23591/malware/pre-installed-malware-on-android.html
RetiredUser
50%
50%
RetiredUser,
User Rank: Ninja
6/19/2014 | 6:45:44 PM
An Act of Cyber Terrorism?
It's an interesting case because the product is complete from top to bottom, suggesting either the manufacturer knew about the malware, or their development team/contractor/sub-contractor is responsible.  I seem to remember a couple similar cases out of China and Russia regarding fully manufactured products containing spyware, and it begs the question whether this is actually a case of terrorism.  It would be a solid model, selling electronic devices primed for spying out into the American marketplace and then determining which devices will bring the most value based upon owner and placement.  I don't think cases like this should be taken lightly and a full investigation should be done, resulting in the culprits getting shut down.
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
6/19/2014 | 6:12:00 PM
Re: In the words of Captain Renault ...
Yeah, no big shocker here, @Lorna. This isn't the first case, nor will it be the last. 
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Ninja
6/19/2014 | 10:13:50 AM
In the words of Captain Renault ...
I'm shocked, shocked to find that spyware is going on in here [said no one ever]

News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-20020
PUBLISHED: 2021-04-10
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
CVE-2021-30480
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
CVE-2021-21194
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21195
PUBLISHED: 2021-04-09
Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21196
PUBLISHED: 2021-04-09
Heap buffer overflow in TabStrip in Google Chrome on Windows prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.