A Security Firm KryptoWire has recently uncovered a firmware backdoor installed in Android Mobile Devices, these models were low-cost Android Mobile Devices. It was also included in the popular smartphone BLU R1 HD. These models were sold online through major US-based online retailers like Amazon, BestBuy etc.
What did the firmware backdoor do?
This firmware could collect sensitive personal data of a user and transmit this sensitive data to third-party servers without disclosure or the users’ consent. These devices could actively transmit all of the user’s personal data including device information, full-body of text messages, call history with full telephone numbers, contact lists, unique device identifiers including the International Mobile Equipment Identity (IMEI) and the International Mobile Subscriber Identity (IMSI).
What more it’s capable of doing?
The firmware is capable of bypassing the Android permission model and executed remote commands with escalated (system) privileges and it goes without saying that it is able to remotely reprogram the devices. The firmware also collected and transmitted information about applications installed on the monitored device and their usage data. The firmware could snipe specific users and text messages remotely by matching defined keywords.
Go to Next Page…