Results 1 to 3 of 3

Thread: BLU Secret backdoor discovered

  1. Header
  2. Header-68

BLiNC Magazine, always served unfiltered
  1. #1

    BLU Secret backdoor discovered

    Secret backdoor discovered on budget Blu smartphones sent personal data to servers in China

    5 days ago
    Anmol Sachdeva

    Latest News

    Budget Android smartphones from the likes of Chinese manufacturer, Blu, might be an affordable proposition but they’re hugely lacking on the privacy front. As has been uncovered by Security firm Kryptowire, several models of these low-cost Android smartphones, sold even in the U.S, had a backdoor in the firmware installed on them.
    Privacy is of grave importance to all users in today’s internet age but this backdoor enabled the company to collect sensitive personal data and transmit it to third-party servers in China. And as one expects, the users were completely aloof to the situation and data including text messages, call logs, contacts, app usage data, IMEI number and even their location were being transmitted by their smartphones.

    The security firm detected the presence of this firmware along with the backdoor on several Blu smartphones, including the BLU R1 HD. This is one of the most popular sub-50 dollar smartphone which is available for purchase through major US-based online retailers such as Amazon or Best Buy.
    The firmware on these budget Android offerings could also target specific users and text messages matching remotely defined keywords, reports Kryptowire. But that’s not all. Since the phones under question were connected to a third-party server, therefore they were easy targets for remote code executions with escalated privileges. This means that a person with access to your collected data could bypass your Android privileges and remotely install any specific app or reprogram the device.
    The firmware that shipped with the mobile devices and subsequent updates allowed for the remote installation of applications without the users’ consent and, in some versions of the software, the transmission of fine-grained device location information,
    details Kryptowire in its official findings.
    But the biggest question is — who planted this backdoor in these budget Android smartphones? Well, the security firm traced the personal data transmissions to its source and discovered that monitoring activities were being conducted using the commercial Firmware Over The Air (FOTA) update software system. In Blu’s case, the updates are delivered by a company named Shanghai Adups Technology Co. Ltd and the data collected was encrypted and then transmitted over secure web protocols to a server located in Shanghai.
    Adups is recognized as one of the prominent FOTA support providers and boasts of having an active user base of 700 million and a market share of over 70 percent across 150 countries. The company is said to produce firmware programs integrated with devices of more than 400 technology giants, including the likes of Huawei and ZTE. This firmware which was packed in Blu
    This firmware which was packed in Blu smartphones affected more than 120,000 smartphones in the States. Commenting on the issue, Samuel Ohev-Zion, the chief executive of BLU Products, said,
    It was obviously something that we were not aware of. We moved very quickly to correct it.
    But, in conversation with New York Times, a lawyer representing Adups claims that the said backdoor wasn’t a bug and the company has baked the same into the firmware intentionally. This surveillance feature was built at the request of an unidentified Chinese client who wanted to use it to monitor user behavior, store call logs, and messages. He further adds that the feature was specifically intended for the Chinese markets and wasn’t supposed to be released in American markets.
    The Adups lawyer has also mentioned that the company has already taken necessary action. It claims to have deleted all personal data and info collected from Blu users in the States. This incident will definitely blotch user trust and reputation of the Chinese smartphone makers who’re using update services from the said solution provider. We’ll need to wait and see how other manufacturers act and take preventive steps to protect user privacy.

    Anmol Sachdeva
    A hands-on guy fascinated by new apps, technologies and enterprise

  2. #2

    UK Has Passed Online Surveillance Law

    UK Has Passed Online Surveillance Law
    Added: Saturday, November 19th, 2016

    The new legislation forces UK ISPs to store browsing histories, including domains visited, for at least 12cmonths and provide them to the police in case of investigations. The so-called "snoopers' charter" was introduced by then home secretary Theresa May 4 years ago, and has twice tried to become a law following breakdowns in the previous coalition government.

    Eventually, the bill was finalized and passed by both parliamentary houses, although civil liberties groups have long criticized it and argued that the legislation would empower the British government to "document everything we do online". Well, indeed, it does. The snoopers' charter will force ISPs to record every subscriber’s top-level web history in real-time for up to 12 months. These records will be accessible for many government departments. The law would also force tech firms to decrypt data on demand and even disclose any new security features in products before they launch.

    Finally, the bill allows the intelligence agencies to hack into computers and devices of citizens, although particular professions like journalists and medical staff are covered with better protections. Some consumer rights activists call it the most extreme surveillance law ever passed, and it was opposed by representatives of the UN, all major British and global privacy and rights groups. At the same time, three-quarters respondent think that privacy is a human right.

    It must be mentioned that there are some safeguards, like a "double lock" system that requires so that the secretary of state and an independent judicial commissioner must agree on a decision to carry out search warrants

    The law will be ratified by royal assent soon.

    Posted by: SaM
    Vip Member
    Date: Saturday, November 19th, 2016

  3. #3

    Re: BLU Secret backdoor discovered

    Supreme court grants FBI massive expansion of powers to hack computers

    Intelligence committee senator said he plans to introduce bill to block expansion to ‘rule 41’ on warrants for suspects who hide their location, set for December

    FBI demands new powers to hack into computers and carry out surveillance

    computer hacking
    Supreme court allowed federal judges to issue hacking warrants to federal law enforcement if suspects try to hide their locations. Photograph: Alamy Stock Photo

    Danny Yadron in San Francisco

    Friday 29 April 2016 17.02 EDT
    Last modified on Friday 11 November 2016 06.58 EST

    This article is 7 months old

    The US Congress has seven months to block a potentially massive expansion of the government’s ability to hack into suspects’ computers.

    At the FBI’s request this week, the supreme court ruled that federal judges should be able to issue hacking warrants to federal law enforcement for anywhere in the US if the suspect has tried to hide their location, as criminal suspects are wont to do.

    Additionally, the FBI could get authority to infiltrate any computer – regardless of the owner – if it has already been taken over by bad hackers.

    The changes to so-called “rule 41” go into effect 1 December unless Congress acts to block them. The move has set up a showdown with Senator Ron Wyden, the most senior Democrat on the Senate intelligence committee, who is marshaling the opposition on Capitol Hill. He told the Guardian on Friday that he plans to introduce a bill blocking the court’s move.
    FBI demands new powers to hack into computers and carry out surveillance
    Read more

    The debate offers a unique window into the struggle to maintain America’s protections against unreasonable searches in the digital age.

    Many of the rules were written for a world based on searching physical spaces, like a desk, and at distinct locations, like an office. Such rules often don’t adapt well to the era of the internet and ubiquitous online services, where it is also possible to, in theory, search millions of computers at the same time.
    FBI confirms it won't tell Apple how it hacked San Bernardino shooter's iPhone
    Read more

    The issue flared up earlier this week when two judges struck down search warrants for suspected users of child sex abuse websites. The FBI had taken over the website in an attempt to trap users and eventually searched hundreds of computers after a federal magistrate in Virginia issued a warrant to hack all visitors to the website.

    The government reasoned this was permissible, in part, because visitors to the site were trying to conceal their location by using the Tor browser, which can help anonymize internet users. In this case, the FBI had found a way to hack the service to unmask visitors to the sex abuse website.

    Civil liberties advocates, acknowledging the ickiness of the case, cried foul. Not because they wanted to defend child sex abuse material, but because, they said, domestic law enforcement shouldn’t be able to search potentially millions of computers based on the authority of one judge’s order.

    Judges in Oklahoma and Massachusetts have ruled that the Virginia warrant targeting suspects in their territories is invalid and the evidence that they visited the sex abuse website consequently is inadmissible. And without digital proof that the suspects visited the criminal websites, there isn’t much of a case against them.

    Wyden, without getting into the specifics of the case, said he agreed US law enforcement shouldn’t be able to conduct such bulk surveillance.

    “One warrant for one judge can, in effect, reach millions of computers,” he said on Friday. “This is really a big issue when you’re talking about expanding the government’s hacking and surveillance authority.”

Similar Threads

  1. Top Secret America
    By airdog07 in forum The BLiNC Lounge
    Replies: 2
    Last Post: September 19th, 2015, 02:15 AM
    By blinc in forum Speed Flying, Speed Riding, Paragliding News
    Replies: 0
    Last Post: July 17th, 2012, 10:28 PM
    By blinc in forum Speed Flying, Speed Riding, Paragliding News
    Replies: 0
    Last Post: July 17th, 2012, 01:21 AM
  4. Replies: 0
    Last Post: April 16th, 2011, 08:00 AM
  5. Aiello's Secret Life
    By guest in forum The 'Original' BASE Board
    Replies: 0
    Last Post: June 28th, 2002, 05:21 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts