Rootkit Discovered in Over 2.8 Million Low-Cost Android Phones

/ 7 years ago

blu-studio-g-1-800x629

Close to 3 million Android phones have been discovered to contain a very powerful rootkit/backdoor that leaves the user vulnerable to remote control, tracking and code execution attacks. These phones are affordable low-cost models and can be purchased in the US in any Best Buy store. Researchers from BitSight Technologies (a subsidiary of Anubis Networks) has detailed in their blog how this root kit was discovered, tested and thankfully so far, prevented from doing harm.

The malicious firmware was designed to hide and to be difficult to detect but secretly contact two pre-configured domains, sending information from the device. Surprisingly, the two domains were unregistered so BitSight technologies was able to acquire them immediately before any deployment and perform tests. The company purchased a BLU Studio G phone from Best Buy, built a passive network traffic system and performed the analysis which revealed that over 2.8 million devices are affected and have since tried to contact the domain they registered. This affects 55 different device models and based on the IP connecting to the domains, the vulnerability affects the entire world with the majority of users affected based in the United States. US-based BLU products is the most affected having 26.3% of the affected phones.

distribution-of-observed-devices-by-manufacturer

João Gouveia, a BitSight researcher who is part of the team who discovered the rootkit have further revealed that he has seen lots of connections coming from all sorts of sectors, including healthcare, government and banking.

tweet

Most of these phone models are what are considered “burner” or low-cost phones, previously thought of to be a safer due to their disposable nature. Recently, another security firm Kryptowire had also discovered a major vulnerability in the form of pre-installed backdoors on BLU R1 HD phones. They discovered the massive amounts of data from the user were being sent back to the Chinese company Shanghai AdUps Technologies, the software company who handles these phones. AdUps Technologies is also used by Huawei and ZTE.

adups_security_analysis_figure1
Topics: , , , ,

Support eTeknix.com

By supporting eTeknix, you help us grow and continue to bring you the latest newsreviews, and competitions. Follow us on FacebookTwitter and Instagram to keep up with the latest technology news, reviews and more. Share your favourite articles, chat with the team and more. Also check out eTeknix YouTube, where you'll find our latest video reviews, event coverage and features in 4K!

Looking for more exciting features on the latest technology? Check out our What We Know So Far section or our Fun Reads for some interesting original features.
eTeknix Facebook eTeknix Twitter eTeknix Instagram eTeknix Instagram

  • Be Social With eTeknix

    Facebook Twitter YouTube Instagram Reddit RSS Discord Patreon TikTok Twitch

  • Features

    Computex CES
    Fun Reads eTeknix Deals

Send this to a friend
})