Manufacturer's Backdoor Found On Popular Chinese Android Smartphone 82
Trailrunner7 writes that researchers at Palo Alto Networks have found a backdoor in Android devices sold by Coolpad. "A popular Android smartphone sold primarily in China and Taiwan but also available worldwide, contains a backdoor from the manufacturer that is being used to push pop-up advertisements and install apps without users' consent. The Coolpad devices, however, are ripe for much more malicious abuse, researchers at Palo Alto Networks said today, especially after the discovery of a vulnerability in the backend management interface that exposed the backdoor's control system. Ryan Olson, intelligence director at Palo Alto, said the CoolReaper backdoor not only connects to a number of command and control servers, but is also capable of downloading, installing and activating any Android application without the user's permission. It also sends phony over-the-air updates to devices that instead install applications without notifying the user. The backdoor can also be used to dial phone numbers, send SMS and MMS messages, and upload device and usage information to Coolpad."
buy cheap ... (Score:3, Insightful)
... get what you pay for
Yep. (Score:1)
Buy your Android devices directly from the Google play store.
Anything cheaper will come with pre-loaded malware that will complicate everything and steal from you.
Re: (Score:1)
Anything Android is SPYWARE and MALWARE (by design) with a backdoor built by Google.
[citation needed]
Re: (Score:1)
There is no backdoor. (Score:5, Funny)
Its just lies and propaganda, there is no backdoor in Coolpads.
[sent from my Coolpad]
Re: (Score:3, Funny)
Re: (Score:2)
[sent by Coolpad CEO]
No different than what we have here (Score:5, Interesting)
Pretty sure that both the iOS and Android systems can do this out of the box, they just have chosen not to. There's also the old Kindle deleting 1984 incident.
Re:No different than what we have here (Score:5, Informative)
As far as I know, Apple can disable software remotely for security reasons but iOS itself cannot install software without asking the user.
Re: (Score:2, Interesting)
Apple can disable software remotely for security reasons but iOS itself cannot install software without asking the user.
Unless Apple disables the software that prevents iOS from installing software without the user. This function would only be used for security reasons of course.
Re: (Score:3)
There are a lot of phones set to auto-update. That's pretty much all there is to it at this point.
Re: The difference is that THERE is evidence (Score:1)
I take that back, my windows 8.1 PC force installs updates once a week, suppose its possible wp phones may force updates.
Re: (Score:1)
my windows 8.1 PC
well, there's your problem! (in the voice of Adam Savage from Mythbusters).
Joking aside, my Linux Mint's update has also been overactive lately. Luckily it won't install anything without my consent. Microsoft can push some updates without the consent of the user, even when the windows update service is disabled.
Re: (Score:3)
Apps are set to auto-update. App stores control those apps. If they want to replace Gmail with Big Brother v 1.0 they can do that in an instant.
Re: (Score:1)
And the people that wrote the app store apps can't possibly disregard the option that you set. Are you at all understanding this issue?
Re: (Score:3)
What you're saying basically boils down to "in the end you have to trust the people who wrote the OS or built the device". Yes, yes you do. This article is an example of how one such group abused that trust. Of course Apple and Google could do the same, but absent of any evidence that they have done so saying they could is kind of redundant.
Re: (Score:2)
What you're saying basically boils down to "in the end you have to trust the people who wrote the OS or built the device". Yes, yes you do. This article is an example of how one such group abused that trust. Of course Apple and Google could do the same, but absent of any evidence that they have done so saying they could is kind of redundant.
It's more than that. Google and Apple can harm, in principle, by either being evil or incompetent (I'm not claiming they are either). But they have lots of competent developers who try hard to keep you safe. This company here has most likely 10 times less security expertise than either Google or Apple. Which means your risk is much much higher.
Oops, sorry (Score:1)
I had my "obvious/subtle/totally-deadpan" posting filter set too far to the "deadpan" end of things. To anyone who mis-took me for a conspiracy theorist, I apologize for being too deadpan.
Re: (Score:3)
Unless Apple disables the software that prevents iOS from installing software without the user. This function would only be used for security reasons of course.
It all depends on your definition of "can". Apple could theoretically do _anything_ with your iOS device. Some things would be detectable, some wouldn't, some would be illegal, most would be pointless to do for Apple and would be damaging to business if found out, which is a very good reason not to do it.
Apple _can_ install apps remotely without asking you, and it actually happens if you buy an app on one phone, and you have set up the other phone to automatically install purchased apps. Well, technicall
Re: (Score:2)
...but iOS itself cannot install software without asking the user.
Can't you install an app on an iPhone by only through iTunes on a PC?
If so, then yes, iOS supports remote installs.
Re: (Score:2)
'Erm' yeah right, apparently you live in a happy delusional world. All the manufacturers can quite readily install software without the users permissions by the simply expedient of piggy backing the install of the software they want to install on any software or update that you attempt to install from websites they control. They only thing you can do to prevent it, is never update and never install an application from their servers. They can of course also force you to upgrade by purposefully breaking the
Re: (Score:2)
Pretty sure that both the iOS and Android systems can do this out of the box, they just have chosen not to. There's also the old Kindle deleting 1984 incident.
If you bring up 1984 as an example, then you have to bring up U2.
Re: (Score:2)
If you bring up 1984 as an example, then you have to bring up U2.
No I don't. You can if you want though.
Google Play Services (Score:4, Funny)
I though they were describing Google Play Services, which I understand call do all of those things. Except obivously, that Google is not evil..
Re: (Score:2)
Google is clearly evil. what kind of kool-aid are you consuming? ..
oohhhhh!
Yes, Google is evil (Score:1)
But if you buy pure android devices directly from Google, you *only* have to deal with Google's evil, and not the additional evil of the manufacturer.
And the additional evil will always be worse. Google, though evil, has direct incentives to keep its devices secure. The tracking data they get on you is more valuable to them if only they have it. Your perception of the security of their devices is also more valuable to them than what they could gain by installing backdoors.
For example, a while back a Moto
3-digit /. UID? (Score:1)
Tester (591)
Wow, don't see those very often. Good to see old-timers still around.
So, which do you prefer, Intellivision or ColecoVision? :)
Re: (Score:2)
Re: (Score:2)
Ah.. really classic gaming.
The Colecovision baseball that had the specific controllers was a lot of fun.. until we learned the pitch that was a strike but couldn't be hit. Then games became a challenge of who could continue to pitch that exact pitch without making a mistake.
Man the intellivision had some great games though... B-17 bomber was awesome with the voice module. Tron Deadly Discs was a marathon game if there ever was one. My friend was the best at TDD and could play for hours until it finally
Re: (Score:2)
Space War
Re: (Score:1)
Re: (Score:2)
Re: (Score:1)
I'm going to hit you with my modem.
300 baud or DSL?
I have both and it's easy to mix the two up especially if you have one of those last-century DSL modems with the DB9 or DB25 serial connector.
They have about the same usefulness when used to hit people with.
On some days, they both seem to transfer data at about the same speed. :P
Re: (Score:1)
300 baud or DSL?
I have both and it's easy to mix the two up especially if you have one of those last-century DSL modems with the DB9 or DB25 serial connector.
They have about the same usefulness when used to hit people with.
One with a handset cradle, still in it's suitcase, from when slashdot was on uunet with a broken G protocol. It's *much* more useful than a crappy DSL modem to hit people.
Re: (Score:2)
Modem? Damn whippersnapper! Get off my lawn!
Re: (Score:2)
Re: (Score:2)
ISDN, so technically not a modem....
Re: (Score:2)
Re: (Score:1)
ISDN, so technically not a modem....
Technically it is a modem (modulator/demodulator), because data is still transferred via the copper lines, and signal has to be modulated and demodulated at each end. In fact all the network equipment are basically modems, because data has to be modulated (by amplitude, frequency, phase) at the one end to go through the wires and demodulated at the receiving end. This also goes for the wireless equipment.
Re: (Score:1)
I'm easy to please, PONG FTW!
691, 630, 141, and 724? Wow (Score:1)
I don't remember the last time I saw so many members of the 3-digit club in one not-too-long (yet) sub-thread, but it was probably in Bush the 43rd's first term.
Disgusting! (Score:5, Funny)
Re: (Score:3)
USA! USA! USA!
Besides, out Three Letter Agency knows more about us than your Three Letter Agency!
How do you like them Apples?
Re: (Score:3)
How do you like them Apples and Androids?
Verizon and AT&T scoff at "Amateur Hour" backd (Score:2)
Harumph! Harumph! (I didn't get a Harumph from that guy.....Harumph!)
Verizon and AT&T laugh at your puny "backdoor" and limited scope of abuse available through it.
Why, they opened up their ENTIRE NETWORK to the NSA/CIA/DIA/FBI/any local podunk sheriffs office.
USA! USA! USA!
We are STILL Number One!
So this company figures (Score:2)
Sounds like my Sony Blu-Ray player (Score:5, Interesting)
Devices now own us. I miss the days when I had control over my devices.
Re: (Score:1)
Yes you have control, don't buy it, specially Sony!
Re: (Score:3)
Sony CS has no solution.
Whereas I have 3:
1) Return it and replace it with something better
2) Firewall it so it can't access the internet over your router. When you actually need/want to update it, its trivial to disable the rule for a few minutes.
3) disconnect it from the network. if its wired this couldn't be simpler. If its wireless its may be a little more tedius to forget and resetup the wifi each time -- in which case maybe #2 above is the better solution.
But really -- #1 is the correct solution.
Re: (Score:2)
That would work if you don't want to use Netflix on the BD player. GP says when network/Sony's server's are down apps don't work on the BD player...
Re: (Score:3)
Yeah, the netflix angle breaks things and really just highlights just how terrible a player it is.
Expect a lot more of this with "Internet of Things".
I for one am not interested in any of that crap.
Re:Sounds like my Sony Blu-Ray player (Score:4, Funny)
I'd say sue Sony but their lawyers are a bit busy right now.
Re: (Score:2)
Devices now own us. I miss the days when I had control over my devices.
I don't have all the neat devices everyone else buys, but I own the ones I buy. I blame people like you for making it more difficult.
Comment removed (Score:4, Insightful)
Sony Xperias cellphonmes have backdoors too (Score:2, Insightful)
From RealVNC press release:
"27th February 2012: RealVNC’s remote access technology has been integrated in Sony Mobile Communication’s Android based Xperia smartphones, enabling them to connect to vehicle infotainment systems so that drivers can access their smartphone applications safely from the dashboard display. The technology can also be used in customer support services by helpdesk agents to provide better support to Xperia users."
MR. POTATO-HEAD! BACKDOORS ARE NOT SECRETS! (Score:2)
What? Even "free" has a price? (Score:2, Insightful)
Neo900 (Score:2)
The Neo900 looks even more attractive.
Surprised? (Score:1)