20+ Chinese Android Smartphones Models Come With Pre-Installed Malware 74
An anonymous reader writes: Security researchers from G DATA have published research (PDF) into Android phones produced in China, which found that a large number of devices ship with pre-installed malware and spyware. Affected models include the Xiaomi MI3, Huawei G510, Lenovo S860, Alps A24, Alps 809T, Alps H9001, Alps 2206, Alps PrimuxZeta, Alps N3, Alps ZP100, Alps 709, Alps GQ2002, Alps N9389, Android P8, ConCorde SmartPhone6500, DJC touchtalk, ITOUCH, NoName S806i, SESONN N9500, SESONN P8, Xido X1111, Star N9500, Star N8000 and IceFox Razor. The researchers do not believe the manufacturers are responsible for the malware; rather, they suspect middlemen within distribution channels. "According to G DATA, the contamination of these smartphones is done by hiding malware as add-on code in legitimate apps. Since users don't usually interact with the malware and the add-on runs in the app's background, unless using a mobile antivirus solution, these infections are rarely discovered."
A Lenovo with malware?!? (Score:5, Funny)
That's unpossible!!!1!
What a winning combnation on the front page... (Score:5, Interesting)
Cheap Smartphones Quietly Becoming Popular In the US
Bloomberg reports that ZTE and its cheap Android smartphones have been grabbing more and more of the market in the U.S. It's not that the phones are particularly good â" it's that they're "good enough" for the $60 price tag. The company has moved up to fourth among smartphone makers, behind Apple, Samsung and LG. That puts them ahead of a lot of companies making premium devices: HTC, Motorola, and BlackBerry, to name a few. ZTE, a Chinese manufacturer, seems to be better at playing the U.S. markets than competitors like Xiaomi and Huawei, and they're getting access to big carriers and big retailers. "Its phone sales are all the more surprising because it's been frozen out of the more lucrative telecom networking market since 2012. That year, the House Intelligence Committee issued a report warning that China's intelligence services could potentially use ZTE's equipment, and those of rival Huawei Technologies, for spying. Huawei then dismissed the allegations as 'little more than an exercise in China bashing.'" I wonder how long it will be before these ones are also found to be full of malware?
Where are the phone sold that have malware? (Score:5, Insightful)
The TFA was light on details, but where phones are sold makes a big difference.
In Asia and South America, there are a lot of small shops selling phones, and oftentimes, they add "value added" stuff like pirated apps and other items. Usually the lesser known makers wind up here.
In the US, the phones go either directly from the maker to the phone provider to be sold, or from the manufacturer to a store like Best Buy or S-Mart.
I would be surprised if malware (other than the usual vendor bloatware) was an issue in the US or Europe.
Re:Where are the phone sold that have malware? (Score:5, Interesting)
I seem to recall phones in the US and Europe being pre-loaded with spyware too. Carrier IQ, Apple's location data collection back in the day...
Re: (Score:2)
I would be surprised if malware was an issue in the US or Europe.
This research was done by an American company. I doubt if they flew to South America to get their test samples.
Re:Where are the phone sold that have malware? (Score:5, Funny)
I would be surprised if malware was an issue in the US or Europe.
This research was done by an American company. I doubt if they flew to South America to get their test samples.
Reporter: "C'mon boss - send me to Rio. I really need to research the cell phone market. Really."
Boss: "You're going to Cleveland."
Re: What a winning combnation on the front page... (Score:1)
The ZTE which TFA focused on doesn't have malware , while some high priced name brand ones do, so I'm not seeing the irony here.
Re: (Score:1)
The middlemen software adds to the price, so yes I actually do see the irony. (Unless you were sarcastic, then we are in agreement.)
your speech borders treason (Score:1)
Of course it's China bashing. The government always need enemies to keep the populace in line.
"the people can always be brought to the bidding of the leaders. That is easy. All you have to do is tell them they are being attacked and denounce the pacifists for lack of patriotism and exposing the country to danger. It works the same way in any country."
Re: (Score:2, Insightful)
Nice try, but that doesn't apply here. China is bashing us with defective, harmful products. We need to enforce better consumer protections.
Re: (Score:2)
We have great consumer protections on US made goods. Everything else imported not so much. China doesn't care if there is malware on phones, or poison in the pet food or anything else. The only fix for this is to hold the IMPORTERS and DISTRIBUTORS here in the US fully responsible, and put them out of business. The problem is, there is too much money involved in the politics of killing off corporations.
Re: (Score:3, Insightful)
The problem is, there is too much money involved in the politics of killing off corporations.
That sounds more like your typical libertarian poutrage than any kind of truth. Nobody's trying to *kill off corporations*. We only want them to abide by the same rules the rest of us are under. The real problem is that we allow them too much authority over our governments.
Re: (Score:1)
Oh, but I am willing to kill off corporations. Since corporations are the creation of the state, and are sanctioned by said state, the state has every right to dissolve the corporation for gross violation of public trust, trust the corporation is entrusted with by the state upon creation.
We do allow them too much authority over government, which is why I oppose corporations (and unions) from contributing to political causes, either directly or indirectly. We call these subversions of public servants "lobbyi
Re: (Score:2)
Actually you are wagging the dog. The state is set up by the corporation to serve its interests. It takes a lot of money to put it all together, and politician who doesn't comply will lose all financial support, or worse. Napoleon's power didn't come from the wretched.
I oppose corporations (and unions) from contributing to political causes, either directly or indirectly.
You shouldn't. It's interfering. Just don't vote for people who take their money, and the problem is solved.
Re: (Score:2)
It's not just about 'consumer' protection. China operates massive spy operations. The boatloads of Chinese phones that arrive to the US translates to a national security concern.
Re: (Score:1)
China operates massive spy operations.
Yeah, they probably do [wired.com]...
So bascailly they include an app (Score:3)
that does the same stuff and takes your info like all the other free or paid for apps.
Unlock the bootloaders (Score:2)
and then who cares...
Re: (Score:1)
cite it please. I have never had a problem buying unlocked bootloader phones in california. Of "iphones"... that's a walled garden platform so if you're complaining about that cry me a fucking river.
But on the android and windows phones it isn't so much a problem. Honestly, in so far as I am concerned there is only one phone OS at this point. Its android or nothing. The others are a waste of time.
Re: (Score:3)
The vast majority of cell phone users who don't know the difference between a bootloader and an Army boot.
Re: (Score:1)
And I care because?
Look... the average person isn't going to know the difference between a poisoned mushroom and an edible one.
Does that mean we can't eat mushrooms?
No.
It means first the public needs to suffer a certain amount to care about the problem... aka eat the poison mushroom and die.
And THEN they might ask someone "hey which of these mushrooms are toxic?"... and if that's too much work they can acquire their mushrooms from a reputable dealer that will perforce know the difference.
Everyone runs on th
Is there a POTS that can do OTA? (Score:4)
or is something like that be ancient like IMTS that operated on VHF freq. </factious>
Malware here, spyware there, all I want is a phone but now I have to worry about this.
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
Well done, those are the definitions of VHF and UHF, but I guarantee no phone service ever ran on the entire VHF or UHF band.
for what it's worth, from wikipedia:
"The Improved Mobile Telephone Service (IMTS) is a pre-cellular VHF/UHF radio system that links to the PSTN. IMTS was the radiotelephone equivalent of land dial phone service."
snake
Re: (Score:2)
I guarantee no phone service ever ran on the entire VHF or UHF band.
It didn't. There were specific frequencies allocated to IMTS mobile telephone service. These are in same 150-162 MHz 9and 450-470) band along with police, fire, business, etc. These channels used same bandwidth as a typical 2-way frequency (and 2-way radio has superior audio quality over cellphone). But the IMTS was full duplex (used both xmit and rec freq at same time) and there was not many frequencies available so only the stinking rich got phones in their cars (and many of them had to wait on a very lon
Silver Lining (Score:1)
We should thank them for saving our bandwidth costs by including them up front. Some of that malware is large, and you know you'd get infected anyhow.
Ban the phones (Score:2, Insightful)
Re: (Score:1)
Re: (Score:2)
LOL, there wouldn't be any phones at all. Some or all of a cellphones parts are from China.
Perhaps he has a point.
Re: (Score:2)
Then we go back to smoke signals?
I'm not sure that you can buy a phone that isn't at least partly from china.
Re: (Score:2)
Oddly, I'm much more comfortable with Chinese spyware than the American spyware that is installed here. I have used two THL phones, and was mostly really happy with one of them, and one of them was a piece of junk. What does China care where my location is or that I read Slashdot?
Re: Ban the phones (Score:2)
Re: (Score:2)
so called researchers (Score:5, Insightful)
The researchers do not believe the manufacturers are responsible for the malware
Perhaps these "researchers" could get their act together and be more sure about their conclusion. If the "apps" in question are installed after manufacturing then they are easy to spot and can be uninstalled, and in such a case they likely (but not certainly) were added in the distribution channel. If, on the other hand, they are in the ROM itself then they can only be "disabled" and not uninstalled and it is extremely likely that the manufacturers put them there (most likely knowingly but there is a slim chance it was out of ignorance). Simply saying that they do not believe the manufacturers were not responsible with explaining why they say that is completely bogus.
Re: (Score:2)
That was my point. Rather than the "researchers" saying that they don't know if the manufacturers were responsible or not and suggesting that the malware could have been inserted after manufacture somewhere in the distribution channel, looking at the ROMs will tell you that the malware was in there at the manufacturing process (distributors are not going to be developing custom ROMs for every model phone when they could just install the malware, and if anyone want to claim that they did then they should be
Re: (Score:2)
Re: (Score:2)
Why not cut out the middleman? Integrate vertically and add the malware in the factory.
Re: (Score:1)
Propaganda bullshit. (Score:1)
One benefit of buying a name brand... (Score:3, Interesting)
One benefit of buying a name brand from a trusted source...
Buy an iPhone from an Apple store and your chances of having malware on it are more or less zero...
Buy a Samsung Galaxy from the Samsung store in the mall, likewise, almost no chance of a problem...
The thing is, major brands such as those have a reputation to care about. The cheap off brands don't.
Likewise, I feel comfortable buying a Microsoft Lumia from a known source, update it to the lastest version of Windows, make sure security software is installed, only install apps from the MS app store, you should generally be good to go.
There is value in trusted computing. I know a lot of people like to jailbreak, or side load apps, but there is a risk in doing so.
While my iPhone is locked down... it is worth noting... that it is locked down... I can generally use it with confidence. My desktop Windows PC? Less so, one has to be much more careful with that.
Now I know what some people say, "Apple is tracking you", or "MS is tracking you". Yea, but I don't care, neither company is out to steal my info or crash my computer or hold me hostage. Neither company is going to steal my CC info or hack my passwords. They can track me all they like, in return they give me a lot of free software and updates.
Re: (Score:2)
Apple, MS, Google...= NSA whether you like it or not.
And why does the NSA snooping bother you?
My only complaint is that they aren't being honest about it, frankly I think they should be, I doubt most people care.
I'm not afraid of them either.
I don't trust any repository of private data to be secure if I can help it.
Then you might as well unplug and move to the woods, pay cash for everything, don't use a bank account, don't have e-mail, and for sure don't connect to the web.
Because if you don't, then you're just kidding yourself.
Re: (Score:2)
This. There is no way to have privacy in the modern connected world. Anyone who thinks so is deluding themselves. A cell phone is a tracker by design. If you are doing anything you don't want someone to know about and you have a cell phone on you then you are at risk. Spend money with a debit card? Every purchase you make is tracked forever. We have to trust the government and corporations, we have no real choice. If it ever gets to the point we really can't then you can bet it'll take a bloody revo
Brand does not help much (Score:2)
Buy a Samsung Galaxy from the Samsung store in the mall, likewise, almost no chance of a problem...
Buy Samsung and get uninstallable "Flipboard" application. You can't even disable it on non-rooted phones!
And? (Score:2)
Thank goodness I'm not affected! (Score:2)
Re: (Score:2)
That's a huge relief - my smartphone is apparently perfectly safe, no malware or anything, nobody trying to track me. Thank goodness for America!
Sure, your tin can is safe, but who knows where that string goes once it leaves your window?
Plus, no LTE.
Why am I not surprised? (Score:1)
Huawei G510, Lenovo S860
The former has government experience to do it in-house (especially with their targeting of Nortel), the latter has been caught on accident.
"Best Interest Of Customers" Not Exactly A Concern (Score:1)
This should come as no surprise. This is the land of sewer oil, melamine in baby formula and cyanide being stored next to high explosives. Granted, the government *is* working to try and improve things?
But seriously? When your populace believes it's an excellent idea to back up and finish off pedestrians when they hit them? It's going to be a very long time before anyone should trust you with anything at all. [nationalpost.com]
Re: "Best Interest Of Customers" Not Exactly A Con (Score:3)
Nice try, but it originated with Slate. [slate.com]
Google / Spyware (Score:1)
So how does one tell the difference between Android, and spyware? As for all intents and purposes, they accomplish the same thing.
NoName S806i ? (Score:2)
Affected models include the Xiaomi MI3, [...] ITOUCH, NoName S806i, SESONN N9500, [...]
Wait... there's a cellphone brand in China called NoName? And there's a phone called the ITOUCH?
This is all messed up...