by Michael Mimoso December 17, 2014
A popular Android smartphone sold primarily in China and Taiwan but also available worldwide, contains a backdoor from the manufacturer that is being used to push pop-up advertisements and install apps without users’ consent.
The Coolpad devices, however, are ripe for much more malicious abuse, researchers at Palo Alto Networks said today, especially after the discovery of a vulnerability in the backend management interface that exposed the backdoor’s control system.
Ryan Olson, intelligence director at Palo Alto, said the CoolReaper backdoor not only connects to a number of command and control servers, but is also capable of downloading, installing and activating any Android application without the user’s permission. It also sends phony over-the-air updates to devices that instead install applications without notifying the user. The backdoor can also be used to dial phone numbers, send SMS and MMS messages, and upload device and usage information to Coolpad.
Full Article
Manufacturer’s Backdoor Found on Popular Chinese Android Smartphone
Userlevel 7
+54
Userlevel 7
NOT SURPRISED IN THE LEAST, and I suspect that this is just the tip of the iceberg. It does not bear even thinking about how many such 'backdoors' there may be littering the 'app space'. BRRRRRRRRRRRRRRRRRR! :(
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.