back to article More Androids carry phone-home firmware

Got a cheap-and-cheerful Android phone from BLU, Infinix, Doogee, Leagoo, IKU, Beeline or Xolo? It might be harbouring some badware in the firmware. The issue affects phones that use an over-the-air update mechanism from Chinese company according to BitSight researcher Dan Dahlberg and Anubis Networks' João Gouveia and Tiago …

  1. Kevin McMurtrie Silver badge
    WTF?

    "doesn't encrypt firmware updates"

    I keep seeing that phrase as a vulnerability but I have never seen an encrypted firmware update. Not one. Digital signatures are used. Inject new content and the update aborts.

    1. Paul Shirley

      Re: "doesn't encrypt firmware updates"

      Unless they don't bother signing, the story is: "Chinese phones supply OTA updates from Chinese server"

      Which barely counts as a story given how people acquire most of these devices direct from Chinese exporters.

      1. Anonymous Coward
        Anonymous Coward

        Re: "doesn't encrypt firmware updates"

        I bought mine from Amazon in the UK and have considered a full factory wipe and sending it back.

  2. Ole Juul

    perpetrators

    The Carnegie-Mellon CERT has tagged the issue CVE-2016-6564 and is tracking affected vendors for updates.

    Vendors? Perhaps I'm missing something here, but don't we normally call people who install malicious software on your phone something else?

  3. Anonymous Coward
    Anonymous Coward

    Elephone

    I got an Elephone P9000. Found the adups shit on there on the weekend.

    Now flashed to CM.

  4. Steve Davies 3 Silver badge

    What's not to like here eh?

    Burner Phones - check

    Vunerabilities in firmware - check

    Easy to install snoopware - check

    That's all the likes of the FBI want. What are the odds that there are some 'burner phone' shops that are already selling devices infected with the FBI tracking sofware?

    forget those pesky iPhones, these are what the TLA's need to keep their closure rates up.

    written firmly with my tongue planted in my cheek you understand...

  5. Blotto Silver badge
    Coat

    At least it's not that apple crap.

  6. Anonymous South African Coward Bronze badge

    Pity CM is no longer an option ever since they got bought out :(

    1. Rosie Davies

      The community version seems to be healthy enough. I thought it was only the commercial version that was having a wobble?

      Rosie

  7. jonnycando
    Holmes

    The community version of CM OUGHT to be clean. Buggy from time to time but not nefarious.

  8. Anonymous Coward
    Anonymous Coward

    Oh well

    I looked at My Doogee again and I can't find the latest nasty mentioned in the article as I haven't rooted my phone. However I did notice on the NoRoot Firewall logs that "Wireless update" had tried to connect to 118.193.254.13:80. On checking I discovered that this points to "Shanghai Anchang Network Security Technology" which has apparently no web presence at all. I've added the new addresses to the firewall for all the good it'll do and remember not to use this phone for anything I wouldn't write on the back of a postcard and send through the post.

  9. JimboSmith Silver badge

    It's a shame about this really as I have a Doogee T3 which is quite a nice phone (http://www.doogee.cc/products-detail.php?ProId=72). However I suspected it would have something dodgy on it coming from China and took the same precautions as above. Call me paranoid if you like but I have a feature phone for calls, a Blackberry for emails, contacts etc. and the Doogee for general websurfing Angry Birds etc.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like