"doesn't encrypt firmware updates"
I keep seeing that phrase as a vulnerability but I have never seen an encrypted firmware update. Not one. Digital signatures are used. Inject new content and the update aborts.
Got a cheap-and-cheerful Android phone from BLU, Infinix, Doogee, Leagoo, IKU, Beeline or Xolo? It might be harbouring some badware in the firmware. The issue affects phones that use an over-the-air update mechanism from Chinese company according to BitSight researcher Dan Dahlberg and Anubis Networks' João Gouveia and Tiago …
Burner Phones - check
Vunerabilities in firmware - check
Easy to install snoopware - check
That's all the likes of the FBI want. What are the odds that there are some 'burner phone' shops that are already selling devices infected with the FBI tracking sofware?
forget those pesky iPhones, these are what the TLA's need to keep their closure rates up.
written firmly with my tongue planted in my cheek you understand...
I looked at My Doogee again and I can't find the latest nasty mentioned in the article as I haven't rooted my phone. However I did notice on the NoRoot Firewall logs that "Wireless update" had tried to connect to 118.193.254.13:80. On checking I discovered that this points to "Shanghai Anchang Network Security Technology" which has apparently no web presence at all. I've added the new addresses to the firewall for all the good it'll do and remember not to use this phone for anything I wouldn't write on the back of a postcard and send through the post.
It's a shame about this really as I have a Doogee T3 which is quite a nice phone (http://www.doogee.cc/products-detail.php?ProId=72). However I suspected it would have something dodgy on it coming from China and took the same precautions as above. Call me paranoid if you like but I have a feature phone for calls, a Blackberry for emails, contacts etc. and the Doogee for general websurfing Angry Birds etc.