Pre installed Backdoor found in Chinese Smartphones

Chinese smartphone manufacturers have again been critized for having Backdoor in their handsets. But this time a different vendor’s name has come up. Earlier the popular Chinese smartphone brands, Star N9500 and Xiaomi name came up but now the China’s third largest and world’s sixth largest mobile manufacturer ‘CoolPad’, has joined the list.

            Android smartphones sold by Chinese smartphone maker Coolpad Group Ltd contains an extensive “backdoor” that is able to track users, push unwanted pop-up advertisements and install unauthorized apps onto users phone without their permission, alleged a U.S. security firm.

MORE THAN 10 MILLION USERS at RISK

Researchers at Silicon Valley online security firm Palo Alto Networks discovered the backdoor “CoolReaper”, pre installed on 24 Coolpad Android handset models, including high end ones. The attackers can completely hijack users Android device by gaining their device information with the help of the backdoor.

Features of CoolReaper backdoor:

According to Ryan Olson, intelligence director at Palo Alto, CoolReaper backdoor has ability to:

Ø  Download, install aand activate any Android application without users knowledge.

Ø  Connect to number of command and control(C&C) servers.

Ø  Wipe user data, uninstall applications or disable system applications.

Ø  Send fake software updates to devices.

Ø  Send or insert arbitrary SMS or MMS messages into the phone.

Ø  Call arbitrary phone numbers.

Ø  Upload device information including its location, application, usage information, calling and SMS history to Coolpad servers.

On examination of Coolpad smartphone models of different country, researchers suspected that Coolpad smartphone come pre installed with Coolreaper backdoor on handsets which are sold exclusively in China and Taiwan.

Coolpad is the first malware that is built and operated by an Android manufacturer.China has been criticized many times for its products. Six months ago another handset which was popular and also cheap, Star N9500 smartphone came pre-installed with a Trojan that allowed manufacturerto spy on users including personal data and conversations without their knowledge.

            Their was another allegation against the popular Chinese smartphone manufacturer, “Xiaomi of secretly stealing users information and sending it back to a server in Beijing.

Crash friends WhatsApp with just a message

Two India based security researchers, Indrajeet Bhuyan and Saurav Kar, both 17-year old teenagers have found a vulnerability in the popular messaging app WhatsApp, which allows anyone to remotely crash WhatsApp by just sending a specially crafted message.

            In a demonstration, they showed how a 2000 words (2kb in size) message written in special characters can crash WhatsApp messenger app of the person who has received it and also who has send it. Previously also there was a similar vulnerability in WhatsApp in which if a person sends a huge message ( size greater than 7mb), it will crash victim’s device and app both immediately, but this new exploit allow attacker to send a very small size message(2 kb) to the victim.

            The user who receives the specially crafted message will have to delete his/her whole conversation with the attacker and will have to start a new one, because opening the message keeps on crashing the WhatsApp.

            According to the duo, the reported vulnerability has been tested on Gingerbread, Jellybean, Kitkat, and all the above Android Operating systems and it works successfully on them.

            Similarly in a WhatsApp group if a group member intentionally sends a specially crafted message, then everyone will have to exit from the group. Also for example, if I don’t want that someone should have records of my chat with them, then I can simply send the same message exploit to that person.

            This vulnerability has not been tested on iOS, but it is sure that all versions of WhatsApp are affected by this bug including 2.11.431 and 2.11.432. But the attack does not work on windows 8.1.

            WhatsApp which is bought by Facebook for $19 billion in February 2014, has over 600 Million while writing this post, and according to researchers no of users affected by this vulnerability could be 500 Million.

           

            Reecently WhatsApp was in news for making end-to-end encryption on all text messages as a default feature to boost online privacy and security of its users. The app maker describes this as the “largest deployment of end-to-end encryption ever”.