All Your SMS and Contacts Belong to ADUPS and others

by Ryan Johnson, Angelos Stavrou, Azzedine Benameur
Sept. 12, 2017 1 comment Encryption & Authentication auditing & assessment

Our research has identified several models of Android mobile devices that contained firmware that collected sensitive personal data about their users and transmitted this sensitive data to third-party servers in China - without disclosure or the users' consent. These devices were available through major US-based online retailers (Amazon, BestBuy, for example) and included popular smartphones such as the BLU R1 HD and the BLU Life One X2. These devices actively transmitted user and device information including the full-body of text messages, call history with full telephone numbers, unique device identifiers including the International Mobile Subscriber Identity (IMSI), serial number, Media Access Control (MAC) address, and the International Mobile Equipment Identity (IMEI). The firmware could target specific users and text messages matching remotely-defined keywords. The firmware also collected and transmitted information about the use of applications installed on the monitored device,

Steven Ulm 9 months ago

Had no idea what ADUPS are, but only the idea that my contacts and text messages don't really belong to me freaked me out and made me want to read your article :)