NYT: Secret Backdoor in Some U.S. Phones Sent Data to China, Analysts Say

Certain low-cost Android phones in the U.S. equipped with a certain Firmware Over The Air (FOTA) update software system were found to be sending data to a server in China without the owners' consent, according to The New York Times.

The case involves firmware developed by Shanghai Adups Technology Company, which claims its code runs on more than 700 million devices worldwide. The phones in question were sold under the BLU brand name in the U.S., although the article also cites other prominent Chinese mobile phone vendors as customers of Adups.

The discovery of the backdoor is credited to Kryptowire, a start-up based in Virginia that provides mobile application security analysis tools, anti-piracy technologies, mobile app marketplace security analytics, and Enterprise Mobility Management (EMM) solutions.

Kryptowire said the firmware that shipped with the mobile devices and subsequent updates "allowed for the remote installation of applications without the users' consent and, in some versions of the software, the transmission of fine-grained device location information."

http://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html?smid=tw-share&_r=0

http://www.kryptowire.com/adups_security_analysis.html