Close to 3 million Android phones have been discovered to contain a very powerful rootkit/backdoor that leaves the user vulnerable to remote control, tracking and code execution attacks. These phones are affordable low-cost models and can be purchased in the US in any Best Buy store. Researchers from BitSight Technologies (a subsidiary of Anubis Networks) has detailed in their blog how this root kit was discovered, tested and thankfully so far, prevented from doing harm.
The malicious firmware was designed to hide and to be difficult to detect but secretly contact two pre-configured domains, sending information from the device. Surprisingly, the two domains were unregistered so BitSight technologies was able to acquire them immediately before any deployment and perform tests. The company purchased a BLU Studio G phone from Best Buy, built a passive network traffic system and performed the analysis which revealed that over 2.8 million devices are affected and have since tried to contact the domain they registered. This affects 55 different device models and based on the IP connecting to the domains, the vulnerability affects the entire world with the majority of users affected based in the United States. US-based BLU products is the most affected having 26.3% of the affected phones.
João Gouveia, a BitSight researcher who is part of the team who discovered the rootkit have further revealed that he has seen lots of connections coming from all sorts of sectors, including healthcare, government and banking.
Most of these phone models are what are considered “burner” or low-cost phones, previously thought of to be a safer due to their disposable nature. Recently, another security firm Kryptowire had also discovered a major vulnerability in the form of pre-installed backdoors on BLU R1 HD phones. They discovered the massive amounts of data from the user were being sent back to the Chinese company Shanghai AdUps Technologies, the software company who handles these phones. AdUps Technologies is also used by Huawei and ZTE.
