For the second time in the span of a week, mobile phones coming from China are found to have a potential backdoor in a pre-installed rootkit. Discovered by BitSight Technologies, more than 2.8 million smartphones are found vulnerable to man-in-the-middle attacks because of it.
Associated with the Chinese Ragentek Group, the firmware was found to be linked with two unencrypted connections. Further, with no code-signing procedure, anyone can potentially insert malicious code through an over-the-air update.
After BitSight made an effort to register those itself, around 3 million unique devices were said to have communicated in the short period. Using a BLU Studio G smartphone, the company installed a tracking file to know the scope of the issue.
Naturally, all sorts of highly private info including healthcare, government, and bank transaction details were found to have been sent to and from these devices. If only the domain had made its way to a malicious user, the situation at hand could have been catastrophic.
The affected devices are said to be coming from a number of major manufacturers from both China and the US, including BLU (which makes up a quarter of all phones), Infinix, Xolo, Doogee and Leagoo, which together make up for more than 50 percent of all the 55 unique models discovered.
Kryptowire has previously warned of phones which anonymously send user data to Chinese servers, including highly private information. These episodes speak volumes of the level of testing employed by these companies. While BLU has since announced an update to fix these loopholes, it is clear how much is yet to be done.
What if users get annoying with this encrypted connections and stop using these smart phones? Potential encrypted = Potential customer loss