Security researchers reveal that over 2.8 million low-end Android devices enable the attackers to extract personal information and execute commands on the attacker’s phones with root privileges.
Infinix, a brand that operates in Pakistan, is among those that are affected.
This is not the first incident that has come to light this week. Earlier this week, researchers from Krytowire discovered that Chinese smartphones were identified carrying permanent and pre-installed firmware which collected sensitive information; messages, call logs, geolocations and transmitted them to a third-party server in Shanghai, China.
The company responsible for this latest problem is Ragentek Group.
The researchers reveal that the problem was experienced first hand as one of their researchers bought a BLU Studio G smartphone from BestBuy.
The researchers claim that the smartphone uses an insecure method of communicating with remote servers and contains an insecure over-the-air system, which is powered by the Ragentek firmware.
The weak security and lack of SSL support enables the attackers to play as a man-in-the-middle and communicate on behalf of the attacker with the OTA server.
There are security concerns with majority of the applications we use nowadays but Anubis researchers say that the issue is much more grave.
The researchers, on top of their findings found another issue. The company’s algorithm, working with two additional algorithms, also includes a code which hides its presence from the Android operating system.
The binaries will hide the updates coming to the phone from the developer, thus raising no alarms. The researchers narrowed it down to lack of SLL protection which is the main concern.
Three OTA server domains were identified by the researchers, only one belonging to the Anubis researchers. The researchers then proceeded to register the other two domains, which allowed them to communicate with all the devices running Ragentek firm.
Using the above methods, the researchers gathered information and statistics.
The researchers said that this ought to bring about a massive change in the market as people who are security conscious will move away from brands responsible for exposing their personal information.
BLU was identified as the only brand which was most affected when Kryptowire released their research earlier this week.
The “Others” category was not identified by the researches.
Compared to the ADUPS backdoor, Ragnetek do not collect the information nor do they store or forward the information. However, violating privacy is a punishable crime and should be dealt accordingly. The jury is still out as to how to proceed with the matter at hand.
