We thought about this before but really, it’s hard to believe that China is trying to control the world. Okay, that may be an over-generalization but the fact that some Chinese company has access to hundreds of millions of phones all over the world is scary. You see, a secret backdoor was recently discovered on mobile devices coming from China. Both expensive and affordable Chinese-made phones have been discovered by Kryptowire to have pre-installed software that tracks and monitors the activities of the users.

That sounds scary but sadly, some security contractors have confirmed it’s happening. The idea is that your phone sends all text messages to China after a specific period of time. It’s not yet clear if it’s part of data mining for marketing or if it’s really the Chinese government trying to collect information.

The secret backdoor is said to be developed by Chinese programmers from the Shanghai Adups Technology Company. Majority of the victims were those owners of prepaid devices and international customers. There is no mention how many phones exactly were affected but we’re estimating hundreds of millions–700 million according to the group who coded the software.

One of the more honest OEMs who shared the bad news is BLU Products who said that about 120,000 of their phones were affected. That’s one challenging news you don’t want to hear but it has happened already. As a quick solution, BLU Products is offering a new software to eliminate the said problem.

How does the Adups software work? It basically sends full contents like location, contacts, SMS, or call logs to a server located in China. This is one vulnerability you don’t want to know about but sadly, it’s for real.

As for Adups, the company is saying that they made a mistake. They’re seen to have designed the software intentionally for the benefit of a Chinese phone maker to help monitor behaviors of the users. BLU Products is just one but Adups is also said to provide sofware to other Chinese OEM like Huawei and ZTE. It’s not clear if the two are also sending activities of the users to China.

Believe it or not, BLU Products wasn’t aware of the issue. But now, it’s releasing a fix to prevent leakage and more compromises. The case is now with the Department of Homeland Security for investigation.

Meanwhile, Blu Products has released a statement regarding the issue:

Security Concern BLU Products has identified and has quickly removed a recent security issue caused by a 3rd party application which had been collecting unauthorized personal data in the form of text messages, call logs, and contacts from customers using a limited number of BLU mobile devices. Our customer’s privacy and security are of the upmost importance and priority. The affected application has since been self-updated and the functionality verified to be no longer collecting or sending this information. If you have any concerns or questions in regards to your BLU Smartphone, feel free to contact us directly at www.bluproducts.com/service, call us at 1-877-602-8762, or email us at service@bluproducts.com.

Some of the affected smartphones include the following: Advance 4.0 L2, R1 HD, Energy X Plus 2, Studio Touch, Neo XL, and Energy Diamond. If you own any phone from BLU, check and verify if device is affected or not.

[UPDATE] Huawei reached out to us with an official statement: “Huawei takes our customers’ privacy and security very seriously, and we work diligently to safeguard that privacy and security. The company mentioned in this report is not on our list of approved suppliers, and we have never conducted any form of business with them.”

VIA: NYT

SOURCE: Blu Products