Pre-installed Backdoor Found In Coolpad Chinese Smartphones

A recent report from Palo Alto Networks revealed that the Chinese smartphones made by Coolpad on sale in US and Britain have a pre-installed backdoor that lets hackers to steal user's data.

Coolpad Group Limited is a Chinese telecommunications equipment company headquartered in Shenzhen. It is the 3rd largest smartphone company in China and sixth-largest worldwide. Coolpad was originally the smartphone brand of Yulong Computer Telecommunication Scientific (Shenzhen) Co., itself a subsidiary of China Wireless Technologies Limited. China Wireless was officially renamed "Coolpad Group Limited" at the end of 2013.

How Many Devices Are Affected ?

Security researcher Claud Xiao and Ryan Olson from Palo Alto Networks have discovered that the backdoor contains in at least 24 models made by Coolpad. The backdoor allows hackers or Coolpad itself to download, install, or activate any Android application without user consent or notification.

Security researchers dubbed the backdoor as CoolReaper after they realized the capability of this pre-installed backdoor.

It can perform the following activities:
  • Clear user data, uninstall existing applications, or disable system applications.
  • Notify users of a fake Over-the-air (OTA) update that doesn’t update the device, but installs unwanted applications. 
  • Send or insert arbitrary SMS or MMS messages into the phone.
  • Dial arbitrary phone numbers.
  • Upload information about device, its location, application usage, calling and SMS history to a Coolpad server.

The researchers said, "Coolpad customers in China have reported installation of unwanted applications and push-notification advertisements coming from the backdoor. Complaints about this behavior have been ignored by Coolpad or deleted. "

According to the recent report, "Coolpad has also modified the Android OS contained in many of their ROMs. The modifications are specifically tailored to hide CoolReaper components from the user and from other applications operating on the device. These make the backdoor much more difficult for antivirus programs to detect."

The samples of backdoor were identified as “Generic”or “Agent” families, which indicates the vendors have no specific knowledge of the malware. Some vendors identified one of the samples as “Trojan.Android.Andup.a”, which is inaccurate.

Another dangerous fact is, the backdoor itself have some vulnerabilities that allows any hackers to steal or control user's private data.

The known impact of CoolReaper thus far is limited to China and Taiwan, but Coolpad’s position in the market and global expansion plans mean this backdoor presents a threat to Android users all over the world.

No comments

Powered by Blogger.