BLU is one of the brands that became very popular in America for its devices with attractive technical specifications at a good price. Similarly, lesser known brands such as Doogee, Leagoo or Infinix. In this blog we have even highlighted several very attractive Android BLU mobile phones that were launched a long time ago. Unfortunately, the attractive cost of those devices comes at a low price, and I’m specifically referring to the Android software on those mobiles, which is the most neglected part. It comes with security and privacy issues, some serious.
For example, a while ago it was detected that in the Android software of 2.8 million devices of not very popular brands such as BLU, Doogee, Leagoo, Xolo, Infinix and OTHERS, a system of rootkit and backdoor, which could allow an attacker to take full control of the computer, bypassing its security.
Bitsight, the firm that discovered this problem, counted 55 affected models of equipment, most of the BLU brand (this is not the first time you hear whispers of a similar problem from this brand). Of those millions of devices, almost the fraction were computers from an unknown manufacturer, probably using completely generic Android software or Chinese, and whose large number of users were in the United States, with connections from vitality entities, government and banks.
Chinese firmware, whose software upgrade URLs fell into the hands of third parties.
Technically, the insecurity mentioned was in the software or software that controls the electronic components of these devices, known as “firmware”. On the grounds of being a generic Android readout or developed by these companies, it was one provided by a Chinese signal company Ragentek Group.
In this firmware some web addresses were registered to which the devices were automatically connected in search of software. Obviously this was a Ragentek setup and at that time these addresses had to be owned by this company. The surprising thing is that during this investigation they were no longer, probably because they had not been renewed. The security company BitSight Technologies took advantage of this situation and acquired ownership of those web domains for research purposes. In this way, basically took control of all devices that connected to those addresses. From there, BitSight could (if it wanted to) install any application on the devices, such as keyloggers or malware, to have full privileges on Android system, without the heir knowing. The software on these computers did not verify the digital signature or authenticity of an application that was installed. And everything installed was stored in the / data / system directory, which is where the applications that they can do anything on the device.
Software that did not encrypt data
To make matters worse, the software on these devices did not encrypt sent and received data. This meant that the heir’s data could be exposed to a third party who could intercept the communication. The decision for the users of these devices was to always use a VPN application when connecting to a WiFi network or a known waypoint.
How do I know if my cell phone is affected?
According to Bitsight, after making its finding known, BLU released a patch to correct this configuration of its devices. If you want to be sure, to check if a device is affected by that Chinese firmware and is connecting to the aforementioned URLs, you should observe its network traffic with an application like OS Preceptor, suitable for free. on Google Play. Specifically, you need to see if there are outgoing connections to the following addresses:
So you shouldn’t buy these mobile phones?
Unfortunately, the failure of a good Android system, let’s say safe and reliable, is a problem for most or perhaps all small or growing brands, as software expansion is expensive and difficult for these companies to take care of. Sometimes this is not even traded, because even the Chinese Hercules Xiaomi intentionally does the same on its devices (although it is not of the severity mentioned here, it is to affirm, to the point that third parties can take control of the applications that are install). on your mobile). If you are going to buy a cell phone from these brands or you have no other option because its price is better, you should bear in mind that the software of these devices is weaker or more relaxed than that of stronger brands, starting with the iPhone. Google Pixel or Samsung. It is the price that you must pay to achieve a more creamy cell phone and you have little to worry about if you move cash through the cell phone, have accounts or sensitive information stored.
Can a NEW cell phone come with a virus?
Viruses that are not eliminated even by “formatting” the cell phone.
How to remove viruses from your Android device