Kryptowire, a mobile security services for government agencies and private businesses based in Virginia, recently discovered that Chinese-made smartphones popular in the United States had a security breach. It forwarded detailed user data and even text messages to a Chinese server discreetly.
The Virginia-based company stated that they discovered the problem in a number of Android-based phones using firmware from the Chinese company Shanghai ADUPS Technology. It includes the popular models from US manufacturer BLU products.
According to Kryptowire, the firmware periodically transmitted personal information that includes the type of device, the numbers called and received, contact list and text messages. Firmware is a software pre-installed and deeply embedded in smart phones. The purpose for collecting the said data was still unclear.
Aside from the information collected, the firmware could also give remote commands and reprogram smartphones. It could target specific users and text messages matching remotely defined keywords.
The report caused worries from users that their personal data can be used for commercial purposes, especially espionage.
Shanghai ADUPS stated that the firmware was only designed to help screen out junk text and calls. The company claims it has since been disabled after objections from BLU.