Malware: BSI warns against certain smartphones and tablets

Schadsoftware: BSI warnt vor gewissen Smartphones und Tablets

When buying smartphones and tablets, shoppers not only have to be confident that the software is up-to-date, but also that they are not factory-shipped with malware. This is exactly where the BSI now warns against three products from Krüger & Matz, Ulefone and Blackview.

Great danger potential

Specifically, it is about a tablet and two smartphones, in which the Federal Office for Information Security (BSI) calls for caution: the tablet Eagle 804 Kruger & Matz, the smartphone S8 Pro by Ulefone and the smartphone A10 from Blackview. The BSI advises in a recent communication on the use of the three devices and classifies the danger situation as high.

Software transfers data to server

The reason for this is that with the Eagle 804 the pre-installed Android 6 Marshmallow in the delivery state via a malware with a known Command & Control server contacts. For smartphones Ulefone S8 Pro (firmware version F9G62C.GQU.Ulefone.HB.H.SSXSJS5MHMYP1HK.042) and Blackview A10 (firmware version V3EG62A.JKE.HB.H.P3.0711.V3.05_20180711-1021) purchased via Amazon in trial purchases. Although no malicious software was detected in the used Android 7 Nougat, the manufacturers only offer a firmware with a lower version number for download on their website, which carries the malware with it. The BSI therefore assumes that devices with the infected firmware are still delivered or in circulation.

Reloading of pests possible

Among other things, the BSI refers to the analyzes of the British security software developer Sophos, who reported irregularities in the Ulefone S8 Pro software in October. A malware known as “Andr / Xgen2-CY” will be used, which transmits an abundance of data from the device to the C & C server on an ad hoc basis. According to the experts, this should also have a reload function, which can bring more pests to the smartphone. The danger is also considered high, as the pests can not be easily removed due to the deep implementation in the firmware.

High number of connections to external server

The federal authority also has so-called sinkhole data, which have more than 20,000 connections from different IP addresses in Germany with said server per day. The Authority therefore assumes that these infected devices are not infrequently distributed.

Once again, this case shows quite clearly that the price must not be the sole criterion for a purchase decision. Otherwise, users may pay significantly with their data or fraudulent activity.“, Says BSI President Arne Schönbohm on the findings. But even if customers have received a device without pests, these should not weigh too much in security – there is still the risk that the manufacturer brings new pests with firmware updates on the smartphone or tablet.

Amazon takes products from the assortment

After the notification by the Federal Office, Amazon has removed the three mentioned devices from the assortment. A sample on the part of ComputerBase has shown that the corresponding links on Google still exist, but run into the void. On other sales portals like GearBest, at least the Ulefone S8 Pro is still available.

In addition, meanwhile, German network operators were informed via CERT-Bund reports about infected devices in their networks and asked to provide affected customers with information about the malware infestation.

Leave a Reply

Your email address will not be published. Required fields are marked *

Update: Nokia 3.1 Plus erhält Android 9 Pie

Update: Nokia 3.1 Plus receives Android 9 Pie [Notiz]

Galaxy M10 und M20: Samsung-Smartphones mit bis zu 5.000 mAh ab 100 Euro

Galaxy M10 and M20: Samsung smartphones with up to 5,000 mAh from 100 euros (Update)