When buying smartphones and tablets, shoppers not only have to be confident that the software is up-to-date, but also that they are not factory-shipped with malware. This is exactly where the BSI now warns against three products from Krüger & Matz, Ulefone and Blackview.
Great danger potential
Specifically, it is about a tablet and two smartphones, in which the Federal Office for Information Security (BSI) calls for caution: the tablet Eagle 804 Kruger & Matz, the smartphone S8 Pro by Ulefone and the smartphone A10 from Blackview. The BSI advises in a recent communication on the use of the three devices and classifies the danger situation as high.
Software transfers data to server
The reason for this is that with the Eagle 804 the pre-installed Android 6 Marshmallow in the delivery state via a malware with a known Command & Control server contacts. For smartphones Ulefone S8 Pro (firmware version F9G62C.GQU.Ulefone.HB.H.SSXSJS5MHMYP1HK.042) and Blackview A10 (firmware version V3EG62A.JKE.HB.H.P3.0711.V3.05_20180711-1021) purchased via Amazon in trial purchases. Although no malicious software was detected in the used Android 7 Nougat, the manufacturers only offer a firmware with a lower version number for download on their website, which carries the malware with it. The BSI therefore assumes that devices with the infected firmware are still delivered or in circulation.
Reloading of pests possible
Among other things, the BSI refers to the analyzes of the British security software developer Sophos, who reported irregularities in the Ulefone S8 Pro software in October. A malware known as “Andr / Xgen2-CY” will be used, which transmits an abundance of data from the device to the C & C server on an ad hoc basis. According to the experts, this should also have a reload function, which can bring more pests to the smartphone. The danger is also considered high, as the pests can not be easily removed due to the deep implementation in the firmware.
High number of connections to external server
The federal authority also has so-called sinkhole data, which have more than 20,000 connections from different IP addresses in Germany with said server per day. The Authority therefore assumes that these infected devices are not infrequently distributed.
“Once again, this case shows quite clearly that the price must not be the sole criterion for a purchase decision. Otherwise, users may pay significantly with their data or fraudulent activity.“, Says BSI President Arne Schönbohm on the findings. But even if customers have received a device without pests, these should not weigh too much in security – there is still the risk that the manufacturer brings new pests with firmware updates on the smartphone or tablet.
Amazon takes products from the assortment
After the notification by the Federal Office, Amazon has removed the three mentioned devices from the assortment. A sample on the part of ComputerBase has shown that the corresponding links on Google still exist, but run into the void. On other sales portals like GearBest, at least the Ulefone S8 Pro is still available.
In addition, meanwhile, German network operators were informed via CERT-Bund reports about infected devices in their networks and asked to provide affected customers with information about the malware infestation.