ADUPS Android Malware Infects Barnes & Noble
ADUPS is an Android "firmware provisioning" company based out of Shanghai, China. The software specializes both in Big Data collection of Android usage, and hostile app installation and/or firmware control. Google has blacklisted the ADUPS agent in its Android Compatibility Test Suite (CTS).
ADUPS recently compromised many BLU-phone models and was found to be directly transmitting call logs, SMS, contacts, location info, nd more from handsets within the US to Chinese servers using DES (weak) encryption.
The latest tablet from Barnes & Noble, the newly-released $49 BNTV450, has been found to include ADUPS. In the aftermath of the BLU data theft, ADUPS hostile data collection and control over Android may (or may not) be temporarily quelled, but harmful capability remains with the ADUPS agent. Devices running ADUPS should be considered under malicious control, and they should not be used with sensitive data of any kind.
The extent of the ADUPS BLU data theft was discovered and documented by Kryptowire, who learned that the ADUPS agent was capable of:
Call Log Transmission
Call Contact Information Transmission
Location Collection and Transmission
Remote User Application Update
Remote User Application Install
Transmit List of Installed Applications
Transmit order of application execution
Programmatic Firmware Update
Remote Execution and Privilege Escalation (without user notification or request)
IP Address (Transmission)
Name (*for contacts)
Significant subsets of this capability were exercised on individuals within the Unitied States, which was escalated to the Department of Homeland Security. A class action lawsuit investigation was launched against BLU by The Rosen Law Firm of New York, which is collecting class members and information for a damages assessment.
Charles Fisher has an electrical engineering degree from the University of Iowa and works as a systems and database administrator for a Fortune 500 mining and manufacturing corporation.
- FinTech and SAP HANA
- Chemistry on the Desktop
- Five HPC Cost Considerations to Maximize ROI
- Preseeding Full Disk Encryption
- Two Ways GDPR Will Change Your Data Storage Solution
- Hodge Podge
- William Rothwell and Nick Garner's Certified Ethical Hacker Complete Video Course (Pearson IT Certification)
- Two Factors Are Better Than One
- Returning Values from Bash Functions
- GRUB Boot from ISO