ADUPS Android Malware Infects Barnes & Noble
ADUPS is an Android "firmware provisioning" company based out of Shanghai, China. The software specializes both in Big Data collection of Android usage, and hostile app installation and/or firmware control. Google has blacklisted the ADUPS agent in its Android Compatibility Test Suite (CTS).
ADUPS recently compromised many BLU-phone models and was found to be directly transmitting call logs, SMS, contacts, location info, nd more from handsets within the US to Chinese servers using DES (weak) encryption.
The latest tablet from Barnes & Noble, the newly-released $49 BNTV450, has been found to include ADUPS. In the aftermath of the BLU data theft, ADUPS hostile data collection and control over Android may (or may not) be temporarily quelled, but harmful capability remains with the ADUPS agent. Devices running ADUPS should be considered under malicious control, and they should not be used with sensitive data of any kind.
The extent of the ADUPS BLU data theft was discovered and documented by Kryptowire, who learned that the ADUPS agent was capable of:
Call Log Transmission
Call Contact Information Transmission
Location Collection and Transmission
Remote User Application Update
Remote User Application Install
Transmit List of Installed Applications
Transmit order of application execution
Programmatic Firmware Update
Remote Execution and Privilege Escalation (without user notification or request)
IP Address (Transmission)
Name (*for contacts)
Significant subsets of this capability were exercised on individuals within the Unitied States, which was escalated to the Department of Homeland Security. A class action lawsuit investigation was launched against BLU by The Rosen Law Firm of New York, which is collecting class members and information for a damages assessment.
Charles Fisher has an electrical engineering degree from the University of Iowa and works as a systems and database administrator for a Fortune 500 mining and manufacturing corporation.
- VMware's Clarity Design System
- Let's Go to Mars with Martian Lander
- On Your Marks, Get Set...Gutsy Gibbon!
- Applied Expert Systems, Inc.'s CleverView for TCP/IP on Linux
- Papa's Got a Brand New NAS
- My Childhood in a Cigar Box
- Rogue Wave Software's TotalView for HPC and CodeDynamics
- Panther MPC, Inc.'s Panther Alpha
- Simplenote, Simply Awesome!
- Jetico's BestCrypt Container Encryption for Linux