Tag Archive for: pushbutton

Malware found preinstalled In push-button phones sold In Russia

/in


Credit: ValdikSS

Malicious code was identified in the firmware of four low-cost push-button phones sold through Russian internet stores, according to a security researcher.

Push-button phones such the DEXP SD2810, Itel it2160, Irbis SF63, and F+ Flip 3 were captured subscribing users to premium SMS services and intercepting incoming SMS messages to avoid detection, according to a report published this week by a Russian security researcher named ValdikSS.

Even if the phones didn’t have an internet browser, the devices discreetly notified a remote internet server when they were activated for the first time, according to ValdikSS, who set up a local 2G base station to intercept the phones’ connections.

ValdikSS says he put five ancient phones he acquired online to the test. A fifth phone, the Inoi 101, was also put to the test, but none of the devices were found to be malicious.

Credit : therecord.media

All of the distant servers that received this activity, according to ValdikSS, were located in China, where all of the devices were also made before being re-sold on Russian internet retailers as low-cost substitutes to more popular push-button phone options, such as Nokia’s.

Although the malicious code was discovered in the phone’s firmware, the researcher couldn’t say if it was installed by the manufacturer or by third parties that supplied the firmware or handled the phones during distribution.

Backdoors, mobile phone supply chains, and malware

While audacious, such events are no longer uncommon, and identical cases have been identified on multiple occasions in the last five years.

  • November 2016 – According to reports from Kryptowire and Anubis Networks, two Chinese businesses that made firmware components for major Chinese phone manufacturers discreetly embedded a backdoor-like functionality in their code.
  • December 2016–  Dr.Web discovered malware in the firmware of 26 different Android smartphone models.
  • July 2017  – Dr.Web discovered Triada banking trojan versions buried in the firmware of a number of Android cellphones.
  • March 2018 – The identical Triada malware was discovered in the firmware of 42 different Android smartphone models by Dr.Web.
  • May 2018 –…

Source…

‘Nasty stuff’: Research into Russian push-button cellphones uncovers legion of privacy and security issues

/in


Itel, DEXP, Irbis, and F+ mobile devices put under the microscope

Researchers discover numerous security and privacy issues after analysing Russian cellphones

Many push-button phones on sale in Russia contain backdoors or trojans, a security researcher claims.

According to Russian researcher ‘ValdikSS’, some cellphones are automatically sending SMS messages or transmitting online the fact that the device has been purchased and used, among other issues.

Get the message

As outlined in a technical blog post (Russian language), some models were found to contain a built-in trojan that sends paid SMS messages to short numbers, transmitting text that is downloaded from the server. Others were said to have a backdoor that forwards incoming SMS messages to an unknown server.

ValdikSS says he discovered the issue while considering swapping the USB modems he used to receive SMS messages for phones, as these were cheaper and are capable of taking up to four SIM cards each.

“The research begun due to unexpected behavior of the phone – it sent SMS by itself,” he tells The Daily Swig.

Russian push-button phonesOf the five Russian push-button phones tested, only one was said to be ‘clean’

He then tested a number of push-button models, including the Inoi 101, DEXP SD2810, Itel it2160, Irbis SF63, and F+ Flip 3.

And, he found, some of the phones were not only transmitting IMEI and IMSI numbers for the purposes of tracking sales, but also contained a trojan that sends SMS messages to paid short numbers, after downloading the text and number from a server via the internet.

Finally, a backdoor was found that intercepts incoming SMS messages and forwards them to the server, potentially allowing an attacker to use the phone’s number to register for services that require confirmation via SMS.

Read more of the latest mobile security news

“I was very confused when [a] DEXP SD2160 phone tried to send premium SMS to the number and with the body loaded from its server on the internet,” he says.

“The device, initially manufactured in 2019, was being sold by one of the largest electronic stores in June 2021, with lots of negative reviews in the same store’s website, and they didn’t recall it from sales.

“I’ve watched it to do all the nasty stuff in real time on my GSM…

Source…